Adrian catches them at runtime, by watching what the agent actually does (its actions and its reasoning) and stepping in before it acts. Open source, free forever.
+35% detection accuracy · 4x more nuanced attacks caught vs behaviour-only monitoring (OpenAI & DeepMind research)
⭐ If you think agents need a runtime security layer, star the repo. It is how new people find Adrian, and how we know to keep building it in the open.
Adrian is an open-source, AARM-aligned runtime security monitoring and control engine for AI agents. It analyses both agent activity logs (tool calls, actions, outputs) and reasoning traces to detect malicious, misaligned, or out-of-remit behaviour, and optionally intervene in-flight. SDKs are available for Python (LangChain) and TypeScript (see sdk/typescript/README.md).
Documentation • Dashboard • Discord • LinkedIn
▶️ See it in action: Adrian catches an agent going out-of-remit in real time and steps in before the action lands.
Adrian_Demo.mp4
New to Adrian? Check out the Launch Video.
Most agent monitoring stops at activity logs: APIs, MCP, DB interactions, tool calls, etc. Adrian enhances this by also analysing the agent's reasoning: understanding why it took an action, under what context, and what it is planning on doing next. Combining behaviour and reasoning analysis like this is exactly what the OpenAI and DeepMind research found catches far more, and Adrian is the first tool to put it into a deployable security control, free forever.
What it catches:
- Prompt injection and jailbreaks, direct and indirect
- Tool poisoning and unsafe or off-policy tool calls
- Data exfiltration and secret / credential leakage
- Privilege escalation and out-of-remit actions
Classifiers trained on prompt-injection datasets only catch what they have seen before. Adrian works differently: it holds a working understanding of what your agent is meant to do and judges each new action against that, correlated across the whole session. So when your e-commerce agent starts resetting user passwords, something no training set would flag, Adrian catches it.
Want the stupidly simple, 60-second hands-off install? Feed your coding agent (Claude, Codex, Cursor, etc.) this file: GET_STARTED_AI_GUIDE.md. It will walk you through the installation process (video guide here). Always review instructions manually.
The next fastest way to try Adrian is the managed dashboard at app.adrian.secureagentics.ai. Sign-up takes a minute and there is nothing to install beyond the SDK. To run Adrian on your own infrastructure instead, jump to Self-hosting below.
-
Sign up at app.adrian.secureagentics.ai and generate an API key.
-
Configure Adrian for your agent and your preferences (remit of your agent, audit vs block mode, alerting channels, accepted behaviours vs known-risks).
-
Install the SDK:
pip install adrian-sdk
-
Install LangChain and the provider for your agent's model (the SDK auto-instruments LangChain / LangGraph; pick whichever provider matches your model):
pip install langchain langchain-openai # or langchain-anthropic, etc. # or, in a uv project: uv add langchain langchain-openai
langchainpullslanggraphin, so this covers bothcreate_agentandcreate_react_agent. Last verified 2026-06-24 withlangchain==1.3.9,langgraph==1.2.5,langchain-core==1.4.7,langchain-openai==1.3.2. Supported:langchain/langgraph/langchain-openai>=1.0,<2.0,langchain-core>=1.2.19,<2.0. -
Wrap your LangChain agent. Two lines of Adrian (
init+shutdown) bracket your normal LangChain / LangGraph code:import asyncio import adrian from langchain_openai import ChatOpenAI async def main(): adrian.init(api_key="adr_live_...") llm = ChatOpenAI(model="gpt-4o") response = await llm.ainvoke( "Find the most underpriced recent IPOs and build an investment strategy", ) print(response.content) adrian.shutdown() asyncio.run(main())
Full runnable version (with env-var checks) at
examples/python/quickstart.py. More complex examples using agents are inexamples/python/. -
Run your agent. Events appear in the dashboard within seconds, classified by severity.
Full guide: Quickstart.
Adrian supports entirely offline, data sovereign deployments using just a handful of docker commands. This repository ships everything needed to run the entire Adrian stack on a single host: the Go backend (WebSocket + dashboard API + AI engine), the Next.js dashboard, the Python SDK, and a Llama.cpp container that serves a local Gemma model. No managed cloud, no telemetry leaving the box.
Hardware support: Tested on NVIDIA GPUs with Gemma 4 (E2B / E4B) which is the model the bootstrap picker downloads by default. CPU-only is technically possible but will be slow on real workloads with those sized models.
- A host with Docker + Docker Compose v2.
- An NVIDIA GPU with recent CUDA driver and the NVIDIA Container Toolkit installed (for the bundled Llama.cpp classifier). ~10 GB free disk for the model.
-
Clone:
git clone https://github.com/secureagentics/Adrian cd Adrian -
Run bootstrap. Creates
data/adrian.db, applies migrations, generates a random admin password, and writes.env. With no--ggufflag, the bootstrap interactively offers to download the recommended on-device classifier (Gemma 4 E4B, ~5 GB, or E2B ~3 GB) into./models/.# Default: interactive picker downloads Gemma 4 E4B / E2B docker compose --profile setup run --rm setup bootstrap # Already have a GGUF under ./models/? Pass it by name docker compose --profile setup run --rm setup bootstrap \ --gguf my-model.gguf
-
Start the stack.
docker compose --profile llm up -d
-
Open the dashboard. Browse to
http://localhost:3000. Sign in withadmin@localhostplus the password the bootstrap printed; you'll be prompted to set a new one. Create an SDK API key and configure Adrian to monitor your specific agent from Settings → Agents → New key. -
Wrap your agent. The SDK lives in-tree under
sdk/. Install it into a fresh.venvvia the bundled Make target (uses uv):make sdk-install source .venv/bin/activateInstall LangChain and the provider for your agent's model into the same venv:
uv pip install "langchain>=1.0,<2.0" "langchain-openai>=1.0,<2.0" # swap langchain-openai for your model's provider
langchainpullslanggraphin, so this covers bothcreate_agentandcreate_react_agent. Last verified 2026-06-24 withlangchain==1.3.9,langgraph==1.2.5,langchain-core==1.4.7,langchain-openai==1.3.2.Use the same
adrian.initsnippet as in the Quickstart above. The SDK defaults tows://localhost:8080/ws, so a self-hosted setup needs nothing more than the API key - drop thews_url=line.
To reset the admin password, change the model and much more check out the dedicated Docs site.
flowchart TD
Agent[Agent runtime] --> SDK[Adrian SDK]
SDK --> Backend[Adrian backend]
Backend --> Classifier[Classifier model]
Classifier --> Verdict{Verdict}
Verdict --> Control[Control plane]
Verdict -.->|"Alert /<br>Human Review /<br>Block"| Agent
| Supported | On roadmap | |
|---|---|---|
| Frameworks |
|
|
| Alerting |
|
|
Full list: Integrations. Want Claude Code the day it lands? ⭐ the repo or join Discord.
⭐ Star the repo if Adrian is useful. Then see CONTRIBUTING.md for the full guide. In short: sign the CLA, branch off main, follow the PR template, and use British English / no em-dashes in prose.
See CONTRIBUTORS.md for the list of people who have shaped Adrian, and how to add yourself.
Adrian is released under the Apache 2.0 licence. New source files should carry the SPDX header from LICENSE_HEADER.txt.