Install

Install oktsec

AI agents execute shell commands, write files, and call APIs on your machine. You have no visibility into what they do. oktsec intercepts every tool call and scans it before execution.

217detection rules
17clients supported
<1%false positive rate
30sto first scan
$ brew install oktsec/tap/oktsec

View source on GitHub

Quickstart

Running in 3 steps

1
Install
brew install oktsec/tap/oktsec
2
Run
oktsec run

One command. Auto-discovers all MCP clients, generates config, creates Ed25519 keypairs, wraps MCP servers, connects Claude Code via hooks.

3
Open dashboard
http://127.0.0.1:8080/dashboard

Use the access code shown in your terminal.

What you see

After oktsec run

oktsec
oktsec v0.11.2
See everything your AI agents execute
Modeobserve
Agents6
Dashboardhttp://127.0.0.1:8080/dashboard
Access code48291057
Scanned 14 Threats 1 Blocked 1
LIVE FEED Filter: All agents
14:22:07 claude-code clean Bash 13ms
14:22:15 claude-code clean Read 11ms
14:23:02 claude-code clean Write 14ms
14:23:44 cursor flag Read 0.8ms
14:23:51 cursor BLOCK WebFetch 0.4ms
└─ CRED-003 credential exfiltration via WebFetch to external endpoint
47m2s | ↑↓ scroll, Space pause, Tab filter, Enter detail, Ctrl+C quit

First scan happens automatically when you use any AI tool. Events appear in real time.

Under the hood

What happens once it's running

Visibility

Know exactly what your agents did

Every Read, Write, Bash, and API call captured with full context. Before and after execution. Filter by agent, tool, or verdict.

Detection

Catch prompt injection before it executes

217 rules across 16 categories. Context-aware scanning drops false positives below 1%. No LLM required.

Compliance

Prove to your CISO that agents are monitored

SHA-256 hash chain with Ed25519 signatures. Immutable audit trail. SARIF export for compliance workflows.

Analysis

Understand a 2-hour session in 30 seconds

AI-powered session analysis: risk level, what happened, what to do. Human vs agent interaction timeline.

Auto-discovery

What oktsec finds on your machine

Claude Code
Claude Desktop
Cursor
VS Code
Windsurf
Gemini CLI
Amp
Cline
Zed
Copilot CLI
Amazon Q
Roo Code
Kilo Code
BoltAI
JetBrains
OpenCode
OpenClawnative plugin

Auto-discovers and connects. No configuration needed.

Modes

Start with observe. Enforce when ready.

default

Observe

Logs everything, blocks nothing. See what your agents do before changing anything.

oktsec run
enforce

Enforce

Blocks threats before execution. 217 rules, sub-millisecond verdict.

oktsec run --enforce

Or toggle from the dashboard at any time.

View source on GitHub|Book a demo|Read the research