Runtime cybersecurity for AI agents

Your AI agents.
Under protection.

WatchMyAgents is a runtime security infrastructure for autonomous AI agents. Three layers — Watch, Guardian AI and Shield — connected by a live feedback loop that turns observability into adaptive enforcement, agent by agent.

Ready to protect your IT FORTRESS ?

Request accessSee the loop →
3-layer
Watch · Guardian · Shield
0-trust
Per-agent policies
SIEM
Native exports
WatchMyAgents sentinel knight mascot
// The problem

AI agents are the new attack surface.

LLM + tools + actions introduce risks classic security stacks were never designed to see.

01

Data leaks

Prompt injection, exfiltration via tools, verbose logs leaking secrets and PII.

02

Bad operational practices

Plaintext secrets, excessive permissions, no traceability across runs.

03

Behavioral drift

Loops, action escalation, abnormal cost spikes, out-of-scope actions.

04

Compromise & corruption

Hijacked tools, malicious instructions, agents taken hostage.

Our technology · WGS methodology

Recursive Fractal Security Loop™

Watch. Guardian. Shield. A self-reinforcing loop where every observation feeds smarter analysis, every analysis feeds stronger policies, and every policy sharpens the next observation — on each agent, then on whole teams of agents.

Inspired by the ISO 27 001 norm
Watch
Layer 01

Watch

Instruments and collects every agent execution trace — building a reliable timeline of what each agent tried and what it actually did.

  • Model calls, tool calls, data access, sensitive actions
  • Real-time alerts: Info → Warning → High → Critical
  • Triage context for every signal, per agent & per env
// live stream
[INFO] agent.support → tool.crm.read OK
[WARN] agent.finance → scope=admin (unusual)
[CRIT] agent.ops → suspected exfiltration
Guardian AI
Layer 02 · Brain

Guardian AI

The intelligence layer. Normalizes Watch signals, scores risk and hygiene, governs the lifecycle of rules and proposes ready-to-validate policies for Shield.

  • Signal correlation, hygiene & risk scoring per agent
  • Auto-suggested rules with rationale & false-positive estimate
  • Governance: simulation, approval, versioning, rollback
// guardian.suggest()
trigger: export > 5MB ×3 in 2m
propose: size_limit + rate_limit
est_fp: medium · approve?
Shield
Layer 03

Shield

The enforcement engine — per-agent, per-environment policies that protect each agent from itself and from the outside world.

  • Tool allow/deny lists, parameter & domain restrictions
  • Injection / exfiltration protection, PII & secret redaction
  • Rate limits, token budgets, loop caps, auto-quarantine
// policy.shield.yaml
rule: block_export > 5MB
tools: allowlist=[crm, mailer]
approval: required if sev ≥ high
// 02 — Four fractal levels

The same loop, at every scale

The Watch → Guardian → Shield loop runs recursively — on a single agent, on a team, on a full multi-agent system, and across your whole organization.

L1
Single agent

Per-agent observation, scoring and policy enforcement.

L2
Team of agents

Cross-agent correlation inside a legion (e.g. Support, Finance).

L3
Multi-agent system

System-wide risk patterns across agents, tools and data flows.

L4
Whole organization

Org-level posture, shared policies and collective intelligence.

// 03 — The three layers in detail

One loop, three layers

Watch observes. Guardian AI thinks. Shield enforces. Each layer is built to do one thing, and to do it brilliantly.

Watch layer icon
// Layer 01 · Observation

The all-seeing eye of your fleet.

Watch instruments every agent at the SDK and tool layer. Model calls, tool calls, parameters and data access are captured, classified and turned into a triage-ready signal — without ever leaving your machine.

Full-spectrum capture

Model calls, tool calls, parameters and sensitive data access — instrumented at the SDK layer, nothing slips through.

Real-time severity triage

Every signal classified Info → Warning → High → Critical, with the context needed to act in seconds.

Tamper-evident timeline

An immutable, audit-ready record of what every agent tried and what it actually did, per agent and per environment.

Local-first runtime

Runs on your machine alongside your agents. Zero telemetry leaves your perimeter without your explicit consent.

Guardian AI icon
// Layer 02 · Brain

The reasoning core of the loop.

Guardian is the brain between Watch and Shield. It interprets signals, reasons about intent, and turns raw telemetry into precise, explainable policy decisions — at machine speed, under human authority.

Contextual reasoning

Correlates Watch signals across agents, tools and time windows to surface real threats — not noise.

Adaptive policy synthesis

Drafts new Shield policies on the fly from observed behavior, ranked by impact and false-positive risk.

Human-in-the-loop

Every suggestion is explainable, simulatable and reversible. You stay in control of what ships to prod.

Continuous learning

Feeds policy efficacy back into the loop — Guardian gets sharper with every incident across the fleet.

Shield layer icon
// Layer 03 · Enforcement

The enforcement perimeter of your agents.

Shield runs alongside your agents and applies Guardian-approved policies in real time. Tool allowlists, parameter restrictions, rate limits, PII redaction, auto-quarantine — every guardrail is enforced before damage happens.

Tool allow / deny lists

Per-agent, per-environment restrictions on tools, parameters and domains. Block dangerous calls before they fire.

Injection & exfiltration block

Stops prompt injection, secret leakage and PII exfiltration in real time, with automatic redaction on the wire.

Rate & token budgets

Hard rate limits, token caps and loop detection — runaway agents are throttled or quarantined automatically.

Approved by Guardian

Every active rule is versioned, simulated and signed off. Roll back any policy in one click without redeploying agents.

How it works

Watch and Shield run locally on your machine. Guardian runs in the cloud on anonymized data. You stay in control.

Runs on your computer
Runs in the cloud
Local
watch
Watch

Observes your agents and records a daily log.

encrypted & anonymized export
Fortress Cloud · WatchMyAgents
guardian
AI brain · always on
Guardian AI
Analyze
signals
fortress
Dashboard
report
Suggest
policies
User
agreement
Deploy
policies

Nothing is deployed without your explicit approval.

approved policies
Local
shield
Shield

Applies the approved policies on your machine.

Local — on your computer Cloud — anonymized data only
// FORTRESS · COMMAND CENTER

YOUR FORTRESS

Your AI agents. Under protection.

One command center to watch every action, score every risk, and enforce every policy — with full audit trail.

WMA Fortress castle
Guardian has 4 pending suggestions.
Review them to harden your shield.
// FORTRESS · COMMAND CENTER
Agents protected
5
Actions · 24h
18.4k
Blocked · 24h
326
Tokens · 24h
4.2M

Sentinel.Knight · on watch

active · eu-west-3
sentinel.knight · on watch
Observing 5 agents.
18 412 actions · 326 blocked · last 24h.
⚡ 18.4k actions● 5 online○ 4 pending

Guardian inbox

4 pending
4
suggestions waiting

Protected agents

5
  • Assistant Personnel CEO
    ANTHROPIC-MANAGED · active · last seen 31/05 22:15:18
  • Agent Financier
    ANTHROPIC-MANAGED · active · last seen 30/05 15:04:34
  • Deep researcher
    ANTHROPIC-MANAGED · active · last seen 30/05 13:04:46
  • Test Agent
    ANTHROPIC-MANAGED · active · last seen 25/05 20:25:04
  • agent_01UNy3MizTnJ3s7Wg…
    ANTHROPIC-MANAGED · active · last seen never seen

Quick actions

  • Shield
    Manage policies
  • Guardian
    Review suggestions
  • Watch
    Tail signals
  • Keys
    Manage API keys

Validation queue

4 pending
// source agentANTHROPICAgent FinancierGENERIC · COLD_START · 96%○ BLOCK-CAPABLE
40
elevated
New Tool Usage Detected
perimeter_drift · confidence 50%
DENY
// objective
Prevent unauthorized tool usage and maintain a defined operational perimeter.
RULE_ID  agent-financier-deny-new-tools
{
  "tool_name": { "not_in": ["bash", "write"] },
  "action_type": "tool_use"
}
enforceable now

Live timeline

realtime
  • 15:03:40bash· (default)
  • 15:02:45bash· (default)
  • 15:02:40write· (default)
  • 16:45:26web_fetch· URL outside curated allowlist
  • 16:42:32web_search· (default)
  • 16:42:31web_search· (default)

Shield · Policies

5 active · 4 from Guardian
  • deep-researcher-websearch-high-error-denyDeny web_search if error rate is highDENY
  • deep-researcher-webfetch-error-alertAlert on Web Fetch errorsINTERRUPT
  • p2-webfetch-allowlistweb_fetch allowlistDENY
  • agent-financier-new-tool-bash-denyDeny new tool · bashDENY
LIVE

Reports & Audit

Every decision auditable. Exportable for SOC2 evidence.

SOON

Threat Intel

Live IOCs, adversary playbooks, agent-specific feeds.

SOON

Compliance

SOC2 · ISO27001 · EU AI Act mapping out of the box.

Quick Start

How to install it

Watch it all in 3 steps. Literally 30 seconds.

Packages available for

Claude Agentready
Anthropic
Native Anthropic SDK — available now.
LangGraph
LangChain
The most robust framework for building complex, stateful agents with memory, steps, tools, human-in-the-loop and long workflows. LangGraph is built for reliable agent orchestration.
OpenAI
CrewAI
AutoGen / AG2
Google ADK / Vertex
Step 03 / 03 — Deploy

Wrap, run, observe

Initialize once with your agentId. Every prompt, tool call and response is now streamed to your Fortress in real time.

  • 1
    Framework API key
    The key your application / framework uses to connect to its main provider (Anthropic, OpenAI, …).
  • 2
    Watch My Agent API key
    The key tied to your Watch My Agent account.
  • 3
    Agent ID from your framework console
    The unique identifier of the agent you created in the framework console.
~/agent-project
$
// Three layers, one mission

Watch sees everything. Guardian AI thinks. Shield stops the rest.

WatchMyAgents knight guardian with all-seeing eye shield
// Built for

Every agent class. Every risk profile.

Coding agents

Tool-using agents writing, deploying and altering code.

Customer support

Agents touching PII, tickets and customer history.

Internal ops

Finance, HR, ops agents with access to sensitive systems.

Multi-agent platforms

Swarms, orchestrators and complex agent workflows.

WatchMyAgents legions — agent fleet management
// Agents fleet management

Command your LEGIONS.

Organize agents into squads by team — Customer Services, HR, Marketing, Dev Team. Apply policies, monitor hygiene and orchestrate the whole fleet from a single command center.

Privacy by design.

Your logs stay inside your information system. Only encrypted, anonymized or pseudonymized signals are forwarded to WatchMyAgents — never raw PII, secrets or business content. On serious threats, deeper investigation is requested through the channels you define.

No raw PIIEncrypted in transitPseudonymizedCustomer-owned retentionSIEM / GRC ready
// Early access

Don't wait for your first agent incident.

Join the early-access program and deploy Watch + Shield on your production agents in days, not quarters.

Or email minedor@watchmyagents.com