{"slug": "immunity-agent-runtime-security-for-ai-agents-blocks-prompt-injection-malicious", "title": "immunity-agent: runtime security for AI agents — blocks prompt injection, malicious packages, and secret exfiltration across 55+ coding tools", "summary": "PrismorSec released immunity-agent, an open-source runtime security tool that intercepts AI agent actions before they reach the operating system. It blocks prompt injection, malicious packages, and secret exfiltration across 55+ coding tools using 50+ detection rules across 16 threat categories, with a hybrid heuristic and LLM escalation pipeline.", "body_md": "immunity-agent intercepts every AI agent action before it reaches your OS, blocking prompt injection, malicious packages, and secret exfiltration across 55+ coding tools.\n\n**Repo:** [https://github.com/PrismorSec/immunity-agent](https://github.com/PrismorSec/immunity-agent)\n\nAI agents need secrets to work: API keys, credentials, env vars. But once those enter model context, you lose control of where they go. Agents also install packages, run shell commands, and browse the web autonomously. Any of those steps can be hijacked.\n\nimmunity-agent sits between the agent and your OS via a PreToolUse hook. Every action is evaluated against 50+ detection rules across 16 threat categories before execution.\n\n50+ YAML rules across 16 categories:\n\n**Secrets**: intercepts credentials before they enter tool context (Warden Cloak)** PII detection**: blocks exfiltration of personal data in tool calls** Cloud IMDS recon**: catches metadata service probing (AWS/GCP/Azure)** Model manipulation**: detects jailbreak and system-prompt override attempts** Network egress controls**: prevents unauthorized outbound connections\n\nWraps `pip install`\n\n, `npm install`\n\n, `cargo add`\n\n, and more:\n\n```\n# immunity-agent intercepts and scores before any package is written to disk\npip install some-package\n# scored against OSV.dev; if blocked, suggests the nearest clean version\n```\n\n- OSV.dev backend (version-aware, eliminates CVE keyword collisions vs NVD)\n- Safe-version recommender on block: not just \"no\", but \"use\n`foo==2.3.1`\n\ninstead\"\n\nHybrid heuristic + LLM escalation pipeline. 30% more recall than pattern matching alone. Catches injections embedded in tool responses, web content, and file reads before they redirect the agent.\n\nAST-level audit of MCP tools before execution:\n\n- Homoglyph detection (e.g.,\n`pаypal`\n\nwith Cyrillic`а`\n\n) - Invisible Unicode payload detection\n- Pre-execution trust scoring for third-party MCP servers\n\nSelf-hosted session visualization with three sections: Agent Activity, Supply Chain, Sessions. KPI cards and advisory pills on every blocked event. No data leaves your machine.\n\n```\npip install immunity-agent\n\n# Start with your agent tool\nimmunity start --agent claude-code\n\n# Multi-agent workspaces\nimmunity start --agent all\n\n# Check status\nimmunity status\n\n# Supply chain scan (existing lockfiles)\nimmunity supplychain scan\n```\n\nNo config required to start. `SKILL.md`\n\ndecision tree enables agent-native activation when placed in the project root.\n\n- 175 GitHub stars, 16 forks\n- 55+ agent integrations (Claude Code, Cursor, Copilot, Aider, and more)\n- 0.8 ms/tool-call overhead\n- 50+ detection rules, 16 threat categories\n\n`ai-security`\n\n`agent-security`\n\n`prompt-injection`\n\n`supply-chain-security`\n\n`mcp`\n\n`claude-code`\n\n`runtime-security`\n\n`llm-security`\n\n`devsecops`\n\n`open-source`", "url": "https://wpnews.pro/news/immunity-agent-runtime-security-for-ai-agents-blocks-prompt-injection-malicious", "canonical_source": "https://gist.github.com/solar-flare99/61488d5c5942e8352bdf90019e28962f", "published_at": "2026-06-24 17:53:02+00:00", "updated_at": "2026-06-24 18:08:47.257951+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "developer-tools"], "entities": ["PrismorSec", "immunity-agent", "Claude Code", "Cursor", "Copilot", "Aider", "OSV.dev", "MCP"], "alternates": {"html": "https://wpnews.pro/news/immunity-agent-runtime-security-for-ai-agents-blocks-prompt-injection-malicious", "markdown": "https://wpnews.pro/news/immunity-agent-runtime-security-for-ai-agents-blocks-prompt-injection-malicious.md", "text": "https://wpnews.pro/news/immunity-agent-runtime-security-for-ai-agents-blocks-prompt-injection-malicious.txt", "jsonld": "https://wpnews.pro/news/immunity-agent-runtime-security-for-ai-agents-blocks-prompt-injection-malicious.jsonld"}}