cd /news/ai-agents/immunity-agent-runtime-security-for-… · home topics ai-agents article
[ARTICLE · art-38184] src=gist.github.com ↗ pub= topic=ai-agents verified=true sentiment=↑ positive

immunity-agent: runtime security for AI agents — blocks prompt injection, malicious packages, and secret exfiltration across 55+ coding tools

PrismorSec released immunity-agent, an open-source runtime security tool that intercepts AI agent actions before they reach the operating system. It blocks prompt injection, malicious packages, and secret exfiltration across 55+ coding tools using 50+ detection rules across 16 threat categories, with a hybrid heuristic and LLM escalation pipeline.

read2 min views1 publishedJun 24, 2026

immunity-agent intercepts every AI agent action before it reaches your OS, blocking prompt injection, malicious packages, and secret exfiltration across 55+ coding tools.

Repo: https://github.com/PrismorSec/immunity-agent

AI agents need secrets to work: API keys, credentials, env vars. But once those enter model context, you lose control of where they go. Agents also install packages, run shell commands, and browse the web autonomously. Any of those steps can be hijacked.

immunity-agent sits between the agent and your OS via a PreToolUse hook. Every action is evaluated against 50+ detection rules across 16 threat categories before execution.

50+ YAML rules across 16 categories:

Secrets: intercepts credentials before they enter tool context (Warden Cloak)** PII detection**: blocks exfiltration of personal data in tool calls** Cloud IMDS recon**: catches metadata service probing (AWS/GCP/Azure)** Model manipulation**: detects jailbreak and system-prompt override attempts** Network egress controls**: prevents unauthorized outbound connections

Wraps pip install

, npm install

, cargo add

, and more:

pip install some-package
  • OSV.dev backend (version-aware, eliminates CVE keyword collisions vs NVD)
  • Safe-version recommender on block: not just "no", but "use foo==2.3.1

instead"

Hybrid heuristic + LLM escalation pipeline. 30% more recall than pattern matching alone. Catches injections embedded in tool responses, web content, and file reads before they redirect the agent.

AST-level audit of MCP tools before execution:

  • Homoglyph detection (e.g., pаypal

with Cyrillicа

) - Invisible Unicode payload detection

  • Pre-execution trust scoring for third-party MCP servers

Self-hosted session visualization with three sections: Agent Activity, Supply Chain, Sessions. KPI cards and advisory pills on every blocked event. No data leaves your machine.

pip install immunity-agent

immunity start --agent claude-code

immunity start --agent all

immunity status

immunity supplychain scan

No config required to start. SKILL.md

decision tree enables agent-native activation when placed in the project root.

  • 175 GitHub stars, 16 forks
  • 55+ agent integrations (Claude Code, Cursor, Copilot, Aider, and more)
  • 0.8 ms/tool-call overhead
  • 50+ detection rules, 16 threat categories

ai-security

agent-security

prompt-injection

supply-chain-security

mcp

claude-code

runtime-security

llm-security

devsecops

open-source

source & further reading
gist.github.com — original article NVIDIA GenAI LLM Certification Lab yt2mp3.gs scrape by claidex ( alfidev ) GitHub Stars
── more in #ai-agents 4 stories · sorted by recency
── more on @prismorsec 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/immunity-agent-runti…] indexed:0 read:2min 2026-06-24 ·