AI agents are shipping fast (LangChain, CrewAI, MCP servers, OpenAI Agents SDK) but there's no unified way to secure and govern them. We built g0 to be
that control layer. What g0 does across the agent lifecycle:
g0 scan - Static + behavioral analysis of agent code. 1,180 rules across 12 security domains, 10 frameworks (LangChain, CrewAI, MCP, OpenAI, Vercel AI,
Bedrock, AutoGen, LangChain4j, Spring AI, Go AI), 5 languages. Detects toxic tool chains, taint flows, overprivileged descriptions, missing
sandboxing. Integrated threat intelligence checks tool URLs and dependencies against 55+ IOCs and known CVEs.
g0 test - Dynamic adversarial red teaming. Fires prompt injections, data exfiltration attempts, tool abuse sequences, jailbreaks, and goal hijacking
payloads at your running agents. 3-level progressive judge (deterministic, heuristic, LLM). Works over HTTP and MCP.
g0 endpoint - Discovers every AI tool on the machine (Claude Code, Cursor, Windsurf, Zed, 15+ tools), inventories MCP servers, and surfaces
misconfigurations. Think nmap but for your AI developer surface.
g0 daemon - Continuous runtime monitoring. Behavioral baselines with anomaly detection, cost circuit breaker, correlation engine linking events across
sources into attack chains, and a kill switch for when things go sideways.
g0 detect - MDM enrollment detection (Jamf, Intune, Mosyle, Kandji, etc.), running AI agent discovery, and host hardening audit in one view.
First-class OpenClaw support. g0 is the only security tool that understands OpenClaw's architecture: gateway hardening (18 probes),
SKILL.md/SOUL.md/MEMORY.md analysis, cognitive drift monitoring via SHA-256 baselines, deployment audits, config hardening, and ClawSec CVE feed
integration. If you're running OpenClaw in production, g0 catches what generic scanners miss.
Compliance built in, not bolted on. Every finding maps to 10 standards: OWASP Agentic Top 10, OWASP LLM Top 10, NIST AI RMF, ISO 42001, EU AI Act,
MITRE ATLAS, and more. Generate evidence records, compliance reports, and enforce policies via .g0-policy.yaml with CI gate support.
Outputs: Terminal, JSON, SARIF 2.1.0, HTML, CycloneDX AI-BOM, Markdown. Plugs into GitHub Actions, GitLab CI, or any pipeline.
One command to start: npx @guard0/g0 scan .
GitHub: https://github.com/guard0-ai/g0
We think the AI agent ecosystem needs the same security tooling maturity that web apps got with Burp Suite and Semgrep, but purpose-built for agents.
Happy to answer questions about the architecture or threat model.