Overview
AgentWarden is a governance and runtime security layer for agentic AI systems.
It helps teams define what AI agents can do, assess tool-level risk, and enforce reviewed controls when agents interact with prompts, tools, tool outputs, and final responses.

What AgentWarden Helps With
AgentWarden focuses on the security question that appears once AI systems start acting through tools: what should this agent be allowed to do, with which tools and data, under which conditions?
AgentWarden supports that lifecycle in four parts:
| Step | What it means |
|---|---|
| Risk assessment | Understand what tools, data, and external destinations an agent can reach. |
| Policy management | Turn reviewed security requirements into policy for a specific use case. |
| Runtime enforcement | Evaluate agent events and return policy decisions at agent action boundaries. |
| Audit and feedback | Preserve telemetry and lineage so teams can review decisions and improve policy. |
Build-Time and Runtime
AgentWarden has two connected flows:
- Build-time flow: security and platform teams evaluate agent tools, review exposure, and prepare policy before or during rollout.
- Runtime flow: applications, SDK integrations, and supported coding-agent hooks send normalized events to AgentWarden for policy decisions.
A use case groups one agent, its tools, its review context, its evaluations, and its active runtime policy.
The same policy model connects both flows. Build-time review defines the reviewed policy. Runtime enforcement applies it when the agent acts.
Integration Paths
| If you are using... | Start with... |
|---|---|
| Build-time evaluation and policy workflow | AgentWarden CLI |
| A custom agent application where you own the loop | AgentWarden SDK |
| A supported coding-agent runtime | AgentWarden hooks installer |
If you are new to AgentWarden, read How AgentWarden Works next. If you already understand the model and are choosing a runtime path, start with Runtime Integrations.
What AgentWarden Is Not
AgentWarden does not replace identity providers, developer IAM, DLP systems, performance evaluations, or MCP server vulnerability scanners. It works alongside those systems by adding policy review, runtime decisions, telemetry, and lineage at agent action boundaries.