the credit score
for context.
your agents are at risk every time they use external context. brin pre-scans packages, skills, and web pages to detect malware, prompt injection, and supply chain attacks. open-source and for free.
every context type
six context types, each with a dedicated threat model and scoring methodology. if your agent can reach it, brin scores it.
sub-10ms
pre-scanned results return in under 10ms. fast enough to sit in the critical path of every agent action — no queues, no cold starts.
one http call
no sdk, no auth, no signup. a single GET request returns a score, verdict, and threat data. integrates into any agent or pipeline in minutes.
##securing context, not agents
the default approach to agent security is guardrails — restricting what the agent can do. block certain tools, sandbox file access, limit network calls. it works, but it also cripples the agent. the more you constrain it, the less useful it becomes.
brin takes a different approach. let agents be as unconstrained as possible — and instead score every piece of external context they interact with. the risk was never the agent. it's the external context the agent trusts by default.
secure the context, not the agent. you get safety without sacrificing capability.
##what we score
six types of external context that agents consume autonomously — each with a distinct threat model and scoring methodology.
web pages
prompt injection, phishing, cloaking, exfiltration via hidden content
packages
install-time attacks, credential harvesting, typosquatting
repositories
agent config injection, malicious commits, compromised dependencies
skills
description injection, output poisoning, instruction override
mcp servers
tool shadowing, schema abuse, silent capability escalation
commits
coming soonpr injection, security sabotage, backdoor introduction
##how it works
before your agent acts on any external context, make a single GET request. brin returns a score, verdict, and any detected threats. if brin is unreachable, the agent continues as normal — zero risk to your existing workflow.
##latest findings
real threats detected across the ecosystem.
every score brin produces is public. the api requires no auth, costs nothing, and handles 300 requests per minute per ip. if you prefer not to depend on the api, download the full dataset and host it on your own infrastructure.
the more widely trust signals are available, the harder it becomes for malicious context to spread. open data makes the entire ecosystem safer.
start scoring agent dependencies.
integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.