Agent Runtime Protection
Runtime Security for AI Agents

Detect. Intercept. Enforce. Monitors OS-level activity, AI-layer traffic, and HTTP proxy with 20 built-in threat detection patterns. EDR for AI agents.

View on GitHubView on npm
terminal
import { createArp } from '@opena2a/arp'

const arp = createArp({
  monitors: ['process', 'network', 'filesystem'],
  interceptors: ['http', 'prompt', 'mcp'],
  patterns: 'all'
})

await arp.start()
// Agent is now protected

What Is ARP

EDR for AI Agents

ARP is an endpoint detection and response system purpose-built for AI agents. It monitors agent behavior at the OS level (processes, network, filesystem), the application level (Node.js module hooks), and the AI level (prompts, MCP tool calls, A2A messages). When a threat pattern matches, ARP intercepts and blocks the action before it executes.

How It Works

  • OS-level polling monitors detect suspicious processes, connections, and file changes
  • Application interceptors hook into Node.js I/O before it reaches the kernel
  • AI-layer scanning matches prompts and messages against 20 threat patterns
  • HTTP reverse proxy inspects all agent traffic with protocol-aware rules

Detection Layers

Four layers of detection from the operating system to AI protocols. Each layer adds coverage that the others cannot reach.

OS-Level Monitors

Polling-based monitors using ps, lsof, and fs.watch to detect process spawning, network connections, and filesystem changes at the operating system level.

Latency: 200-1000ms

Application Interceptors

Node.js module hooks that intercept child_process, net, fs, and http calls. Fires before I/O reaches the kernel, enabling pre-execution policy enforcement.

Latency: <1ms

AI-Layer Interceptors

Regex pattern matching engine that scans prompts, MCP tool calls, and A2A messages for injection, jailbreak, and exfiltration attempts in real time.

Latency: ~10us

HTTP Proxy

Protocol-aware reverse proxy that inspects HTTP request and response bodies. Applies detection patterns to all inbound and outbound agent traffic with minimal overhead.

Latency: <1ms overhead

20 Built-in Threat Patterns

Pre-configured detection patterns covering prompt injection, jailbreak, data exfiltration, output leaks, context manipulation, and protocol-specific attacks on MCP and A2A.

Prompt Injection
PI-001Direct instruction override
PI-002Indirect prompt injection
PI-003Multi-turn injection
Jailbreak
JB-001Role-play jailbreak
JB-002Encoding-based bypass
Data Exfiltration
DE-001URL-based exfiltration
DE-002DNS tunneling
DE-003Steganographic output
Output Leak
OL-001System prompt extraction
OL-002Context window dump
OL-003Training data extraction
Context Manipulation
CM-001Memory poisoning
CM-002Context window overflow
MCP Exploitation
MCP-001Tool injection
MCP-002Schema manipulation
MCP-003Server impersonation
A2A Attacks
A2A-001Agent impersonation
A2A-002Task hijacking

MITRE ATLAS Mapping

ARP detection patterns are mapped to the MITRE ATLAS framework for adversarial threat landscape for AI systems. Each pattern references a documented technique.

Technique IDNameDescription
AML.T0051Prompt InjectionAdversary crafts input to override LLM instructions
AML.T0054LLM JailbreakBypass model safety constraints via prompt engineering
AML.T0046Unsafe ML InferenceExploit inference pipeline to produce unsafe outputs
AML.T0057Data LeakageExtract sensitive data from model context or memory
AML.T0024ExfiltrationTransfer data outside authorized boundaries via agent actions
AML.T0018PersistenceMaintain unauthorized access across agent sessions
AML.T0029Denial of ServiceDegrade or disable agent functionality via resource exhaustion
AML.T0015EvasionCircumvent detection mechanisms using obfuscation techniques

Quick Start

Install the package, create a configuration file, and start protecting your agent in under a minute.

install
$ npm install @opena2a/arp

# or with yarn
$ yarn add @opena2a/arp

# or with pnpm
$ pnpm add @opena2a/arp
arp.config.yaml
monitors:
  - process:
      interval: 500
  - network:
      interval: 1000
  - filesystem:
      paths: [./data, ./config]

interceptors:
  - http
  - prompt
  - mcp
  - a2a

patterns: all
action: block
115
Tests
20
Threat patterns
8
MITRE techniques
4
Detection layers

Protect your agents at runtime

npm install @opena2a/arp
GitHubnpm