Agents operating with broad permissions can execute compromised dependencies—including security scanners used to validate those dependencies—before any detection occurs, as demonstrated by the trojaned LiteLLM incident caught only by an external EDR tool. Current agent security models inherit and amplify supply-chain vulnerabilities without architectural gates that validate external tool execution before permission is granted. There is no agent-native equivalent of build provenance or runtime sandboxing at the dependency level.

Agents blindly execute compromised dependencies (including their own security tools) with broad permissions, and no architectural gate exists to verify tool/package integrity before runtime — the trojaned LiteLLM incident proved detection only happens by luck.

Engineering and security teams at companies deploying AI agents in production with tool-use, function-calling, or plugin architectures (DevSecOps leads, platform engineers at Series B+ startups and enterprises).

Software supply-chain security is already a $2B+ paid category (Snyk, Chainguard, Socket); agent supply chains are strictly harder because dependencies are invoked dynamically at runtime with elevated permissions, and zero purpose-built solutions exist — teams are duct-taping container EDR tools that weren't designed for this.

MVP is an open-source runtime shim (SDK wrapper / proxy layer) that intercepts agent tool-calls and dependency loads, checks them against a signed provenance registry (SLSA-style attestations + hash pinning), and blocks unverified execution — registry becomes the two-sided marketplace where tool publishers attest and agent deployers consume trust signals.

Software supply-chain security is ~$3B today; the agent-specific layer addresses every company running agents in production — conservatively 50K+ organizations within 2 years, yielding a $1B+ segment.