sage  by gendigitalinc

Agent security layer for AI command and data protection

Created 5 months ago
251 stars

Top 99.8% on SourcePulse

GitHubView on GitHub
Project Summary

Sage provides a lightweight Agent Detection and Response (ADR) layer designed to enhance the security of AI agents by intercepting and validating potentially dangerous actions. It targets developers and users of AI coding assistants, offering a multi-layered defense against malicious commands, file operations, and web requests, thereby improving the trustworthiness of AI agent interactions.

How It Works

Sage operates by intercepting critical tool calls, including shell commands, file writes, and URL fetches, before execution. It employs a multi-stage threat detection pipeline. This includes cloud-based URL reputation checks for known malicious sites, local heuristics leveraging over 300 YAML-defined threat patterns for suspicious commands and data, and a two-tier prompt injection defense combining heuristics with a fine-tuned machine learning model. Additionally, it performs package supply-chain analysis for npm/PyPI dependencies and integrates with the Windows Antimalware Scan Interface (AMSI) for enhanced endpoint security.

Quick Start & Requirements

Installation varies by platform:

  • Claude Code: Requires Node.js >= 18. Install via plugin marketplace: plugin install sage@sage.
  • Cursor / VS Code: Install the Gen Sage extension from the respective marketplace.
  • OpenClaw: Install via npm: openclaw plugins install @gendigital/sage-openclaw.
  • OpenCode: Add "@gendigital/sage-opencode" to ~/.config/opencode/opencode.json. Refer to ai.gendigital.com/sage for the latest instructions and the User Guide for detailed setup.

Highlighted Details

  • URL Reputation: Cloud-based detection of malware, phishing, and scam URLs.
  • Local Heuristics: Over 300 YAML-based patterns detect dangerous commands, suspicious URLs, credential exposure, and obfuscation.
  • Prompt Injection Defense: A dual-layer system using heuristics and an ML model to counter injected instructions.
  • Package Supply-Chain Checks: Analyzes npm/PyPI packages for registry existence, file reputation, and age.
  • AMSI Integration: Supports Windows Antimalware Scan Interface on Windows and WSL via PowerShell.

Maintenance & Community

The project is copyrighted by Gen Digital Inc. Contribution guidelines are available in CONTRIBUTING.md, suggesting community involvement is possible. No specific community channels (like Discord/Slack) or roadmap links are provided in the README.

Licensing & Compatibility

The source code is licensed under the Apache License 2.0. Threat detection rules are under a separate "Detection Rule License 1.1". The Apache 2.0 license is permissive and generally compatible with commercial use and closed-source linking.

Limitations & Caveats

AMSI integration is specific to Windows and WSL environments; it functions as a no-op on macOS and non-WSL Linux systems. The project may be distributed under different product names (e.g., Norton Sage, Avast Sage), which could lead to user confusion regarding installation or branding.

Health Check
Last Commit

4 weeks ago

Responsiveness

Inactive

Pull Requests (30d)
1
Issues (30d)
2
Star History
17 stars in the last 30 days

Explore Similar Projects

Starred by Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems").

codegate by stacklok

0%
790
AI agent security and management tool
Created 1 year ago
Updated 1 year ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits), Chip Huyen Chip Huyen(Author of "AI Engineering", "Designing Machine Learning Systems"), and
1 more.

cai by aliasrobotics

0.6%
9k
Cybersecurity AI (CAI) is an open framework for building AI-driven cybersecurity tools
Created 1 year ago
Updated 3 days ago
Feedback? Help us improve.