AI Agent Security
Comprehensive security for AI agent tool calls - validation, policies, and human-in-the-loop approvals.
AI Agent Security
Bastio provides comprehensive security for AI agents that use tools. As AI agents become more autonomous and capable, they gain access to powerful capabilities - executing shell commands, accessing files, making HTTP requests, and interacting with databases. Without proper guardrails, these capabilities become security vulnerabilities.
The Challenge
Modern AI agents face several security challenges:
- Autonomous Tool Execution: Agents can execute dangerous operations without human oversight
- Prompt Injection Attacks: Malicious inputs can hijack agent behavior and tool usage
- Data Exfiltration Risks: Agents with network access can leak sensitive information
- Privilege Escalation: Tool chains can be exploited to gain unauthorized access
- Compliance Requirements: Regulated industries need audit trails and approval workflows
How Bastio Protects Your Agents
Bastio provides a three-layer security model for AI agent tool calls:
Layer 1: Policy Engine (Primary Enforcement)
Define rules for how tool calls should be handled:
- Allow: Permit tool execution
- Block: Prevent tool execution
- Require Approval: Route to human reviewers
- Rate Limit: Prevent abuse through request throttling
- Sanitize: Clean dangerous content from arguments
- Warn: Allow but flag for monitoring
Policies can match tools by name pattern, evaluate argument content, consider risk scores, and apply time-based conditions.
Layer 2: Real-Time Threat Scanning
Every tool call is scanned in real-time for threats:
- Shell Injection: Commands like
; rm -rf /or| cat /etc/passwd - File Access Attacks: Attempts to read sensitive files (
~/.ssh,.env) - Network Abuse: Data exfiltration URLs, reverse shells
- Prompt Injection: Attempts to manipulate agent behavior
- Privilege Escalation:
sudo,chmod 777, admin tool calls - Credential Exposure: API keys, passwords, tokens in arguments
Risk scoring (0.0 - 1.0) influences policy decisions.
Layer 3: Agent Identity & Authentication
Cryptographic identity for your AI agents:
- Ed25519 Key Pairs: Strong cryptographic authentication
- Trust Levels: Differentiate development vs production agents
- Session Management: Track agent activity over time
- Key Rotation: Security best practice support
- Allowed/Blocked Tools: Per-agent tool restrictions
Quick Start
Get started in under 5 minutes. See Tool Validation for the complete API reference.
1. Get Your API Key
Create a Gateway API key from your Bastio Dashboard.
2. Validate Tool Calls
Before executing any tool, send it to Bastio for validation:
curl -X POST https://api.bastio.com/v1/guard/{proxyId}/tool \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"session_id": "session_123",
"tool_call": {
"id": "call_abc",
"type": "function",
"function": {
"name": "execute_shell",
"arguments": "{\"command\": \"ls -la\"}"
}
}
}'3. Handle the Response
{
"action": "allow",
"tool_call_id": "call_abc",
"risk_score": 0.15,
"threats_detected": [],
"message": "Tool call allowed"
}Possible actions:
allow- Safe to execute the toolblock- Do not execute, return error to agentrequire_approval- Wait for human approval before executingwarn- Execute but flag for review
Key Capabilities
| Capability | Description |
|---|---|
| Tool Validation | Real-time threat scanning of tool calls |
| Policy Engine | Flexible rules for tool call handling |
| Human-in-the-Loop | Approval workflows for sensitive operations |
| Chain Analysis | Multi-tool attack pattern detection |
| Anomaly Detection | Behavioral baseline and deviation alerts |
| Agent Identity | Cryptographic agent authentication |
| Content Scanning | Scan tool outputs for indirect injection |
Supported Formats
Bastio supports industry-standard tool call formats:
{
"tool_call": {
"id": "call_abc123",
"type": "function",
"function": {
"name": "get_weather",
"arguments": "{\"location\": \"San Francisco\"}"
}
}
}{
"tool_call": {
"id": "toolu_01abc",
"type": "tool_use",
"name": "get_weather",
"input": {
"location": "San Francisco"
}
}
}SDK (Beta)
TypeScript and Python SDKs are in beta. Join the waitlist for early access.
We're developing official SDKs to make integration even easier:
- TypeScript SDK:
@bastio/agent-security(coming soon) - Python SDK:
bastio-agent-security(coming soon)
Beta testers receive direct engineering support and free Pro tier access during the beta period.
Next Steps
- Tool Validation - Learn the complete validation API
- Policies - Configure custom security rules
- Human-in-the-Loop - Set up approval workflows
- Agent Identity - Register and authenticate agents