How it works
Defenses
Attack Patterns MCP Attack Atlas What we catch Hardening manual OWASP LLM Top 10 MITRE ATLAS
Learn
Encyclopedia (new) Agent Security 101 Blog Reports CVP runs Thesis
Resources
Docs GitHub Action (live) vs Lakera vs Promptfoo Team
Theme
How It Works

A filter that sits ahead of your agent. Always ON.

The filter model
sunglasses://how-it-works
Always on

Sunglasses is a filter that sits ahead of your agent. Always ON. Every input your agent would read — emails, web pages, tool responses, RAG chunks, peer-agent messages — the filter scans first. If hostile, your agent never sees it.

Untrusted input Sunglasses filter Your agent
0.26ms
Avg Scan
1076
Patterns
65
Categories
23
Languages
17
Normalizations
MIT
License

Local. No cloud. No API key. No telemetry. Your agent talks to Sunglasses over local stdio or in-process Python calls.

Three decisions. Block, warn, or allow.

The filter runs on every untrusted input. Each scan returns exactly one decision.

BLOCK

Hostile content detected. The agent never acts on it. Your agent sees a safe error instead of the attack.

WARN

Suspicious but not conclusive. Flagged and logged, passed through with a warning. Useful for fuzzy matches.

ALLOW

Clean input. Agent proceeds as normal. No overhead, no friction, no false positive.

Wire it into YOUR stack

One filter. Many wiring options. Pick the page that matches the agent you use.

Claude Code · MCP

Claude Code / Claude Desktop

One command registers the local scan server. Then require a scan before Claude acts on untrusted files, web content, or tool output.

Wire it up →
AI IDEs · MCP

Cursor, Cline, Windsurf & Zed

One canonical MCP setup for the VS Code-family editors. Scan files, terminal output, and web fetches before the agent acts.

Wire it up →
Personal agent · MCP

OpenClaw

Register Sunglasses as a third-party MCP server, then scan channel messages, tool results, and handoffs before the runtime acts.

Wire it up →
Terminal · MCP

Warp terminal

Terminal output is a top attack surface. Route command results and repo files through the scan tool before the agent acts.

Wire it up →
Autonomous · Cron

Hermes-Agent

A pre-read guard for unattended cycles: scan inbox messages, web extracts, and file reads before the agent makes a plan.

Wire it up →
Framework · Scan tool

LangChain

The real SunglassesScanTool — scan retrieved docs, tool output, and user input at the boundary.

Wire it up →
Framework · Multi-agent

CrewAI

The real sunglasses_scan tool — scan handoffs and tool results before the next agent acts.

Wire it up →
Microsoft · Multi-agent

Microsoft AutoGen

Scan group-chat messages, task summaries, and forged approvals before they reach the next agent.

Wire it up →
OpenAI · Agents SDK

OpenAI Agents SDK

Guard Runner.run() input and tool output with a local SunglassesEngine scan.

Wire it up →
Custom · SDK / Engine

Custom Python agent

Drop engine.scan() in front of any LLM or tool call — the canonical route for any stack.

Wire it up →

Same filter underneath. Different wiring based on your stack.

See it work in 3 seconds

Install Sunglasses and run the built-in demo. 10 real attack scenarios get blocked with category + severity reported for each.

terminal
python3 -m venv sunglasses-env
source sunglasses-env/bin/activate
pip install sunglasses
sunglasses demo

Windows: replace source sunglasses-env/bin/activate with sunglasses-env\Scripts\activate.

FAQ

What is Sunglasses?+
A filter that sits ahead of your AI agent. Always ON. Every input your agent would read — emails, web pages, tool responses, RAG chunks, peer-agent messages — the filter scans first. If hostile, your agent never sees it. Open source, MIT licensed, runs locally.
How does Sunglasses work?+
Untrusted text passes through engine.scan() first. The scan returns one of three decisions — block, warn, or allow — based on 1089 patterns across 65 categories. Average scan time is 0.26ms.
What does Sunglasses detect?+
Prompt injection, credential exfiltration, memory poisoning, tool output poisoning, cross-agent injection, retrieval poisoning, social engineering, and encoded-attack evasions across 23 languages. 1089 patterns across 65 categories. 17 normalization techniques to catch obfuscated attacks.
What agents does Sunglasses work with?+
Claude Code, Claude Desktop, OpenClaw, the VS Code-family AI IDEs (Cursor, Cline, Windsurf, Zed) over one MCP setup, Warp, Hermes-Agent, LangChain, CrewAI, Microsoft AutoGen, OpenAI Agents SDK, and any custom Python agent. See the wiring grid above — each option links to a full walkthrough.
Do I need an API key or cloud service?+
No. Sunglasses runs entirely on your machine. No API key, no cloud service, no telemetry. Install from PyPI into a Python virtual environment.
Is the filter mandatory or optional?+
Depends on the wiring. Two frameworks ship a built-in scan tool — LangChain (SunglassesScanTool) and CrewAI (sunglasses_scan); every other agent wires in over the MCP server or a direct SunglassesEngine().scan() call. Importing or registering makes scanning available; it becomes mandatory when your workflow requires the scan at each untrusted-input boundary before the agent acts.
How fast is the filter?+
Average scan time is 0.26ms on M3 Max. Throughput is ~3,830 scans per second single-threaded. Invisible next to LLM call latency.