immunity-agent: runtime security for AI agents — blocks prompt injection, malicious packages, and secret exfiltration across 55+ coding tools

PrismorSec released immunity-agent, an open-source runtime security tool that intercepts AI agent actions before they reach the operating system. It blocks prompt injection, malicious packages, and secret exfiltration across 55+ coding tools using 50+ detection rules across 16 threat categories, with a hybrid heuristic and LLM escalation pipeline.

immunity-agent intercepts every AI agent action before it reaches your OS, blocking prompt injection, malicious packages, and secret exfiltration across 55+ coding tools. Repo: https://github.com/PrismorSec/immunity-agent https://github.com/PrismorSec/immunity-agent AI agents need secrets to work: API keys, credentials, env vars. But once those enter model context, you lose control of where they go. Agents also install packages, run shell commands, and browse the web autonomously. Any of those steps can be hijacked. immunity-agent sits between the agent and your OS via a PreToolUse hook. Every action is evaluated against 50+ detection rules across 16 threat categories before execution. 50+ YAML rules across 16 categories: Secrets : intercepts credentials before they enter tool context Warden Cloak PII detection : blocks exfiltration of personal data in tool calls Cloud IMDS recon : catches metadata service probing AWS/GCP/Azure Model manipulation : detects jailbreak and system-prompt override attempts Network egress controls : prevents unauthorized outbound connections Wraps pip install , npm install , cargo add , and more: immunity-agent intercepts and scores before any package is written to disk pip install some-package scored against OSV.dev; if blocked, suggests the nearest clean version - OSV.dev backend version-aware, eliminates CVE keyword collisions vs NVD - Safe-version recommender on block: not just "no", but "use foo==2.3.1 instead" Hybrid heuristic + LLM escalation pipeline. 30% more recall than pattern matching alone. Catches injections embedded in tool responses, web content, and file reads before they redirect the agent. AST-level audit of MCP tools before execution: - Homoglyph detection e.g., pаypal with Cyrillic а - Invisible Unicode payload detection - Pre-execution trust scoring for third-party MCP servers Self-hosted session visualization with three sections: Agent Activity, Supply Chain, Sessions. KPI cards and advisory pills on every blocked event. No data leaves your machine. pip install immunity-agent Start with your agent tool immunity start --agent claude-code Multi-agent workspaces immunity start --agent all Check status immunity status Supply chain scan existing lockfiles immunity supplychain scan No config required to start. SKILL.md decision tree enables agent-native activation when placed in the project root. - 175 GitHub stars, 16 forks - 55+ agent integrations Claude Code, Cursor, Copilot, Aider, and more - 0.8 ms/tool-call overhead - 50+ detection rules, 16 threat categories ai-security agent-security prompt-injection supply-chain-security mcp claude-code runtime-security llm-security devsecops open-source