Agent Security Loop Active

Continuous Red-Teaming
& Runtime Firewall for AI Agents

OrchSec continuously red-teams AI agents across their full execution path, turns verified vulnerabilities into runtime policies, and blocks unsafe tool calls before execution.

Built for teams giving agents access to MCP servers, APIs, files, browsers, databases, email, Slack, GitHub, or shell commands.

Book an AI Agent Security ReviewView GitHub Repo
orchsec-cli - red-team to runtime policy
orchsec scan --agent ./agent-tools.json --policy ./orchsec.yml
[info] Target identified: AI agent with MCP + API tool permissions
[info] Running adversarial tests for indirect prompt injection and tool abuse
[critical] Verified exploit path:
external_pdf -> prompt injection -> send_email tool -> sensitive export
[policy] Suggested runtime control:
require approval when send_email includes sensitive attachment and external recipient
[runtime] Intercepted tool call: send_email
[decision] REQUIRE_APPROVAL
[reason] external recipient + sensitive attachment + untrusted source

[ platform_overview ]

From red-team findings to runtime enforcement.

OrchSec maps agent tools, tests real attack paths, and converts verified failures into enforceable policies. Approved policies are applied at runtime to block, modify, log, or escalate unsafe actions before they execute.

01 / Agent Graph Discovery

Map every tool, permission, and trust boundary.

OrchSec turns agent schemas, MCP tool manifests, routes, OAuth scopes, and data access into a security graph so hidden escalation paths become visible before production exposure.

02 / Adversarial Simulation

Run multi-turn attacks like a real operator.

The scanner chains prompt injection, context poisoning, parameter tampering, MCP abuse, and tool routing failures to prove which weaknesses are actually exploitable.

03 / Policy-Ready Findings

Turn verified failures into reviewed controls.

Each finding is tied to a reproducible trace, impacted boundary, severity signal, and policy recommendation that security teams can review, approve, and enforce.

Agent Surfaces

Tools / Memory / APIs

Attack Coverage

Injection / Exfiltration / MCP Abuse

Output

Proof / Trace / Policy Signal

[ runtime_firewall ]

Stop unsafe tool calls before they execute.

Red-teaming tells you where the agent can fail. Runtime enforcement makes sure the same failure does not become a real incident. OrchSec sits between the agent and the systems it can control, inspecting high-risk actions before execution and enforcing policies that security teams can read, review, and audit.

controls: MCP calls
controls: API requests
controls: file access
controls: shell commands
controls: OAuth scopes
controls: audit logs
orchsec-policy-decision.json
decision: BLOCK
tool: send_email
reason: external destination + sensitive attachment
policy: data_exfiltration.external_domain.requires_approval
trace: prompt_injection -> tool_call -> blocked_before_execution

The agent attack paths OrchSec tests and controls.

Prompt injection, data poisoning, MCP tool abuse, privilege escalation, data exfiltration, parameter tampering, cross-tenant memory leakage, and multi-turn goal hijacking.

Prompt Injection & Data Poisoning

Tests indirect vector vulnerabilities where malicious documents, untrusted files, or incoming emails override internal developer guidelines to hijack agent goals.

[WARN] Injection Vector Detected
source: external_pdf_loader
payload: system_override_attempt

Tool Abuse & Privilege Escalation

Tests MCP servers, API connections, OAuth scopes, and tool routing logic to ensure models cannot execute unauthorized actions or access secure administrative backend files.

[CRITICAL] Tool Escalation Path
mcp_server: stdio_unauthed
oauth_scope: admin:write

Multi-Tenant Data Isolation

Continuously checks memory pools and vector databases to ensure strict tenant data segregation, preventing cross-user information leakage.

[PASS] Tenant Isolation Verified
tenant_a -> tenant_b: blocked
memory_bleed: none detected

Automated Schema Audits

Point OrchSec at OpenAPI specs, MCP JSON manifests, and tool configuration files to audit the system graph and generate policy recommendations for logical security flaws.

Hover nodes to trace attack paths
Untrusted InputRAG PipelineTool: CRM APITool: CloudAPIState MachineResponse

[ security_workflow ]

From agent schema to runtime policy in one repeatable loop.

OrchSec maps agent permissions, runs adversarial simulations, learns from evidence, recommends policy updates, and enforces approved controls before risky actions execute.

01

$ orchsec ingest ./agent-tools.json

Connect schemas and tool definitions

Import agent routes, allowed tools, MCP manifests, parameter schemas, data scopes, and environment boundaries.

02

$ orchsec map --graph permissions

Build the interaction graph

Identify where prompts, memory, APIs, plugins, and third-party systems can influence privileged actions.

03

$ orchsec attack --multi-turn

Simulate exploit chains

Run adversarial conversations that attempt injection, poisoning, privilege escalation, and data exfiltration.

04

$ orchsec policy --recommend

Review and enforce controls

Generate policy recommendations, approve runtime controls, and log every blocked or allowed decision.

[ runtime_security_review ]

Secure your first production AI agent before it gets real access.

If your AI agents can call tools, access files, query databases, use MCP servers, or trigger business workflows, OrchSec helps you test the risks and enforce controls before actions execute.

GitHub Repositoryopen ->

Run the CLI scanner, inspect the runtime policy workflow, and follow project updates.

LinkedIn Companyopen ->

Follow OrchSec for practical work around agentic AI security and scanner updates.