New Open-Source Tool Reveals 76% of AI Agent Tool Calls Lack Security Guards
Key Takeaways
- ▸Survey of 16 open-source AI agent repos reveals 76% of tool calls lacked any security guards or checks
- ▸diplomat-agent performs fast static AST scanning (2-3 seconds on 1,000-file repos) to identify unprotected function calls with side effects
- ▸Tool integrates across development workflows: CI/CD pipelines, IDEs, VS Code, and GitHub Code Scanning via SARIF format
Summary
A new open-source governance scanning tool called diplomat-agent has exposed a critical security gap in AI agent development: 76% of tool calls across 16 surveyed open-source agent repositories have zero security checks or guards. The tool performs static AST analysis to identify dangerous unprotected function calls—those that write to databases, send emails, charge cards, or delete data—in seconds with zero dependencies.
The research scanned major open-source agent frameworks including Skyvern (76% unguarded), Dify (75%), PraisonAI (89%), and CrewAI (78%), cataloging over 40 patterns of protection gaps across 8 categories. Unlike traditional web applications where UI validation and human clicks provide safety layers, AI agents make autonomous function calls based on LLM decisions, creating a direct pathway from hallucinated or prompt-injected arguments to real-world consequences without intervening safeguards.
diplom-agent supports multiple integration points: CI/CD pipeline blocking via GitHub Actions, IDE analysis, VS Code's native Problems panel through SARIF format, and GitHub Code Scanning. It can also generate a Behavioral SBOM—a toolcalls.yaml file documenting what an agent can do, similar to requirements.txt but for capabilities. Complementing this scanner, diplomat-gate provides runtime enforcement using 15+ pre-built policies (payment limits, rate limiting, confirmation steps) with sub-millisecond latency.
- Complementary diplomat-gate tool provides runtime protection with 15+ pre-built policies and sub-1ms policy evaluation
- Finding highlights critical gap in agent governance compared to traditional web applications, where UI and session controls provide intermediate safeguards
Editorial Opinion
This research fills an important blind spot in the AI agent ecosystem. As LLM-driven agents move from research projects to production deployments, the absence of security-first guardrails for tool calls represents a significant risk surface. diplomat-agent's lightweight scanning approach and multiple integration points (CI, IDE, SBOM generation) lower the friction for adoption, making this a potentially important standard for agent development pipelines.
