About Guardian Shell

We built Guardian Shell so AI agents can be powerful without being dangerous.

AI agents are transforming development. But they run with your full privileges — access to SSH keys, cloud credentials, and every file on your machine. Guardian Shell isolates each agent in its own Linux cgroup via Guardian Launcher, giving it an unspoofable kernel identity with per-agent policies and resource limits.

Why we started

AI agents are powerful. Their access shouldn't be unchecked.

Teams are running Claude Code, Cursor, Aider, and AutoGPT in parallel — shipping faster than ever. But these agents inherit the full privileges of the user account running them. Without guardrails, an agent can read your SSH keys, cloud credentials, API tokens, and any file on your machine.

Traditional file permissions don't help because they control user access, not per-agent access. Userspace sandboxes can be bypassed. Guardian Shell was created to bring kernel-level enforcement to this problem — using eBPF to monitor and control agent behavior at the syscall layer.

What Guardian Shell believes

Security should happen at the kernel

Userspace sandboxes can be bypassed. Real enforcement must operate below the application layer, at the kernel itself, where agents cannot escape.

Agents need per-identity policies

Not all agents are equal. Claude Code editing your project is different from an unknown agent probing your filesystem. Each agent should have its own security scope.

Humans should stay in the loop

Agents will inevitably need access to sensitive resources. Instead of blanket denials, the right approach is interactive approval with risk scoring and time-limited grants.

AN

Anand Narayan

Founder, Guardian Shell

Mission: Give every developer kernel-level control over their AI agents.

Vision: A world where AI agents are powerful and provably safe.

Founder's note

Guardian Shell came from a real security gap, not a market category.

We were running multiple AI coding agents — Claude Code, Cursor, Aider — all on the same machine. The productivity gains were incredible, but then we realized: each agent had unrestricted access to our SSH keys, AWS credentials, and everything else on our systems. One malicious prompt injection in a repository could expose it all.

We looked at existing solutions. Falco only monitors. Tetragon needs Kubernetes. AgentSight observes but can't enforce. None of them understood the concept of per-agent policies or interactive approvals.

So we built Guardian Shell. The default flow is simple: launch each agent via Guardian Launcher into its own Linux cgroup. The cgroup gives the agent an unspoofable kernel-enforced identity with resource limits. eBPF programs enforce per-agent TOML policies at the syscall layer. Interactive approval workflows, a real-time dashboard, and Slack/email alerts complete the picture. Written in Rust, single binary, less than 3% CPU overhead.

Ready to secure your AI agents?

If your team is running AI coding agents and you're concerned about what they can access, Guardian Shell is built for that exact problem.