I built Kaida Shield because autonomous AI agents need dangerous permissions to be useful — file access, network requests, code execution — but nothing monitors what they actually do with those permissions at runtime.
The problem: every individual action an agent takes looks legitimate. Open a file? Fine. Make a web request? Fine. Run a command? Fine. But the sequence "scrape personal data → generate content → publish it publicly" is a pattern no single-action firewall catches. By the time you notice, the damage is done.
Kaida wraps any AI agent process and monitors its behavior against a policy you define. Describe what your bot should do in plain English ("check LinkedIn for jobs, save results to a spreadsheet, nothing else"), and Kaida generates behavioral rules. If the agent deviates — accesses a domain not in the policy, writes to a file outside allowed paths, spawns an unexpected subprocess — Kaida freezes the process (SIGSTOP, not SIGKILL) and prompts you. Your work is preserved.
What it catches today: unauthorized network access, file system violations, phishing URLs, reverse shells, prompt injection patterns, crypto miners, anomalous looping, rate spikes, and token burn.
What it doesn't do: inspect encrypted payloads (sees destinations, not content), monitor internal LLM reasoning, or detect novel zero-day behavioral patterns.
Works with any Python-based agent framework (OpenClaw, LangChain, CrewAI, AutoGen, custom). All detection is deterministic — no LLM in the monitoring pipeline, so the monitor itself can't be prompt-injected.
pip install kaida-shield
kaida demo (shows 16 live detection scenarios)
kaida ui (web dashboard for non-technical users)
Free. Apache 2.0. Windows/Linux/macOS.
https://github.com/ajpandit775/kaida-shield
I built Kaida Shield because autonomous AI agents need dangerous permissions to be useful — file access, network requests, code execution — but nothing monitors what they actually do with those permissions at runtime. The problem: every individual action an agent takes looks legitimate. Open a file? Fine. Make a web request? Fine. Run a command? Fine. But the sequence "scrape personal data → generate content → publish it publicly" is a pattern no single-action firewall catches. By the time you notice, the damage is done. Kaida wraps any AI agent process and monitors its behavior against a policy you define. Describe what your bot should do in plain English ("check LinkedIn for jobs, save results to a spreadsheet, nothing else"), and Kaida generates behavioral rules. If the agent deviates — accesses a domain not in the policy, writes to a file outside allowed paths, spawns an unexpected subprocess — Kaida freezes the process (SIGSTOP, not SIGKILL) and prompts you. Your work is preserved. What it catches today: unauthorized network access, file system violations, phishing URLs, reverse shells, prompt injection patterns, crypto miners, anomalous looping, rate spikes, and token burn. What it doesn't do: inspect encrypted payloads (sees destinations, not content), monitor internal LLM reasoning, or detect novel zero-day behavioral patterns. Works with any Python-based agent framework (OpenClaw, LangChain, CrewAI, AutoGen, custom). All detection is deterministic — no LLM in the monitoring pipeline, so the monitor itself can't be prompt-injected. pip install kaida-shield kaida demo (shows 16 live detection scenarios) kaida ui (web dashboard for non-technical users) Free. Apache 2.0. Windows/Linux/macOS. https://github.com/ajpandit775/kaida-shield