Block prompt injection before your AI agent reads it.
Sunglasses is a fast, local input filter for AI agents. It catches poisoned prompts, MCP/tool metadata, and malicious agent instructions before they reach the model or your CI workflow.
0.26ms · 0 cloud calls
Your agent trusts what it reads
Agents are attacked through what they read, not their code. Every attack class below is defined and backed by tested detection patterns.
Full reference: Encyclopedia · 1089 patterns · MCP Attack Atlas
One boundary. Three stages. 0.26ms.
Everything an agent reads passes through the same filter before any of it becomes model context.
Python API
One import, one call, one verdict object. Integrates with LangChain, CrewAI, and Claude Code MCP workflows, or your own loop.
Runs in CI
Insert it in your pipeline · scan repos, PRs, and vendored tool metadata before they reach an agent.
MCP-aware
Scans MCP tool metadata, docstrings, and server responses · the surfaces the Attack Atlas documents.
We publish what we don't catch, too
Every published claim is fact-checked by a multi-agent audit. Patterns cite a live external reference or an internal fixture corpus, never uncited effectiveness numbers. When something is a hypothesis, we label it. No benchmark theater.
Real numbers, honest limits
100% recall on our internal 64/64 adversarial corpus, stated as exactly that, not a universal claim. False positives measured 86 → 0 on a real-code corpus (fixed in v0.2.64); a zero-FP gate now runs in CI on every release.
Same problem. Different philosophy. Better together.
Lakera Guard, NeMo Guardrails, LLM Guard, and Azure Prompt Shields are real tools doing real work. We're not here to replace them. We're the free, local foundation layer they don't offer. We're not competitors. We're Layer 1. Sunglasses catches known attacks instantly and locally; cloud tools catch the novel stuff. Stack them together for full coverage, and every attack caught locally is one less API call to their servers. Everyone wins.
| Capability | Lakera Guard | NeMo Guardrails | LLM Guard | Sunglasses |
|---|---|---|---|---|
| Text scanning | Yes | Yes | Yes | Yes |
| Image scanning | Pro+ tier | Vision models | No | Yes (OCR + EXIF) |
| Audio scanning | Yes | No | No | Yes (Whisper) |
| Video scanning | No | No | No | Yes (subs + audio) |
| PDF hidden layers | Yes | No | No | Yes |
| QR codes | No | No | No | Yes |
| 100% local execution | Cloud API | Local option | Local | Always local |
| Works offline / air-gapped | No | Needs LLM API | Needs models | Yes, zero cloud |
| No LLM required | LLM-based | LLM-based | ML models | Pattern-based |
| Cost | Free → Paid | Free (Apache) | Free (MIT) | Free (MIT) |
We built Sunglasses to work with cloud security, not against it.
Already running cloud guardrails? Sunglasses is the local first pass that sits in front of them so nothing reaches your model or a paid API without being checked first.
Everything, defined and tested.
Open research on every attack class, mapped to the exact detection rules the scanner runs. All public.
Frequently asked questions
Put sunglasses on your agent
One pip install between your agent and everything it reads. Free, local, and honest about what it catches.