Product

AgentGuardian Open Source vs AgentGuardian Enterprise.

2026-06-01 · 6 min read

AgentGuardian ships in two editions. The same red-teaming engine powers both. The difference is what wraps around it.

AgentGuardian Open Source is the red-teaming toolkit. AgentGuardian Enterprise is the full governance platform.

AgentGuardian Open Source

Apache-2.0. Pip-install. Built for developers, security engineers, and AI platform teams who want to test individual agents locally or in CI/CD.

pip install agent-guardian
agent-guardian scan ./my_agent.py
agent-guardian serve   # local dashboard

What's in the box:

  • Eleven specialist adversarial agents — recon, goal-hijack, tool-abuse, privilege, supply-chain, code-exec, memory-poison, A2A, cascade, trust-exploit, drift.
  • Full OWASP Agentic Top 10 (ASI01–10) probe library mapped to MITRE ATLAS and CSA Agentic RT.
  • AIVSS v0.5 scoring — single 0–100 number plus per-category sub-scores.
  • Local single-page UI for scan results.
  • Reports: PDF, HTML, JSON, SARIF, Markdown.
  • CI/CD gate via --fail-under (exit non-zero on AIVSS regression).
  • Adapters for LangChain, LangGraph, CrewAI, OpenAI Agents SDK, AutoGen, MCP servers, custom REST endpoints.

What it isn't

Open Source is red teaming. It is intentionally not a runtime guardrail, not an inventory system, not an audit workflow:

  • No enterprise discovery — it tests one agent at a time, against a target you point it at.
  • No runtime policy enforcement — it doesn't sit in the gateway.
  • No monitoring or drift detection across the estate.
  • No centralised dashboard, SSO, RBAC, or audit log.
  • No signed enterprise evidence packs.
  • No customer-resident deployment or commercial SLA.

AgentGuardian Enterprise

The full AI agent governance platform. AWS-native — built on AWS Bedrock AgentCore — for organisations governing agents across teams, business units, environments, and regulated workflows.

Adds on top of the open-source engine:

  • Agent discovery across cloud, SaaS, MCP servers, internal platforms, custom apps — including shadow agents via frontier-API egress detection.
  • Shadow agent inventory with owner mapping and tier classification.
  • Continuous scheduled assessments — same engine, but driven by the platform, not the developer.
  • Cedar 4.5 runtime policy enforcement at the AgentCore Gateway — ≤10ms p99, shadow → canary → enforce promotion.
  • Monitoring and drift detection — model upgrades, tool changes, token-spend anomalies, threat-intel correlation.
  • Governance workflows — findings, exceptions, approvals, remediation status, review cycles.
  • Signed evidence packs — PDF/A-3 + JSON, ECDSA-P384, RFC 3161 timestamp, PAdES-LTA, hash-chain anchored, 7-year S3 Object Lock.
  • Eight regulator-mapped packs — MAS, APRA, RBI, OJK, BNM, BSP, EU AI Act, NIST AI RMF, ISO 42001.
  • Enterprise identity — SAML SSO, SCIM, RBAC, MFA, audit log.
  • Customer-resident data plane installed via CloudFormation StackSet — your prompts, tool calls, logs, and evidence stay in your AWS account.
  • AWS Marketplace SaaS Contract billing — Standard / Professional / Enterprise.
  • Commercial support with SLA.

When to use which

The two editions are deliberately complementary. The most common adoption path:

  • Week 1 — Developers and security engineers install Open Source. They red-team a couple of high-risk agents and wire AgentGuardian into the CI/CD gate. Findings start surfacing immediately; cost is zero.
  • Month 1 — The findings pile up faster than the team can triage one agent at a time. The AI platform or security team starts asking: how many agents are there, actually? Discovery moves into the picture.
  • Month 2–3 — A regulator interaction (MAS, APRA, internal audit) raises the question of evidence. Open Source produces local reports; Enterprise produces signed packs clause-mapped to the framework. The conversation shifts to Enterprise.

The same engine, on both sides

The key design choice: it's the same attack engine. Same eleven specialist agents. Same AIVSS scoring. Same probe library mapped to OWASP ASI01–10 + MITRE ATLAS + CSA Agentic RT. That's deliberate. The methodology has to be inspectable — and it is, on GitHub under Apache 2.0. Enterprise adds the discovery, runtime enforcement, evidence, and audit workflow around it.

What developers see locally is what the security team sees in the platform. That removes the usual gap between "the build pipeline says we're fine" and "the governance team has no idea what was tested."

Pick one

If you are a developer or security engineer, you should be running Open Source today. pip install agent-guardian, scan an agent, take the AIVSS number to your team.

If you are a CISO, head of risk, or AI platform lead, you should be asking how you'd produce an evidence pack the regulator could verify. That's the Enterprise conversation.

Keep reading

More from the blog.

AI Agent Governance

What is AI agent governance.

AI agents need a governance model beyond traditional AI policies — discovery, testing, control, monitoring, and evidence. Here's why, and what a working operating model looks like.

Red Teaming

Red teaming AI agents: what developers need to test before production.

Direct and indirect prompt injection, tool abuse, RAG poisoning, memory poisoning, agent-to-agent compromise, data leakage, and CI/CD red-team checks — a pre-production red-team checklist.

Runtime Policy

Why runtime policy matters for AI agents.

Agents act in production. Testing alone is not enough. Why runtime policy is the layer that lets you ship agents responsibly — and what a good PDP looks like.

Want to test your own agent?

Run AgentGuardian Open Source locally in minutes, or book a demo to see the enterprise governance platform.

Try Open SourceBook a Demo