Frontier model deployments increasingly include autonomous agents. Discovery alone isn't enough — agents can escalate. Gating alone isn't enough — you need to know what to gate on.
ARX brings agentic-radar, agentfence, and ai-scanner together into a three-tier security stack: detect agent vulnerabilities, enforce runtime boundaries, normalize findings into unified governance. Each tool covers one phase of the agent's lifecycle. Together, they form a closed loop.
Agentic-Radar's Detection Layer
Agentic-radar (MIT) is the discovery phase. It scans agent code and runtime for authorization leaks, privilege escalations, and unintended tool access patterns. Agentic-radar fingerprints what your agent is allowed to do (its declared tools, resource budgets, credential scope) and what it might be tricked into doing (prompt injection vectors, tool chaining exploits, permission boundary bypasses).
In ARX's stack, agentic-radar establishes the threat model: here's how this agent could go rogue. The output is a list of vulnerabilities, each tied to a specific code path or runtime behavior. Nothing is enforced yet — just discovered.
Agentfence as Runtime Firewall
Agentfence is the runtime enforcement layer. It observes agent execution and gates decisions: the agent wants to call a database API — does the tool access policy allow it? The agent wants to read a file — does the file path match allowed patterns? Agentfence doesn't prevent all escalations (that's not possible); it enforces boundaries and logs violations.
In ARX, agentfence gates run at every agent decision point, with escalations triggered for policy violations. No agent execution can exceed agentfence's policy boundaries. When boundaries are violated, the violation is captured as a finding — not just blocked silently.
AI-Scanner's Normalization
AI-Scanner normalizes agent-specific findings into ARX's unified vulnerability model. Agentic-radar surfaces "unintended tool chaining vulnerability"; ai-scanner maps it to severity MEDIUM, category "agent_privilege_escalation". Agentfence logs a denied tool call; ai-scanner correlates it with the agentic-radar finding and raises severity to HIGH if the agent keeps probing.
Findings flow through ai-scanner into ARX policies: no alert goes to governance until it's normalized and deduplicated. This matters because raw findings from agentic-radar and agentfence speak different vocabularies — ai-scanner translates both into the same language.
How They Work Together
ARX's agent security stack closes the loop in three phases:
Agentic-radar fingerprints the agent's declared capabilities and attack surface.
Agentfence enforces runtime constraints, rejecting and logging escalation attempts.
AI-scanner normalizes both proactive findings (from radar) and reactive events (from agentfence) into ARX policies.
When agentic-radar finds "agent can chain tool A to tool B," and agentfence later logs "agent attempted tool chaining," and ai-scanner correlates them with 95% confidence, ARX flags it as a validated agent privilege escalation and routes it for human approval. No tool tells the full story; together they close the feedback loop.
Why Layering Matters
Agentic-radar alone finds vulns but can't prevent agent escalations at runtime. Agentfence alone gates but has no way to prioritize which gates matter most — without agentic-radar fingerprinting, it's just binary allow/deny. AI-scanner alone normalizes but lacks context — severity scoring without agentic-radar findings is blind.
The three layers together create defense-in-depth:
Detection: What could go wrong with this agent?
Runtime gating: Stop the agent from doing the wrong thing.
Normalization: Learn from both discovered and stopped escalations.
Status Today
Pentagi (our autonomous pentest agent) ships today in ARX. Agentic-radar and agentfence are currently marked "deferred" — available on customer request, not in default deployments. We don't speculatively add tools to ARX; we wire them in when engagements require them.
Email mershard@arxsec.io to discuss your autonomous agent security requirements. If you're running agents and need discovery + gating + normalization, we'll provision agentic-radar and agentfence under ARX governance within 24 hours.
Getting Started
Organizations running agentic-radar, agentfence, or pentagi get a free ARX seat. ARX wraps all three in governance gates: signed authorization artifacts (no unattended runs), immutable audit trails, and unified policies. Email mershard@arxsec.io to scope your agent security requirements.
— Mershard J.B. Frierson, Founder · ARX · mershard@arxsec.io · 945-372-8711