# Securing Agents Different types of AI agents require different security approaches. This page maps each agent category to the right Highflame integration path and links to the detailed documentation for each. *** ## Choosing your path | Agent type | Deployment model | Integration | | -------------------------------------------- | ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | | Custom agents — new builds | In-code, per-step control | [Highflame SDK](https://docs.highflame.ai/getting-started/custom-agents/gateway-integration-examples#sdk-integration-direct-guardrails) | | Custom agents — existing traffic | Centralized proxy, no code changes | [Agent Gateway](https://docs.highflame.ai/agent-gateway/ai-gateway) | | Code agents (Cursor, Claude Code, Copilot) | Local daemon, IDE hooks | [Code Agents](https://docs.highflame.ai/code-agents/quick-start) | | Browser agents (ChatGPT, Gemini, Copilot.ai) | Managed browser extension | [Browser Security](https://docs.highflame.ai/browser-security/browser-security) | | Third-party / uncontrolled agents | Network-layer via Tailscale Aperture | [Aperture Integration](https://docs.highflame.ai/integrations/aperture) | These are complementary. Most enterprise deployments use more than one: the Gateway for custom agent traffic, Code Agents for developer workstations, Browser Security for employee AI usage, and Aperture for any third-party systems that fall outside those categories.