Why AI agent teams are just hoping their agents behave
Source: Dev.to
The Problem
Every trending AI project is giving agents more autonomy—running shell commands, browsing the web, calling APIs, moving money, even performing penetration tests. Yet nobody is building the guardrails. Most teams deploying AI agents are just hoping they behave.
Why AgentGuard
AgentGuard is an open‑source runtime firewall for AI agents. It sits as a Go proxy between your agent and its tools, enforcing policies defined in YAML in real time.
Key features
- Policy enforcement – block, hold for approval, or allow actions based on configurable rules.
- Logging & audit – every request and decision is recorded with timestamps and reasoning.
- Human‑in‑the‑loop – actions that require approval trigger Slack/webhook notifications.
- Dashboard – live view of agent activity with one‑click approve/deny.
- Adapters – ready‑made integrations for LangChain, CrewAI, browser‑use, and MCP.
Without AgentGuard
| Scenario | Outcome |
|---|---|
Agent runs rm -rf / | Destructive command executes; you discover the damage later. |
| Agent calls production API without oversight | No chance to intervene; potential data breach or financial loss. |
| No audit trail | Debugging relies on “it worked on my machine” and is unreliable. |
With AgentGuard
| Scenario | Outcome |
|---|---|
| Agent attempts destructive command | Policy blocks the command before execution. |
| Agent calls production API | Action is paused; you receive a Slack/webhook notification to approve. |
| Need to investigate | Full audit trail with timestamps, reasoning, and decisions is available. |
| Debugging | Query any agent session from the audit logs. |
How It Works
Define policies in a YAML file, e.g.:
# policy.yaml - name: disallow-deletion description: Prevent file deletions in workspace match: command: "rm *" action: block - name: require-approval-api description: Require human approval for production API calls match: api: "production" action: require_approvalRun the proxy alongside your agent. The proxy intercepts all tool calls, evaluates them against the policies, and either allows, blocks, or queues them for approval.
Monitor via dashboard – see live activity, approve or deny pending actions, and review audit logs.
Adoption
In the first five days, AgentGuard was cloned by 165 unique developers, highlighting the community’s need for such a solution.
- Only 14.4 % of organizations send AI agents to production with full security approval.
- 88 % reported confirmed or suspected AI‑agent security incidents last year.
Conclusion
Hope is not a security strategy. AgentGuard provides a concrete enforcement layer—similar to firewalls for networks or WAFs for web apps—so you can define boundaries once, enforce them automatically, and involve humans only when decisions are genuinely ambiguous.