Rune intercepts every tool call your AI agents make. Prompt injections, data exfiltration, and policy violations are blocked before they reach your systems. Three lines of code. Works with LangChain, OpenAI, Anthropic, CrewAI, and MCP.
from rune import Shield
from rune.integrations.langchain import ShieldMiddleware
from langchain_openai import ChatOpenAI
shield = Shield(api_key="rune_live_...")
# Wrap any LangChain agent in one line
agent = your_agent | ShieldMiddleware(shield)
# Every tool call is now intercepted:
# ✓ Prompt injections blocked
# ✓ Policy violations stopped
# ✓ Anomalies flagged in real timeInstall: pip install runesec
Every agent has access to APIs, databases, file systems, and third-party services. One prompt injection or misconfigured permission can lead to data leaks, unauthorized actions, or compliance violations — and you won't know until it's too late.
Rune shows you what your agents actually do at runtime — not what they're supposed to do.
Rune wraps your existing agent framework — LangChain, OpenAI, Anthropic, CrewAI, or MCP — without changing how you build.
L1 regex rules catch known patterns. L2 semantic analysis detects novel attacks. L3 behavioral correlation spots multi-step threats across sessions.
Every tool call passes through Rune before it executes. Prompt injections, data exfiltration, and policy violations are blocked before they reach your systems.
Per-agent risk scores, real-time alerts, event timelines, and analytics dashboards. See what every agent is doing and keep a clear audit trail.
Define which tools each agent can call, with what arguments, under what conditions. Write policies in YAML, test before deploying, enforce on every event.
These aren't theoretical risks. These are real attack vectors that affect AI agents in production today.
An attacker embeds instructions in user input that trick your agent into executing unintended tool calls.
An agent attempts to send sensitive data — API keys, PII, internal documents — to an external endpoint.
An agent tries to call a tool or access a resource that your security policies explicitly forbid.
A multi-step attack where an agent gradually expands its own permissions across sequential tool calls.
An agent calls tools outside its approved set — reading files, sending emails, or accessing databases it shouldn't touch.
An agent's behavior deviates from its established patterns — unusual call frequency, new tool combinations, or sudden risk score spikes.
Paste any text below and watch Rune's L1 scanner detect threats in real time. This is the same engine that protects your agents in production.
Scan results will appear here
Dashboard, alerts, policies, and analytics — designed for the way engineering teams actually work.
See active agents, events scanned, threats blocked, and risk scores — all updating live. Drill into any agent for its full event timeline and policy triggers. When something goes wrong at 2 a.m., your dashboard already has the answer.
Automatic deduplication so you don't drown in noise. Every alert shows severity, the triggering agent, the exact event, and full JSON details — no tool-switching required. Resolve with notes, mark false positives, refine your policies.
Write policies in YAML. Test them against simulated actions before deploying. Restrict tools, block patterns, set conditions by agent tag. Pause and resume without deleting. Every policy is versioned for audit.
Event volume trends, allowed vs. blocked traffic, breakdowns by framework, alert type distributions. Spot anomalies before they become incidents — and get the data to justify security investments.
Rune sits between your agent and the outside world. No changes to your agent logic. No performance penalty.
One pip install, one import, one wrapper. Works with LangChain, OpenAI, Anthropic, CrewAI, and MCP. Your agent logic stays the same.
Tool calls, model inputs, and outputs pass through three scanning layers before reaching your LLM or external APIs. Threats are blocked before they execute.
Threats and anomalies appear in your dashboard in real time. Route alerts to email, Slack, or webhooks. Tune policies from the UI.
Rune's SDK is framework-agnostic. If your agent makes tool calls, Rune can intercept them. First-class integrations for the most popular frameworks.
Don't see your framework? Rune's generic middleware works with any Python agent. See the docs
10K events on the free plan. Upgrade for more agents, deeper scanning, or longer retention. No surprise bills. No credit card to start.
Get started with up to 5 agents, free forever
For small teams shipping their first agents to production
For teams running production agents with full scanning
For companies with high-volume agent deployments
Need higher limits or a custom contract? Contact us at hello@runesec.dev
Under 10 minutes. Install the SDK, create a Shield with your API key, wrap your agent. Three lines of code for most frameworks.
Rune works with LangChain, OpenAI SDK, Anthropic SDK, CrewAI, and MCP out of the box. The SDK is framework-agnostic — if your agent makes tool calls, Rune can intercept them.
No. L1 scanning uses regex pattern matching with negligible overhead. L2 and L3 run in parallel and are optimized for low latency. Rune is designed as a lightweight proxy — your agents won't notice it's there.
Yes. The policy editor includes a built-in test panel where you can simulate actions against your YAML policies and see the result before anything goes live.
The tool call is blocked before it executes. An alert appears in your dashboard with the agent, event, triggering policy, and severity rating. You can also route alerts to email, Slack, or webhooks.
No. Rune wraps your existing agent as middleware. Your logic, prompts, and tool definitions stay exactly the same.
L1 uses regex pattern matching for known threats — fast and deterministic. L2 uses semantic analysis to catch novel attacks that don't match known patterns. L3 uses behavioral correlation across sessions to detect multi-step threats.
Not yet. Rune is currently a hosted platform. If self-hosting is a requirement, reach out to hello@runesec.dev and we'll work with you.
See every tool call, block threats in real time, and ship agents you can actually trust. Free plan includes 10K events and 5 agents — no credit card required.
Set up in under 10 minutes. Free forever on Community.