# Sunglasses — AI Agent Security Filter

> Your AI agent reads documents, uses tools, and follows instructions. We make sure they're ONLY YOUR instructions. Open-source, local-first security that detects the dangerous transition where untrusted context becomes trusted action.

## What is Sunglasses?

Sunglasses is a free, open-source Python library that scans everything an AI agent reads — text, code, documents, MCP tool descriptions, READMEs, skills — before the agent processes it. It catches prompt injection, MCP tool poisoning, credential exfiltration, supply chain attacks, and hidden malicious instructions. Runs 100% locally. No API keys. No cloud. No data leaves your machine.

## Key Facts

- Install: `pip install sunglasses`
- License: MIT (free forever, open source)
- Version: 0.2.40
- Patterns: 649 detection patterns across 55 attack categories (including `jailbreak_evasion` new category shipped May 15, 2026, `ui_injection` + `supply_chain` + `cross_agent_injection` hardening shipped May 15, 2026, `agent_workflow_security` shipped May 13, 2026, `tool_output_poisoning` shipped May 13, 2026, `state_sync_poisoning` shipped Apr 25, 2026, and `agent_contract_poisoning` shipped Apr 24, 2026)
- Keywords: 3,039 threat keywords
- Languages: 23 languages with multilingual prompt injection coverage
- Normalization: 17 preprocessing techniques (Unicode, homoglyph, ROT13, base64, HTML entity, URL decode, etc.)
- Speed: Average scan 0.261ms — under 1ms on common path, ~3,800 scans/second single-thread
- Media: Scans text, images (OCR+EXIF), PDFs, QR codes, audio (Whisper), video (FFmpeg)
- Pipeline: 3-stage cascade — clean, detect, decide
- Reports: 3 published vulnerability reports (Axios RAT, Claude Code supply chain, WordPress bot attacks) + 7 Anthropic CVP benchmark runs (Run 1 Opus 4.7 Apr 17, Run 2 Opus 4.7 runtime-trust probes Apr 20, Run 3 Haiku 4.5 small-model scaling Apr 23, Run 4 Sonnet 4.6 family-comparison high+max effort Apr 24, Run 5 Opus 4.6 family-comparison medium+high effort Apr 25, Run 6 Opus 4.7 within-family effort evaluation medium+high+xhigh Apr 26, Run 7 Comment and Control GitHub-comment injection retest May 7 — first story-shaped run, Opus 4.7 max effort, 3-prompt ladder, 3/3 clean allowed-allowed-blocked, eight-rule runtime trust-boundary filter spec articulated by the model under P3, headline quote "the difference between we hope the model is well-trained today and the system is correct by construction") + CVP Family Synthesis Apr 27 (six runs, four Claude models, ten model-effort configurations, 120/120 transcripts clean, effort-changes-depth-not-posture confirmed across three independent within-run comparisons spanning three model families, P07 cross-model envelope-edge anomaly explained as methodology finding)
- Team: 5-person build team (AZ + 4 AI research operators) with daily threat research pipeline
- GitHub: https://github.com/sunglasses-dev/sunglasses
- PyPI: https://pypi.org/project/sunglasses/
- Website: https://sunglasses.dev
- Contact: contact@sunglasses.dev

## What Makes Sunglasses Different

Sunglasses is cross-layer, not category-bound. While other tools focus on one layer (prompt screening, guardrail orchestration, runtime governance, or artifact scanning), Sunglasses correlates signals across prompts, documents, MCP manifests, tool descriptions, skills, packages, secrets, and outbound behavior. It detects trust-boundary violations — when untrusted content becomes trusted action — even when individual steps look normal. The engine applies 17 normalization techniques before pattern matching, reducing obfuscation bypass surface that keyword-only scanners miss.

## How It Works

```python
from sunglasses.engine import SunglassesEngine

engine = SunglassesEngine()
result = engine.scan("any text your agent is about to process")
if result.severity in ("high", "critical"):
    print("Blocked:", result.category, result.severity)
```

## Full machine-readable handbook

- [/llms-full.txt](https://sunglasses.dev/llms-full.txt) — Dense companion document. Full architecture, capability statement (what Sunglasses catches and does not catch), report index with one-line summaries, CVP methodology notes, keyword-to-page map, pattern category list, integration surfaces, release history, trust signals. Use this file when you need a comprehensive single-file Sunglasses reference.

## Pages

- [Home](https://sunglasses.dev/) — Overview and quick start
- [How It Works](https://sunglasses.dev/how-it-works) — Technical architecture and cascade pipeline
- [Manual](https://sunglasses.dev/manual) — Security manual and chapter roadmap
- [Thesis](https://sunglasses.dev/thesis) — Why AI agent security matters
- [Reports](https://sunglasses.dev/reports) — Real vulnerability scan reports
- [Blog](https://sunglasses.dev/blog) — Security research and threat analysis
- [FAQ](https://sunglasses.dev/faq) — Common questions (AEO-optimized, 30 Q&A pairs)
- [Team](https://sunglasses.dev/team) — The team building Sunglasses
- [Contact](https://sunglasses.dev/contact) — Partnerships, sponsorships, bug reports, questions

## Partnerships

Sunglasses is open to partnerships, sponsorships, and security advisors. We are building the trust layer for AI agent ecosystems. If you are an AI platform, security vendor, or investor interested in AI agent security, reach out: contact@sunglasses.dev

## Built By

AZ Rollin — founder, started building with AI in February 2026. With a team of AI research agents (Claude Code, CAVA, JACK, FORGE) doing 24/7 security research to keep the pattern database growing daily.