AgentX coverage

We stop 23 of the 32. Here are the 9 we do not fully stop.

The ARE Incident Database is a public registry of 32 catastrophic agent failures that actually happened, each one cited and indexed onto the OWASP Agentic Security Top 10. This page is our claim against it, and every claim on it ships a check you can run.

Most vendors tell you what they block. Almost nobody tells you what they miss, because a list of misses is a list a competitor can quote. Ours is below.

23
Blocked deterministically
2
Partially covered
7
Not ours, named
11
With a runnable check

Category by category.

AgentX stops 6 of the 10 OWASP ASI categories at the action layer. The other 4 are named here, with what is missing and who owns it instead. A security engineer who catches you overclaiming once will never believe the rest of it, so we would rather hand you the list ourselves.

ASI01Goal hijack
CoveredThe injected goal still has to take an action. That action is denied.
ASI02Tool misuse
CoveredThe dominant class in the registry. Denied at the call.
ASI03Identity and privilege abuse
CoveredCredential reads and scope escalation are denied.
ASI04Supply chain
CoveredInstalling a package the registry reports as malicious is routed to a human.
ASI05Unexpected code execution
CoveredA download piped into a shell is denied.
ASI06Memory and context poisoning
PartialThe carrier is scrubbed. The semantics are not judged.
ASI07Insecure inter-agent comms
Not oursStructural. It belongs to the transport, not to an action firewall.
ASI08Cascading failures
CoveredBudget ceilings and the loop breaker stop the cascade.
ASI09Human-agent trust
Not oursA design and disclosure problem, not an interceptable action.
ASI10Rogue agents
PartialThe actions are stopped. The behavior is not diagnosed.

Do not trust it. Run it.

11 of the covered entries ship a check you can copy off this page and execute. No key, no gateway, no account, and nothing leaves your machine. This is the Replit production wipe, from the registry, against the free package:

pip install agentx-security-sdk
from agentx_sdk import agentx_protect, is_block

@agentx_protect(agent_id="aredb-check", action="db_write")
def run_sql(query: str):
    return "EXECUTED"          # the agent never gets here

result = run_sql("DROP TABLE users;")
print(is_block(result))        # True
print(result)                  # the block, and the safe path to take instead

We do not take our own word for it either. A test in the registry repo scrapes the snippet out of every published entry and runs it against a real install, asserting that the block fires and that the tool body never executed. It runs on every push. If a claim stops being true, the entry gets reclassified, not reworded. Read the test.

The registry is not ours to grade.

AREDB is maintained by AgentX Core and it is deliberately not an AgentX marketing surface. It carries no install line, no product nav, and a coverage index any vendor may join on the same terms we hold ourselves to here. If you build in this space, claim your coverage.