Invariant Guardrails / MCP-scan
Invariant provides a security layer for AI agents that statically scans agent execution traces and MCP servers to detect threats such as prompt injection, tool poisoning, and data leaks.
Description
Invariant Guardrails and MCP-scan are agent security tools from Invariant Labs, an ETH Zurich spin-off acquired by Snyk in 2025. The analyzer applies information-flow analysis over an agent's execution traces, expressed as policy rules, to flag unsafe tool-call sequences and threats. MCP-scan inspects Model Context Protocol servers for risks such as tool poisoning and prompt injection embedded in tool descriptions.
Solution
Invariant runs as an out-of-band analysis layer rather than an agent loop: it ingests an agent's execution traces and MCP server definitions and runs static information-flow analysis over them, raising policy violations when unsafe flows or injected instructions are detected.
Primary use cases
- scanning agent execution traces for threats
- detecting prompt injection and tool poisoning in MCP servers
- enforcing data-flow and tool-sequence policies
- version-pinning untrusted MCP tools
Open the full interactive page →
Diagram, neighbourhood map, code examples, related patterns and full provenance.