Agent-Drift: Security Monitoring Tool for AI Agents
Agent-Drift: Security Monitoring Tool for AI Agents
Cybersecurity specialist sysinternalssuite created Agent-Drift—an open-source tool for protecting AI agents from prompt injection, behavioral drift, and other attacks. Essentially a SIEM + IDS specifically for OpenClaw.
Why This Exists
"I work in Cybersecurity and have noticed an uptick in prompt injection, behavioral drift, memory poisoning and more in the wild with AI agents"
What Agent-Drift Does
GitHub: https://github.com/lukehebe/Agent-Drift
The tool works as a wrapper for OpenClaw:
- Collects behavior baseline
- Detects behavioral drift
- Alerts through dashboard
Behavior Monitoring
Tracked patterns:
- Tool usage sequences and frequencies
- Timing anomalies
- Decision patterns
- Output characteristics
Attack Detection
| Attack | Description |
|---|---|
| Instruction override | Command hijacking |
| Role hijacking | Role takeover |
| Jailbreak attempts | Restriction bypass |
| Data exfiltration | Data leakage |
| Encoded Payloads | Obfuscated payloads |
| Memory Poisoning | Memory corruption |
| Privilege Escalation | Rights elevation |
| Indirect prompt injection | Indirect attacks |
How It Works
- Baseline Learning — first runs establish normal behavior
- Behavioral Vectors — each run becomes a multi-dimensional vector
- Drift Detection — new runs compared against baseline
- Anomaly Alerts — significant deviations trigger warnings
TL;DR
"Basically an all in one Security Incident Event Manager (SIEM) for your AI agent that acts as an Intrusion Detection System (IDS) that also alerts you if your AI starts to go crazy."
Source: u/sysinternalssuite on r/moltbot
📖 Read the full source: Reddit
👀 See Also
NanoClaw's Security Model for AI Agents: Container Isolation and Minimal Code
NanoClaw implements a security architecture where each AI agent runs in its own ephemeral container with unprivileged user access, isolated filesystems, and explicit mount allowlists. The codebase is deliberately minimal at around one process and a handful of files, relying on Anthropic's Agent SDK instead of reinventing functionality.
Claude Code Identifies Malware Backdoor in GitHub Repo During Technical Audit
A developer used Claude Code to audit a GitHub repository before execution and discovered a remote code execution backdoor in src/server/routes/auth.js that would have compromised their machine. The prompt requested a technical due diligence audit checking project completeness, AI/ML layer, database, authentication, backend services, frontend, code quality, and effort estimate.
MCP Package Security Scan Reveals Widespread Destructive Capabilities Without Confirmation
A security scan of 2,386 MCP packages on npm found 63.5% expose destructive operations like file deletion and database drops without requiring human confirmation. The researcher discovered 49% had security issues overall, with 402 critical and 240 high severity vulnerabilities.
Windows Notepad App Remote Code Execution Vulnerability CVE-2026-20841
CVE-2026-20841 is a remote code execution vulnerability in the Windows Notepad app. Details and mitigation steps are available in the Microsoft Security Response Center update guide.