v0.2.0 — Apache 2.0 · Open Source

Secure Every AI Agent
Before It Ships

The only open-source security platform with ML-powered injection detection, MCP vulnerability scanning, and supply chain auditing. 209+ attack patterns. Zero config.

View on GitHub →
sentinel — zsh
$

The AI security landscape is broken

36.7%
of MCP servers are vulnerable to SSRF attacks
88%
of organizations experienced AI agent security incidents
1 in 5
packages in agent registries is compromised or malicious
5%
of CISOs feel confident they can contain a rogue agent
Capabilities

Everything you need to
ship agents safely

Six independently useful modules. Works together or standalone. No cloud required.

MCP Security Scanner

Scans your MCP server configurations for SSRF vectors, exposed secrets, weak auth, and overprivileged tool definitions before deployment.

SSRF Secrets Auth Overprivilege

Supply Chain Auditor

Detects malicious packages, typosquatting attacks, and GPL license violations across your agent's dependency tree.

Malicious Pkgs Typosquatting GPL Check

ML Prompt Injection

DeBERTa-v3 model + 209+ regex patterns detects injection attacks across all known categories. Runs fully offline — no data leaves your system.

DeBERTa-v3 209+ Patterns Offline

Indirect Injection Detection

Catches injections hidden in retrieved content — HTML pages, JSON API responses, Markdown files, and zero-width character attacks.

HTML JSON Markdown Zero-Width

Agent Behavior Monitor

Establishes a command baseline for each agent and flags statistical anomalies — catch unexpected behavior before it escalates to an incident.

Baseline Learning Anomaly Detection

Policy-as-Code

Define allow/warn/block rules in YAML. Ship with one of 3 default profiles or compose your own stackable rule set. Version-controlled alongside your code.

YAML Policies 3 Profiles Stackable Rules
Quickstart

Zero-config setup in 3 steps

From zero to protected in under 2 minutes. No account required for local use.

01

Install ShieldPilot

Install via pip. Optionally add the [ml] extra for the DeBERTa-v3 model-based detection engine.

# base pip install shieldpilot # with ML detection pip install shieldpilot[ml]
02

Scan Your MCP Config

Point the scanner at your MCP server configuration file. ShieldPilot auto-detects format and emits structured findings.

sentinel mcp-scan config.json
03

Fix and Ship with Confidence

Remediate flagged findings using the built-in guidance. Install the hook once to protect all future agent sessions.

sentinel hook install
Comparison

How we stack up

ShieldPilot is the only tool purpose-built for agentic AI security that's fully open source and self-hostable.

Feature ShieldPilot Lakera Prompt Security DIY / Manual
Open Source Apache 2.0 Varies
Self-Hosted
MCP Scanning
ML Injection Detection DeBERTa-v3
Supply Chain Audit Partial
Offline Mode
Policy-as-Code YAML Partial Partial
Price Free $$$$ $$$$ Engineering time
209+
Attack Patterns
5
Languages Supported
2,948
Tests Passing
<1ms
Avg Scan Latency
Open Source

Built in the open.
Auditable by design.

Every detection rule, every ML model weight, every policy — visible and auditable. No black-box decisions when it comes to your agent's security posture.

Apache 2.0 License ★ Stars on GitHub Active Development
View on GitHub PyPI
Installation
# Core (no dependencies) pip install shieldpilot # With ML model pip install shieldpilot[ml] # Hook install (one-time) sentinel hook install # Scan MCP config sentinel mcp-scan config.json