AI threat library
The risks CapitalGuard is built to detect.
Focused threat pages for founders, agencies, and teams deciding whether to buy an AI-agent exposure scan, generate policy files, or add monitoring after the first baseline.
Quick baseline
Use the free risk check when a team is still mapping repo and AI-tool scope.
Open pathPolicy path
Use the policy generator after identifying protected paths and agent boundaries.
Open pathSerious repo
Use Pro when the main product repo needs ten scans, report workflow, and executive export.
Open pathThreat pages
8 concrete AI-agent risk paths.
Agent instruction risk
Prompt-Injection Paths
Hidden instructions in docs, issues, prompts, logs, and internal notes can influence coding agents when those files become task context.
Secret-risk pattern
Exposed Secret Context
AI tools do not need to print raw keys to create risk; file paths, variable names, logs, and configuration context can reveal how systems are wired.
Workspace boundary risk
Dangerous Agent-Readable Files
Some files should not be read, edited, summarized, or sent to external tools by autonomous coding agents.
CI and release risk
Unsafe Workflow Automation
Agents that can edit workflows, package scripts, deploy files, or release automation can turn small mistakes into production risk.
Integration risk
Agent Tool Bridge Risk
MCP servers, agent plugins, local bridges, and automation connectors can quietly expand what a coding agent can inspect or transmit.
Package supply-chain risk
Dependency Script Execution
Install scripts, postinstall hooks, and package-manager credentials can create dangerous paths when agents modify dependencies or run commands.
Operational exposure
Production Access Paths
Agents may reach production indirectly through deploy scripts, cloud configuration, kubeconfig files, service accounts, logs, and runbooks.
Data handling risk
Customer Data in Agent Context
Support exports, logs, database samples, transcripts, and screenshots can enter agent context during normal debugging work.