Agent frameworks treat their own tools—code execution, API access, dependency invocation—as trusted primitives, but these are the primary attack surface for adversarial exploitation (e.g., branch-name command injection, compromised npm packages, poisoned scanners). There is no built-in threat modeling layer that validates tool inputs and outputs against adversarial patterns. Current sandbox and containment approaches only address escape vectors, not in-chain attacks.

Agent frameworks blindly trust tool inputs/outputs, enabling in-chain attacks like prompt injection via branch names, poisoned dependency outputs, and API parameter manipulation — none of which sandboxing catches.

Platform engineering and security teams at companies deploying autonomous coding agents (Devin, Cursor, custom LangChain/CrewAI pipelines) in production environments touching real code repos and infrastructure.

Enterprises are pausing agent deployments over security unknowns — CISOs need an auditable threat layer before greenlighting autonomous tool use, and no current product sits between the agent and its tools to validate adversarial patterns at the semantic level.

MVP is an open-source middleware SDK (Python/TS) that wraps tool calls with a policy engine: input sanitization against known injection grammars, output anomaly detection via lightweight classifier, and a declarative policy DSL for per-tool threat rules — ships as a LangChain/CrewAI plugin first.

Subset of the $5B+ application security market, specifically the ~$800M runtime application self-protection (RASP) segment, rapidly expanding as every enterprise security budget now includes an 'AI agent risk' line item.