AgentShield: Runtime security guard for Haystack pipeline tool calls

[hidearmoon]

Hi Haystack community!

We've open-sourced AgentShield, a runtime security layer for AI agents that intercepts tool calls before execution. We think it's a natural fit for Haystack pipelines where agents invoke tools.

The problem

When a Haystack agent processes external data (emails, web pages, RAG documents) and has access to tools, a prompt injection hidden in that data can trick the agent into misusing tools — sending unauthorized emails, exfiltrating data, or executing malicious code.

How AgentShield helps

Every tool call passes through a multi-layer security pipeline:

1. Trust-aware data flow — External data gets tagged with lower trust levels. Sensitive tools are automatically restricted when the agent is processing untrusted data.
2. 3-layer intent consistency — Rule Engine (μs) → Anomaly Detector (μs) → Semantic Checker (ms). Most checks complete in microseconds without any LLM call.
3. 22 built-in security rules — Covering injection defense, data exfiltration, privilege escalation.
4. Policy DSL — Define custom rules in YAML.

Integration with Haystack

AgentShield can integrate as a pipeline component that wraps tool-calling nodes:

from agentshield import Shield

shield = Shield(api_key="your-key")

@shield.guard
async def my_tool(query: str) -> str:
    return db.execute(query)

Or as a pre-execution guard in custom components that checks tool name + params against policy before forwarding to the actual tool.

We also have a transparent sidecar proxy mode that requires zero code changes — it intercepts HTTP traffic between the agent and tool services.

Links

• GitHub (Apache 2.0, 342 tests including 92 security tests)
• Python SDK with LangChain, CrewAI, AutoGen integrations
• Existing integrations for OpenClaw, MCP, Dify, AutoGPT, n8n

Would love to hear from Haystack users about your security concerns with agent tool execution. Happy to build a dedicated Haystack component if there's interest.