Oktsec is runtime security monitoring for AI agents. It monitors both MCP tool calls and CLI operations in real-time, scanning every interaction against 217 detection rules across 16 categories. Powered by Aguara v0.9.1 with context-aware scanning and Aho-Corasick pattern matching (less than 1% false positive rate). Features include delegation chains, scan profiles, session traces with AI analysis, per-tool egress policies, and an OpenClaw native plugin. Every tool call is logged to a tamper-evident audit trail with SHA-256 hash chain and Ed25519 signatures. Deterministic core with optional LLM verdict escalation. Open source, self-hosted.

How does Oktsec monitor both MCP and CLI?

Oktsec monitors MCP tool calls through its Gateway (a security proxy that sits in front of any MCP server) and CLI operations through hooks (intercepting Read, Write, Bash, Edit, Grep, Glob, Agent, WebFetch, WebSearch, and more). Both channels are monitored simultaneously, with every tool call intercepted before execution (can block) and after (audits the result).

How do I get started with Oktsec?

Run 'oktsec run'. One command auto-discovers your MCP servers across 17 clients, generates secure config, connects Claude Code via hooks and gateway, and starts the monitoring dashboard. From zero to full visibility in 30 seconds.

Does Oktsec use AI or LLMs?

The core pipeline is deterministic with zero LLM - 217 YAML detection rules, NLP classifiers, and taint tracking running at microsecond latency. Powered by Aguara v0.9.1 with context-aware scanning: the scanner accepts tool name context and drops false positives automatically, reducing the false positive rate from ~40% to less than 1%. Aho-Corasick pattern matching scans all rules in one pass. WASM build available. An optional async LLM layer provides two capabilities: verdict escalation (correlating events over time to escalate agent risk from clean to block, with auto-reversing TTL) and rule generation (auto-generating new detection rules requiring human approval). Budget controls and compatibility with any OpenAI-compatible provider.

What is the audit trail?

Every tool call produces an immutable audit entry: SHA-256 hash chain, Ed25519 proxy signatures, full forensic capability. Each entry captures timestamp, agent identity, tool called, arguments, content hash, pipeline verdict, rules triggered, scan latency, session ID, and delegation chain hash. Session traces reconstruct the full timeline of agent actions with reasoning capture (model chain-of-thought linked to each event). Export sessions to CSV, JSON, or SARIF 2.1.0. Verify chain integrity from the dashboard.

What threats does Oktsec detect?

217 detection rules across 16 categories: prompt injection, data exfiltration, credential leaks, supply chain attacks, command execution, MCP attacks, SSRF/cloud attacks, unicode/homoglyph attacks, tool call security, inter-agent protocol violations, NLP semantic attacks, and more. Covers 7 of 10 OWASP Top 10 for Agentic Applications (2026).

Is Oktsec open source?

Yes. Oktsec is open source and self-hosted. Go SDK and Python SDK available. Single binary, zero CGO, cross-platform.

See everything your
AI agents execute.

Real-time monitoring for every tool call. One command to start.

Install Now Star on GitHub

Open source. Self-hosted. No cloud required.

Events (24h)

2,847

Agents

Rules active

217

Pipeline

Healthy

Recent eventsLive

14:23:07agent-07Bash: git statusCLEAN0.8ms

14:23:05agent-03fetch_markdown: internal-api.com/docsCLEAN1.2ms

14:22:58agent-01Read: /etc/passwdFLAG0.4ms

14:22:51agent-05Write: config.yaml (AWS_SECRET)BLOCK0.6ms

14:22:44agent-02search_files: *.envFLAG0.9ms

Works with

Claude Code OpenClaw native NanoClaw Gemini CLI Cursor VS Code Windsurf Ollama+ more

The product

What you see in 30 seconds.

Every tool call logged. Every agent mapped. Every threat detected. The dashboard is the product.

Events

Every tool call, logged

Every Read, Write, Bash, API call, and MCP tool execution - captured before and after. Filter by agent, tool, verdict, or time range. 4 verdicts: clean, flag, quarantine, block.

Graph

Agent topology, mapped

See which agents communicate, what tools they use, and where the traffic flows. Identify hubs, producers, and consumers. Real-time threat scoring per agent.

Detection

Threats detected, resolved

217 detection rules catch prompt injection, data exfiltration, credential leaks, and 13 more categories. Aguara v0.9.1 with context-aware scanning drops false positives from ~40% to <1%. Aho-Corasick one-pass matching. Zero LLM in the core.

Sessions

Session inventory and AI analysis

Full session inventory with search and threat filtering. Click any session for AI-powered analysis: risk level, what happened, what to do, and human vs. agent interaction flow. Analysis persisted as audit evidence.

Egress

Per-tool egress policies

Restrict which endpoints each tool can reach. WebFetch gets Slack and GitHub, Bash gets zero egress. 16 built-in integration presets: Slack, GitHub, Telegram, Discord, Jira, Linear, Notion, Stripe, OpenAI, Anthropic, and more. Configure from the dashboard.

12 dashboard pages. Real-time via SSE. Events, Agents, Rules, Threat Intel, Graph, Audit, Sessions, Settings, Gateway, Discovery, Alerts, and more.

Quick start

Install

brew install oktsec/tap/oktsec
# or
go install github.com/oktsec/oktsec/cmd/oktsec@latest

Run

oktsec run
# Dashboard opens at
http://localhost:8080/dashboard

OpenClaw native plugin

openclaw plugins install @oktsec/openclawRuns inside OpenClaw natively

How it works

Every tool call. Intercepted before execution.

AI agents don't just use MCP. They execute shell commands, read files, and browse the web. Oktsec monitors both channels simultaneously. Every tool call is intercepted before execution and after.

MCP Gateway

fetch_readablefetch_jsonfetch_htmlfetch_markdownread_filewrite_filesearch_files+ any custom tool

CLI Hooks

HTTP endpoint (POST /hooks/event) intercepts tool calls before execution. Captures agent identity, delegation chains, and model reasoning.

ReadWriteBashEditGlobGrepWebFetchWebSearchAgent

Nobody else monitors both channels.

oktsec

$ oktsec run

oktsec v0.11.2

See everything your AI agents execute

Modeobserve

Agents6

Dashboardhttp://127.0.0.1:8080/dashboard

Access code48291057

Scanned 14 Threats 1 Blocked 1

LIVE FEED Filter: All agents

14:22:07 claude-code clean Bash 13ms

14:22:15 claude-code clean Read 11ms

14:23:02 claude-code clean Write 14ms

14:23:44 cursor flag Read 0.8ms

14:23:51 cursor BLOCK WebFetch 0.4ms

└─ CRED-003 credential exfiltration

Auto-discovers your MCP servers across 17 clients (Claude Desktop, Cursor, VS Code, Windsurf, and more).

Connects Claude Code via hooks and gateway. Wraps other clients via stdio. One process.

Dashboard in 30 seconds. Starts in observe mode. Ed25519 keys generated. Hot-reload via SIGHUP.

Trust

Every action logged. Nothing deleted.

SHA-256 hash chain. Ed25519 signatures. Full forensic capability. Export to CSV, JSON, or SARIF. EU AI Act enforcement begins August 2026.

217detection rules, zero LLM guessing

10stage pipeline, microsecond latency

7/10OWASP Agentic Top 10 coverage

41posture checks, A-F scoring

Every tool call produces an immutable audit entry. Delegation chains trace authorization from human to sub-agent. Ephemeral keys expire automatically per task. Session traces reconstruct the full timeline with reasoning capture. When your auditor asks "what did this agent do on Tuesday at 3pm?" you have the answer and the full chain of who authorized it.

"Finally someone monitoring MCP tool calls at runtime. We were writing custom wrappers for this. oktsec replaces all of that."
Security EngineerAI infrastructure team, Series B startup

"The dual-channel approach is what got my attention. Nobody else watches CLI hooks and MCP gateway together."
Staff EngineerPlatform security, fintech

"Installed it in under a minute. Had the dashboard running before my coffee was ready. The audit trail alone justifies it."
DevOps LeadEarly adopter, open source contributor

Pricing

Open source core.
Enterprise when you scale.

Everything you need to monitor your agents is free. Pay when you need fleet management, RBAC, and compliance packages.

Community

Free forever

Everything you need to monitor your agents.

Full 10-stage security pipeline

217 detection rules

MCP gateway + CLI hooks

12-page real-time dashboard

Immutable audit log

LLM verdict escalation + threat intel (BYOK)

Delegation chains (Ed25519 signed)

Ephemeral task-scoped keys

Session management + AI analysis

Per-tool egress policies (16 presets)

OpenClaw native plugin

Scan profiles (tool-scoped sensitivity)

Bubbletea terminal UI

Agent topology graph

Security posture scoring

SARIF export

Community support (GitHub)

Install Now

Team

Popular

For production teamsComing soon

Fleet-wide visibility with roles and escalation.

Everything in Community, plus:

Fleet management (multi-instance dashboard)

Team RBAC (roles + permissions)

Cross-agent analytics

Alert escalation (webhook + email)

Priority support (24h SLA)

Join Waitlist

Enterprise

Built for your orgLet's talk

Regulated industries and large-scale deployments.

Everything in Team, plus:

SSO / SAML integration

Custom detection rules

Dedicated onboarding

SLA guarantees

Compliance exports (SOC 2, ISO 27001)

Cross-platform. Open source today, enterprise-ready tomorrow.

57K+skills scanned Aguara Watch

217detection rules Aguara Engine

7registries monitored Aguara Watch

<1%false positive rate Context-aware scanning

Ship AI agents with confidence.

Open source and ready to install. One command. 30 seconds to first scan.

Install Now Book a Demo

Open source. Self-hosted. One command to start.

See everything yourAI agents execute.