TACK

COMING SOON

OPEN SOURCE · RUNS LOCALLY · <1MS INLINE

Every action looks normal.
The trajectory doesn't.

Tack learns each agent's behavioral baseline and scores how far it has drifted, catching credential-creep and anomalies that stateless policies miss. Contain threats inline: warn, block, or quarantine.

agent.ts 
$ npm install tack-guard

import { createGuard } from 'tack-guard'
const guard = createGuard()

// score every tool call · 0 → 1 · locally
const { score, verdict } = guard.evaluate(toolCall)
if (verdict === 'quarantine') block()
Follow for launch Book a demo npm i tack-guard soon
AGENT sales-bot · HEADING 047°
  • OWASP LLM Top 10
  • OWASP Agentic Top 10
  • MITRE ATLAS
  • NIST AI RMF
  • Runs locally
  • Zero dependencies
  • Your data never leaves your app

THE BLIND SPOT

Stateless security can't see the slow attack coming.

Every tool out there does binary allow or block. Each call is judged alone, so the attack that unfolds across calls walks straight through.

AGENT TIMELINE
  1. read ok ✓
  2. read ok ✓
  3. write ok ✓
  4. read ok ✓
  5. write ok ✓
  6. sensitive ok ✓
  7. admin ok ✓

Each action looks fine. Only the trajectory reveals the threat.

  • CRITICAL

    credential-creep

    The slow attack. Read-only baseline, then writes, then sensitive data. Each step looks harmless.

  • CRITICAL

    smash-and-grab

    The loud attack. Bulk export, mass delete, exfiltration. Obvious but still needs catching.

  • HIGH

    behavioral-drift

    The weird attack. After-hours access, volume spikes, admin attempts. Doesn't match any known pattern.

HOW IT WORKS

Three beats, every tool call.

One inline loop wraps every action your agent takes. Tack learns, scores, and contains, before the call ever runs.

  1. 01

    Learn the baseline

    Tack observes the first N calls and learns what "normal" looks like for each agent.

  2. 02

    Score every action

    Each subsequent tool call is scored 0 → 1 against the baseline. Six weighted signals, combined into a risk score.

    • escalation_trajectory
    • sensitive_write
    • volume_spike
    • new_write_access
    • after_hours
    • admin_attempt
  3. 03

    Contain inline

    Warn, block, or quarantine. In under a millisecond. Before the action executes.

TRY IT NOW

Add runtime security in 5 lines.

Drop it into your tool-call pipeline. It scores locally, returns instantly, and never phones home.

Works with

LangChain ·OpenAI ·Anthropic ·MCP ·any agent framework

Read the docs npm i tack-guard soon
guard.ts 
import { createGuard } from 'tack-guard'

const guard = createGuard({
  sensitiveTargets: ['user_db', 'credentials', 'billing'],
  mode: 'enforce'
})

// wrap your agent's tool calls
const result = guard.evaluate({
  agentId: 'sales-bot',
  action: 'read',
  target: 'user_db',
  hour: 14
})

if (result.blocked) {
  console.warn(`Blocked: ${result.pattern} (score: ${result.score})`)
}

FREE VS CLOUD

Start free. Scale with Cloud.

The guard is free forever. Cloud adds the memory that survives restarts and correlates behavior across sessions.

tack-guard

FREE · MIT

The open-source SDK. Drops into any agent, scores every call locally.

  • Scoring engine (6 signals, 0 → 1)
  • Pattern detection (3 attack types)
  • Stateless signatures
  • Multi-agent isolation
  • Zero dependencies, <1ms
  • MIT open source

Tack Cloud

PAID

Hosted memory and correlation. The fleet view across every session.

Everything in tack-guard, plus:

  • Persistent memory (baselines survive restarts)
  • Cross-session detection (24h, 72h, 7d patterns)
  • Dashboard & timeline
  • Alerts (email, webhook, Slack)
  • LLM-powered analysis coming soon

WHY MEMORY WINS

Policy engines check rules. Tack remembers behavior.

Rules catch what you already named. A learned baseline catches the escalation no one wrote a rule for.

Approach Detects loud attacksDetects slow escalationLearns from historyInline (<1ms)
Policy engine yes no no yes
Proxy / WAF yes no no partial
Log monitoring yes post-mortem no no
tack-guard yes yes yes yes

yes no ~ △ partial

WHO'S BUILDING THIS

Built in the open, by someone who breaks agents for a living.

Damien Aubry, Technical founder based in San Francisco

Damien Aubry

Technical founder · San Francisco

French founder building in San Francisco. Built Tack's scoring engine live at the Agent Native Company Hackathon (Beta x Nebius) in Sunnyvale, then open-sourced it as tack-guard. Breaking AI agents to learn how to defend them.

Origin: Agent Native Company Hackathon (Beta x Nebius), Sunnyvale, June 2026

SIGNAL, NOT NOISE

tack-guard is open-sourcing soon under the MIT license: the scoring engine, the detection rules, and this site. Follow along for the drop, then read the code and judge the behavior for yourself. No telemetry, no signup.

Follow on LinkedIn Book a demo
  • [>] Built live at the hackathon, open-sourcing soon
  • [>] MIT licensed · runs on your machine
  • [>] Follow on LinkedIn for the launch

SHIP WITH A BASELINE

Secure your agents before they drift.

Open source, dropping soon. Follow along for the launch.

Follow for launch Book a demo
npm install tack-guard soon