# Highflame Agent Control Platform

Highflame is the security control plane for AI agents and autonomous systems. It provides runtime guardrails, typed Cedar policy enforcement, agent identity, MCP gateway security, model supply chain scanning, and adversarial red teaming — across a unified detection and observability layer.

### Why Highflame

AI agents call tools, connect to MCP servers, modify code, invoke APIs, and operate across long-running workflows. Every one of those actions is a security decision. Highflame gives engineering and security teams the infrastructure to make agent autonomy safe to deploy:

* **Sub-10ms inline guardrails** — tiered detection (deterministic → ML → cloud) with Cedar policy evaluation on every prompt, tool call, and model response
* **Tiered detection** — fast & slow guardrail detection tiers for deterministic latency when applying guardrails & controls.
* **Cedar-native policy** — declarative, auditable authorization rules scoped to agents, tools, environments, and trust levels
* **Agent identity (ZeroID)** — OAuth2 tokens for non-human identities with delegation chains, scope enforcement, and credential policies
* **Session-aware enforcement** — cross-turn risk tracking with stateful ML detectors (GRU-based multi-turn jailbreak detection)
* **Multi-product coverage** — same policy and detection layer across Guardrails, Code Agents, MCP Gateway, Browser Security, and Red Team

### Get Started

<table data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><strong>Quickstart</strong></td><td>First guarded request in under 5 minutes</td><td><a href="https://github.com/highflame-ai/highflame-docs/blob/main/getting-started/quickstart.md">https://github.com/highflame-ai/highflame-docs/blob/main/getting-started/quickstart.md</a></td></tr><tr><td><strong>Securing Agents</strong></td><td>Choose the right integration pattern: SDK, Gateway, or Trace ingestion</td><td><a href="getting-started/securing-agents">securing-agents</a></td></tr><tr><td><strong>SDK Quick Reference</strong></td><td>Python and TypeScript side by side — all common patterns</td><td><a href="guides/sdk-quick-reference">sdk-quick-reference</a></td></tr></tbody></table>

### By Role

<table data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><strong>Security Teams</strong></td><td>Provider setup, route creation, guardrail policies, governance</td><td><a href="broken-reference">Broken link</a></td></tr><tr><td><strong>Red Team Testers</strong></td><td>Adversarial testing of agents, prompts, and tool workflows</td><td><a href="broken-reference">Broken link</a></td></tr><tr><td><strong>Developers</strong></td><td>SDK integration, Shield wrappers, framework hooks</td><td><a href="getting-started/quick-start">quick-start</a></td></tr></tbody></table>

### API & SDK

<table data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><strong>Python SDK</strong></td><td>Decorators, async, LangGraph / CrewAI / Strands integrations</td><td><a href="https://github.com/highflame-ai/highflame-docs/blob/main/api-reference/sdk/shield/python-sdk.md">https://github.com/highflame-ai/highflame-docs/blob/main/api-reference/sdk/shield/python-sdk.md</a></td></tr><tr><td><strong>TypeScript SDK</strong></td><td>Shield wrappers, streaming, zero runtime dependencies</td><td><a href="https://github.com/highflame-ai/highflame-docs/blob/main/api-reference/sdk/shield/typescript-sdk.md">https://github.com/highflame-ai/highflame-docs/blob/main/api-reference/sdk/shield/typescript-sdk.md</a></td></tr><tr><td><strong>REST API</strong></td><td>POST /v1/guard, /v1/detect, /v1/guard/stream — curl examples</td><td><a href="https://github.com/highflame-ai/highflame-docs/blob/main/api-reference/rest-endpoints/shield-rest-apis.md">https://github.com/highflame-ai/highflame-docs/blob/main/api-reference/rest-endpoints/shield-rest-apis.md</a></td></tr></tbody></table>

### Platform

<table data-view="cards"><thead><tr><th></th><th></th><th data-hidden data-card-target data-type="content-ref"></th></tr></thead><tbody><tr><td><strong>Guardrails &#x26; Policies</strong></td><td>Threat catalog, Cedar cookbook, evaluation lifecycle</td><td><a href="agent-authorization-and-control-shield/guardrails-policies">guardrails-policies</a></td></tr><tr><td><strong>Agent Identity (ZeroID)</strong></td><td>OAuth2 for agents — tokens, delegation, credential policies</td><td><a href="agent-identity-zeroid/introduction">introduction</a></td></tr><tr><td><strong>MCP Gateway</strong></td><td>Secure MCP server connections, tool governance, credential modes</td><td><a href="agent-gateway/ai-gateway">ai-gateway</a></td></tr><tr><td><strong>Code Agents</strong></td><td>IDE and coding assistant security — Cursor, Claude Code, Copilot</td><td><a href="code-agents/quick-start">quick-start</a></td></tr><tr><td><strong>Red Teaming</strong></td><td>Adversarial testing, attack engines, model supply chain scanning</td><td><a href="red-teaming/agent-red-teaming">agent-red-teaming</a></td></tr><tr><td><strong>Observability</strong></td><td>Traces, threat alerts, governance, OpenTelemetry integration</td><td><a href="agent-authorization-and-control-shield/observability">observability</a></td></tr></tbody></table>

### Production & Operations

| Guide                                                                                              | Description                                                                         |
| -------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- |
| [Production Patterns](https://docs.highflame.ai/guides/production-patterns)                        | Singleton clients, rollout stages (monitor → alert → enforce), graceful degradation |
| [Multi-Tenancy](https://docs.highflame.ai/guides/multi-tenancy-patterns)                           | Per-tenant isolation, session scoping, Cedar context injection                      |
| [Testing](https://docs.highflame.ai/getting-started/testing-guide)                                 | Mock mode, response inspection, CI/CD integration                                   |
| [Troubleshooting](https://docs.highflame.ai/guides/troubleshooting)                                | Common errors and resolution paths                                                  |
| [Deployment](https://github.com/highflame-ai/highflame-docs/blob/main/deployment-guides/README.md) | AWS, Azure, GCP deployment guides                                                   |

### Framework Coverage

Highflame maps detections, policies, and findings to industry security frameworks:

| Framework            | Coverage                                                      |
| -------------------- | ------------------------------------------------------------- |
| **OWASP LLM Top 10** | Prompt injection, data leakage, tool misuse, model DoS        |
| **OWASP MCP Top 10** | Tool poisoning, server impersonation, cross-origin escalation |
| **MITRE ATLAS**      | Adversarial ML techniques mapped to detection signals         |
| **NIST AI RMF**      | Risk measurement, governance controls, audit evidence         |

### Connect

* [GitHub](https://github.com/highflame-ai) — SDKs, examples, and open-source projects
* [Highflame](https://highflame.com) — Product updates and company information
* [Changelog](https://github.com/highflame-ai/highflame-docs/blob/main/Changelog/README.md) — Platform updates, new detectors, and policy features