> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runlayer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AgentGuard

> Session-level behavior monitoring that detects manipulation across an agent's full trajectory

AgentGuard is Runlayer's purpose-built ML model for agent reasoning security. Where per-call tool scanners look at one input or output at a time, AgentGuard watches the agent's trajectory across a session and detects when behavior diverges from the user's intent.

AgentGuard surfaces inside [Sessions](/platform-sessions) on each agent turn.

## What AgentGuard detects

AgentGuard is built to catch agentic attacks that per-call scanners miss:

* **Output-steering injection** — a tool output contains hidden instructions that redirect the agent
* **Sudden reasoning pivots** — the agent's reasoning abruptly changes direction with no basis in the conversation
* **Slow-chain drift** — gradual, step-by-step divergence from the original task

It distinguishes legitimate behavior changes from genuine misalignment. A high-privilege operation that matches user intent is allowed; an agent autonomously taking the same action outside the requested task is not.

## Configuration

AgentGuard is configured under **Settings → Security Scanners → Session scanning**.

### Agent monitoring

The main toggle for AgentGuard.

| Action | Behavior                                                                 |
| ------ | ------------------------------------------------------------------------ |
| Allow  | Disable agent monitoring                                                 |
| Alert  | Record detected threats; tool calls continue                             |
| Block  | Block all subsequent tool calls in the session when a threat is detected |

### End session when any scanner blocks

A session-wide kill switch. When any per-call scanner returns BLOCK on a tool call, the rest of the agent session is also blocked.

| Action | Behavior                                   |
| ------ | ------------------------------------------ |
| Allow  | A blocked tool call blocks only that call  |
| Block  | A blocked tool call ends the agent session |

<Note>
  AgentGuard is configured globally. Per-connector overrides apply to catalog and per-call tool scanners, not to AgentGuard.
</Note>

## Rollout guidance

1. Start in **Alert** so you can see what AgentGuard would do without affecting agents in production.
2. Review Alerted sessions in [Sessions](/platform-sessions) and confirm the verdicts match your security policy.
3. Move **Agent monitoring** to **Block** for high-risk teams or agents first.
4. Enable **End session when any scanner blocks** once your per-call scanner tuning is stable.

## Requirements

* Sessions enabled for the workspace (Settings → General → Full session scanning)
* A deployment with ToolGuard capabilities

If AgentGuard options do not appear in Security Scanners, confirm both above.

## Related docs

<CardGroup cols={2}>
  <Card title="ToolGuard Models" icon="brain" href="/runlayer-toolguard">
    Per-call tool scanners and configuration
  </Card>

  <Card title="Sessions" icon="clock" href="/platform-sessions">
    Where AgentGuard verdicts appear in the agent timeline
  </Card>

  <Card title="Policies" icon="lock" href="/platform-policies">
    Restrict tools using access policies
  </Card>
</CardGroup>
