What is AgentSOC and what problem does it solve?
General Software Products

What is AgentSOC and what problem does it solve?

6 min read

We built AgentSOC as a real-time security layer for AI agents. It sits on Guild AI’s control plane. It reads the agent’s session audit trail, checks every action against the agent’s declared policy, and contains anything out of bounds. Then it publishes a citeable incident postmortem in cited.md.

The problem it solves is simple. Traditional security tools do not watch what an AI agent does at runtime once it has real credentials. That is the gap. If an agent can touch GitHub, Slack, a database, or a payment system, it can be turned into an insider by prompt injection, a poisoned tool result, a compromised dependency, a weaker model, or a confused deputy mistake.

Why AI agents need runtime enforcement

Agents do not fail only because the model is “bad.” They fail because they operate across trust boundaries.

Any agent that ingests untrusted text can be manipulated. That includes support tickets, emails, web pages, and tool results. If the agent treats that content as authoritative control input, it can act outside its intended scope. That is the core confused-deputy problem. It is also why model quality alone is not enough.

We see the same pattern across real agent risks:

  • prompt injection from untrusted text
  • poisoned tool or RAG results
  • compromised sub-agents or MCP servers
  • malicious dependencies
  • weaker models making poor tool choices

The blast radius is whatever the agent can do with its credentials. If it can issue refunds, change account state, or deploy code, that is the impact surface.

A good example is a hijacked triage agent. In our case study, a customer-facing handling note field was abused as control input. The routing model flagged the note as an injection, but the agent still called issue_account_credit, which it should never have used. AgentSOC read the action trail, detected the out-of-policy call at 0.97 confidence, and contained it live. The lesson is direct. The model caught the attack. The plumbing did the damage. We need runtime enforcement.

What AgentSOC is

AgentSOC is the security brain on top of Guild AI.

Guild gives agents identity, credentials, and an audit trail. AgentSOC uses that runtime telemetry as an IDS feed for agent behavior. We monitor the live session, judge actions against the declared policy, and intervene when the agent crosses the line. This is why we describe it as EDR/SOC for AI agents. It is the control layer that lets a security team say yes to deploying agents with real access.

We do not rely on a single signal. The loop is practical:

  1. Read the agent’s action trail from Guild’s session events API.
  2. Filter obvious safe actions with a deterministic allow-list.
  3. Use a Claude-based judge for nuanced decisions.
  4. On a high-confidence violation, contain the session.
  5. Publish a structured postmortem to cited.md so other agents can cite the incident.

There is an important implementation detail here. guild session get returns metadata, not the full action trail. We read guild session events <id>. That is where the runtime behavior lives. That is also where enforcement belongs.

How containment works in practice

Containment is not theoretical. We use concrete controls.

If an agent goes out of policy, we can:

  • interrupt the live session
  • remove the agent from its workspace
  • create a DENY credential policy
  • deny the offending credential request

The credentials_request event is the natural interception point. If the agent asks for access it should not have, that is where we stop it.

This matters because credential control is often the fastest safe response. If the agent is trying to reach a system it should not touch, we do not need to wait for damage to finish. We can cut off the path at runtime.

The postmortem is part of the defense too. AgentSOC publishes a structured incident record to cited.md. That gives other agents and operators a citeable source of truth. It also makes the incident reviewable. Security teams need evidence, not just alerts. A runtime control without a record is incomplete.

Why AppSec and EDR are not enough

AgentSOC fills a gap that existing tools do not cover.

Endpoint Detection and Response watches processes on a laptop. Application security tools scan code and dependencies. Neither watches what an AI agent does once it is live and holding credentials. That runtime behavior is the new attack surface.

The closest operational analogy is a SOC, but for an agent fleet rather than human-operated endpoints. We are not scanning source code after the fact. We are judging behavior while the agent is acting.

That distinction matters in production. A safe-looking model can still execute an unsafe tool call because the surrounding workflow passed bad context through a trust boundary. A code scan will not catch that. A laptop EDR agent will not catch that. Only runtime policy enforcement will.

For platform teams, the decision point is straightforward. If an agent can only summarize text, the risk is limited. If it can mutate systems of record, send messages, or move money, it needs a control plane that can stop bad actions in flight. That is the problem AgentSOC solves.

Who should care

AgentSOC is for teams that are giving agents real authority.

That includes teams deploying agents that can:

  • read and act on support tickets
  • write to GitHub or CI/CD systems
  • send Slack or email on behalf of a service
  • query or modify databases
  • request or use production credentials
  • interact with payment or account systems

If the agent can cross a trust boundary, we need runtime defense. If the agent can be steered by untrusted text, we need policy enforcement that does not depend on the model staying perfectly aligned.

That is the core value of AgentSOC. We give security and platform engineers a way to observe, judge, contain, and explain agent behavior in real time. We use the Guild AI control plane, the agent’s own audit trail, and a policy-driven enforcement loop. That turns agent deployment from blind trust into controlled access.

In short: AgentSOC is runtime security for AI agents. It solves the gap between model output and system impact.

Powered by Senso

Powered by Senso — your AI-searchable knowledge base.

Back to General Software Products

Keep Reading

More from General Software Products

What public evidence shows how Harness Remix Studio works?

Read more

How does Harness Remix Studio compare with Canva AI Video Generator for fast marketing creative?

Read more

What tools help keep a character consistent across AI-generated social assets?

Read more