# immunity-agent: runtime security for AI agents — blocks prompt injection, malicious packages, and secret exfiltration across 55+ coding tools > Source: > Published: 2026-06-24 17:53:02+00:00 immunity-agent intercepts every AI agent action before it reaches your OS, blocking prompt injection, malicious packages, and secret exfiltration across 55+ coding tools. **Repo:** [https://github.com/PrismorSec/immunity-agent](https://github.com/PrismorSec/immunity-agent) AI agents need secrets to work: API keys, credentials, env vars. But once those enter model context, you lose control of where they go. Agents also install packages, run shell commands, and browse the web autonomously. Any of those steps can be hijacked. immunity-agent sits between the agent and your OS via a PreToolUse hook. Every action is evaluated against 50+ detection rules across 16 threat categories before execution. 50+ YAML rules across 16 categories: **Secrets**: intercepts credentials before they enter tool context (Warden Cloak)** PII detection**: blocks exfiltration of personal data in tool calls** Cloud IMDS recon**: catches metadata service probing (AWS/GCP/Azure)** Model manipulation**: detects jailbreak and system-prompt override attempts** Network egress controls**: prevents unauthorized outbound connections Wraps `pip install` , `npm install` , `cargo add` , and more: ``` # immunity-agent intercepts and scores before any package is written to disk pip install some-package # scored against OSV.dev; if blocked, suggests the nearest clean version ``` - OSV.dev backend (version-aware, eliminates CVE keyword collisions vs NVD) - Safe-version recommender on block: not just "no", but "use `foo==2.3.1` instead" Hybrid heuristic + LLM escalation pipeline. 30% more recall than pattern matching alone. Catches injections embedded in tool responses, web content, and file reads before they redirect the agent. AST-level audit of MCP tools before execution: - Homoglyph detection (e.g., `pаypal` with Cyrillic`а` ) - Invisible Unicode payload detection - Pre-execution trust scoring for third-party MCP servers Self-hosted session visualization with three sections: Agent Activity, Supply Chain, Sessions. KPI cards and advisory pills on every blocked event. No data leaves your machine. ``` pip install immunity-agent # Start with your agent tool immunity start --agent claude-code # Multi-agent workspaces immunity start --agent all # Check status immunity status # Supply chain scan (existing lockfiles) immunity supplychain scan ``` No config required to start. `SKILL.md` decision tree enables agent-native activation when placed in the project root. - 175 GitHub stars, 16 forks - 55+ agent integrations (Claude Code, Cursor, Copilot, Aider, and more) - 0.8 ms/tool-call overhead - 50+ detection rules, 16 threat categories `ai-security` `agent-security` `prompt-injection` `supply-chain-security` `mcp` `claude-code` `runtime-security` `llm-security` `devsecops` `open-source`