Ship AI agents securely. Everywhere.
Scan, fix, and monitor your entire agent stack. Any platform, one command.
Sets up and runs your first scan.
Works with any agent platform
AI agents are the largest unmonitored attack surface in your stack.
Your credentials, SSH keys, environment variables, database connections, and local files. Most agents never ask. Most developers never check.
We scanned the ecosystem. Here's what we found.
Real data from scanning thousands of agent skills across every major platform.
Data from our State of AI Agent Security: Q1 2026 report.
Your security tools weren't built for this.
AI agents introduced a new attack surface. Traditional security covers code, packages, and networks. Not agent behavior.
Dependency scanners check packages for known CVEs. They don't analyze what an agent skill does at runtime.
Secret scanners find keys committed to code. They don't catch an MCP server reading your keychain in real time.
Firewalls block network threats. They can't see an agent exfiltrating data through a legitimate tool call.
Scan. Fix. Monitor.
One scan maps your attack surface. One command patches it. One proxy blocks threats at runtime.
Scan
Maps your attack surface across AI agents, MCP servers, and configs. Known vulnerabilities, fixable findings, and unverified findings. Add --deep to verify exploitability.
Fix
Auto-patches fixable findings. Redacts secrets, quarantines malware, tightens permissions. Full backups before every change.
Monitor
Runtime proxy for your AI agents. Intercepts every tool call and blocks threats before they execute.
Scan is free and open source. Fix and Monitor start at $49/mo.
Live Data
AI Agent Security Index
Every scan contributes anonymous threat data to a shared intelligence feed. See what the community is finding across AI agent deployments, updated daily.
Powered by anonymous scan telemetry. No code or file paths shared.
Questions
Yes. Every AI agent you install inherits access to your files, API keys, and environment variables. MCP servers, Claude Code skills, Cursor extensions. Research shows 7.1% of agent marketplace skills are exfiltrating credentials or sending data to external servers. Most developers never audit what these tools access.
No catch. Run "npx firmis-cli init" and you get a full attack surface map: known vulnerabilities, fixable findings, and unverified findings. No account, no credit card.
You will see messages like "This skill is reading your AWS passwords and sending them to an unknown server." Plain English, not CVE codes. Every finding explains what is wrong and what to do about it.
No. The scan takes about 30 seconds and runs completely offline. It reads your config files without touching running agents.
Every finding includes control mappings for SOC 2 (CC6/CC7), EU AI Act (Article 9/15), GDPR (Article 32), NIST AI RMF, OWASP Agentic Top 10, ISO 42001, and MITRE ATLAS. Run "firmis init", open the HTML report, and share the compliance section directly with auditors.
An attacker compromises an MCP server to inject malicious instructions that hijack your AI agent. MCPTox research measured a 72.8% attack success rate on popular LLMs. Firmis scans your MCP configs for known poisoning patterns, malicious servers, and suspicious tool definitions.
Deep scan uses 5 AI credits per component analyzed. Rule-based scanning is always free and unlimited. The free tier includes 50 credits per month, and your first deep scan each month is free regardless of balance. When credits run out, the AI layer pauses but rule-based scanning continues. No surprise charges. Pro ($49/mo) includes 500 credits, with top-up packs starting at 6c/credit.
Ship securely in 30 seconds.
One command sets up Firmis and scans your entire agent stack. Free, open source, no account required.
Sets up and runs your first scan. No account required.
Security for AI agents. Free to scan. No sign-up required.