Agentegrity is the AI agent security framework developed by Cogensec for measuring the structural integrity of autonomous AI agents. It scores agent integrity across four dimensions — Adversarial Resistance (AR), Behavioral Consistency (BC), Recovery Integrity (RI), and Cross-domain Portability (CP) — to quantify how safely an agent behaves under adversarial and out-of-distribution conditions.
Agentegrity is an AI agent security framework developed by Cogensec that measures the structural integrity of autonomous AI agents. It quantifies agent integrity across four dimensions: Adversarial Resistance (AR), Behavioral Consistency (BC), Recovery Integrity (RI), and Cross-domain Portability (CP).
An AI agent security framework is a structured methodology for measuring, verifying, and improving the security posture of autonomous AI agents. Agentegrity is the first framework to score agents on endogenous (built-in) integrity rather than relying solely on external guardrails.
Agent integrity is measured using the Agentegrity score: a weighted composite of Adversarial Resistance (40%), Behavioral Consistency (25%), Recovery Integrity (15%), and Cross-domain Portability (20%). Each dimension is evaluated through standardized red-team tests and behavioral probes.
Endogenous security means safety and integrity properties live inside the agent itself — in its training, weights, and decision policies — rather than being bolted on as external filters or guardrails. Agentegrity is the discipline of building structurally sound agents from the inside out.
Guardrails are external filters that wrap an AI system at runtime. Agentegrity measures and improves the agent's own structural integrity so it remains safe even when guardrails fail, are bypassed, or are removed entirely. The two approaches are complementary: guardrails are reactive, Agentegrity is foundational.
Agentegrity was developed by the Cogensec Security Research Lab as a public framework for measuring and certifying the integrity of autonomous AI agents across digital and physical domains.
Security that lives inside the agent — not around it. Measure, verify, and guarantee the integrity of AI systems across every domain.
Why structural integrity must live inside the agent — not around it.
Agentegrity is a measurement and verification library — not a guardrail. Drop it into your existing stack with zero config.
pip install "agentegrity[claude]"from claude_agent_sdk import ClaudeSDKClient, ClaudeAgentOptions
from agentegrity.claude import hooks, report
async with ClaudeSDKClient(options=ClaudeAgentOptions(hooks=hooks())) as sdk:
await sdk.query("Summarize the latest LLM safety papers")
print(report())Runs locally. Never phones home to Cogensec or anyone else.
Produces evidence and signed attestations. Your governance policy decides what to do with them.
11 official adapters across Python and TypeScript. Custom adapters via the SessionExporter interface.
Three architectural layers that make security an endogenous property of the agent, not an external dependency.
Continuous red-team testing embedded directly into the agent's reasoning pipeline, detecting prompt injection and manipulation in real time.
Learn moreDeep behavioral anchors that maintain agent identity and value alignment across context shifts, tool use, and multi-turn conversations.
Learn moreStructural compliance verification and recovery mechanisms that operate without external monitoring dependencies.
Learn moreGuardrails, input/output filters, and boundary monitoring. Observes API patterns, enforces rate limits, and filters content at the perimeter.
Cortical models and embedded defenses. Monitors the agent's own reasoning, detecting drift and corruption at the source.
Certain attack classes — particularly those exploiting internal reasoning — are invisible to boundary-only monitoring. Endogenous defenses are the necessary complement.
Every autonomous agent operates in a continuous Perception → Decision → Action cycle. The framework maps where attacks enter and where defenses must operate.
Sensor input, API responses. Entry point for injection and poisoning.
Reasoning and planning. Target of memory corruption and value drift.
Tool calls, physical actuation. Source of cross-stage feedback attacks.
The most dangerous class: an adversary poisons tool outputs (Action) which feed back into Perception, corrupting subsequent Decision cycles. These are invisible to exogenous monitors.
Resilience against prompt injection, jailbreaks, and manipulation attempts.
Stability of agent behavior across diverse contexts and adversarial conditions.
Speed and completeness of return to baseline after perturbation.
Security property retention when agents move between digital and physical domains.
Adversarial resistance carries the highest weight — but all dimensions matter. Weights are configurable per deployment context.
A=0.35·AR+0.25·BC+0.20·RI+0.20·CP
Default weights. Physical AI deployments may increase CP weight.
Agent demonstrates robust endogenous defenses across all four dimensions. Suitable for high-stakes autonomous deployment.
Strong endogenous security with minor gaps. Minimal exogenous monitoring recommended.
Adequate baseline security. Exogenous guardrails should supplement endogenous defenses.
Significant security gaps. Heavy guardrail dependency required for safe operation.
Critically weak endogenous properties. Not recommended for autonomous operation.
No meaningful endogenous security. Entirely reliant on external defenses.
Agentegrity extends beyond digital agents. When AI drives robotic systems, autonomous vehicles, or drones, three novel threat classes emerge.
Adversarial prompts that cross the digital-physical boundary, causing embodied agents to take harmful real-world actions through manipulated reasoning.
Direct manipulation of an agent's physical actuators — motors, grippers, valves — bypassing its decision-making pipeline entirely.
Exploiting the gap between simulated training environments and real-world deployment to inject vulnerabilities during model transfer.
When agents collaborate, a single compromise can cascade. System-level Agentegrity measures containment and trust boundary preservation.
Fraction of agents uncompromised when one is breached. Higher CR = better containment.
Whether trust degrades gracefully — or collapses entirely — when agents are compromised.
Read the founding manifesto or explore the full research framework behind the Agentegrity Score.