For AI agents & MCP

AI Agent Security: stop prompt injection across your whole pipeline

TLDR

AI agents touch tool inputs, retrieved documents, and other agents' output, and every one of those is an injection entry point a chat-box filter never sees. SafePrompt validates any of that content in one API call, with any LLM provider, in most cases under 100ms.

Agents have a bigger attack surface than chatbots

A chatbot reads one thing: the user's message. An agent reads many things it did not write. It pulls documents from a vector store, calls tools over MCP, browses pages, and passes results between sub-agents. Filtering only the first user prompt leaves every other input unguarded, and that is exactly where modern attacks land. The fix is to validate content at each checkpoint, not just at the front door.

Three injection vectors unique to agents

Indirect injection

A retrieved document, web page, or email carries hidden instructions that your agent reads as if you typed them. The user prompt looked clean; the data did not.

Tool poisoning

An MCP tool description or a tool result smuggles redirect instructions into the loop, steering the agent toward an action you never approved.

Cross-context bleed

An injection that enters through one tool or sub-agent rides along into the next call, so a single poisoned step can compromise the whole chain.

One call, dropped in at every checkpoint

SafePrompt is a single HTTP call that sits between your orchestrator and tool execution. Validate the tool input before the agent acts on it, and block when an injection is detected. The same call works for retrieved chunks and inter-agent messages.

// Validate any content your agent is about to act on
async function isSafe(content) {
  const res = await fetch('https://api.safeprompt.dev/api/v1/validate', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'X-API-Key': process.env.SAFEPROMPT_API_KEY,
    },
    body: JSON.stringify({ prompt: content }),
  })
  const { safe } = await res.json()
  return safe
}

// In your MCP tool handler, check the input first
if (!(await isSafe(toolInput))) {
  throw new Error('Prompt injection detected in tool input')
}

Why platform-native guardrails miss this

Azure Prompt Shields / Model Armor

Locked to the Azure ecosystem. It cannot travel with an agent that also calls OpenAI, Anthropic, or a self-hosted model.

AWS Bedrock Guardrails

Locked to Bedrock. Tool inputs from MCP servers outside AWS are never seen.

Provider built-ins

Tied to one model vendor and tuned for the chat box. They do not validate arbitrary tool inputs or retrieved content flowing through your orchestrator.

Real agents are rarely single-vendor. The moment your pipeline spans more than one provider, a guardrail bolted to one platform cannot follow the data. SafePrompt is provider-agnostic by design: it validates the content, not the model, so the same checkpoint protects every step regardless of who serves the tokens.

Secure your agents in one call

Above 95% detection on real-world traffic, and 100% on our reproducible public benchmark. Works with any LLM, no vendor lock-in.

Free tier: 100,000 validations a month, no credit card.