Sage Introduces Agent Detection And Response Layer

Open-source project Sage inserts an interception layer between autonomous AI agents and system operations, checking shell commands, URL fetches, and file writes before execution. It runs on Claude Code, Cursor/VS Code, and OpenClaw, applies URL reputation, YAML heuristics, supply-chain and plugin scans, sends only hashes to Gen Digital APIs, and responds to Gen Threat Labs' finding of over 18,000 exposed OpenClaw instances and about 15% malicious skills.
Key Points
- 1Intercepts agent tool calls across Claude Code, Cursor/VSCode, and OpenClaw to vet commands, URLs, and files
- 2Detects phishing, malware, and supply‑chain threats using URL reputation, YAML heuristics, package and plugin checks
- 3Enables safer local agent use by preserving most data locally while sending only hashes to cloud APIs
Scoring Rationale
Practical, installable security tooling addresses exposed agent risks, but scope limited to developer workstations and specific platforms.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
