New Tool 'Sage' Puts a Security Layer on AI Agents
A new open-source tool called Sage provides an auditable policy layer between AI agents and the operating system. It's designed to mitigate the risk of agents 'escaping' their sandbox or executing dangerous shell commands, a growing concern for developers building agentic automation for infrastructure or CI/CD pipelines.
Developed by Gen Digital, the company behind brands like Norton and Avast, Sage is pitched as the first implementation of a new security category called Agent Detection & Response (ADR). This mirrors the evolution of Endpoint Detection & Response (EDR), which became a standard for protecting servers and laptops. Sage is designed to be the essential security layer for the emerging AI agent workforce. Sage operates by integrating directly into the agent's workflow, using the native hook systems of platforms like Claude Code, Cursor/VS Code, and OpenClaw. It intercepts actions right before they execute, checking shell commands, URL fetches, file writes, and package installations. Each action is then passed through multiple detection layers, including cloud-based URL reputation checks and local heuristics using YAML-based threat definitions. The tool ships with over 200 detection rules designed to catch specific threats like command injection, credential exposure, and persistence mechanisms. It also performs supply-chain checks on npm and PyPI packages to identify issues like typosquatting or suspiciously new packages, a technique threat actors use to trick agents that "hallucinate" incorrect package names. Sage is a core component of the broader Gen Agent Trust Hub, a platform designed to secure AI agents throughout their entire lifecycle. This ecosystem includes tools like an AI Skills Scanner that vets agent extensions before installation. Sage handles the runtime protection, enforcing safety locally on the user's machine once the agent is active. For privacy, most analysis happens on the local machine; file content, source code, and commands are not uploaded. Only hashes of URLs and packages are sent to Gen Digital's reputation APIs for verification, and these cloud-based checks can be disabled for fully offline operation. The open-source nature of Sage is a deliberate choice to encourage community collaboration in defining safety standards for AI agents, an area where no established playbook currently exists. Research from Gen Threat Labs underpinning the tool's release identified over 18,000 OpenClaw instances exposed to the internet, with nearly 15% of analyzed "skills" containing malicious instructions.
