I scanned 16 open-source AI agent repos – 76% of tool calls had zero guards (github.com)

A recent analysis of 16 open-source AI agent repositories using a tool called 'diplomat-agent' revealed that 76% of tool calls executed by AI agents lacked necessary guardrails, such as input validation and rate limits. This finding is significant for the AI/ML community as it highlights a critical gap in safety and security protocols. With LLMs (Large Language Models) autonomously determining which functions to call, the absence of safeguards can lead to unintended real-world consequences, like unauthorized database modifications or erroneous financial transactions. Diplomat-agent scans for unguarded functions that can execute side effects and provides detailed reports on the security posture of AI agents. Notably, it requires no dependencies and operates quickly, scanning a 1,000-file repository in just two seconds. The tool underscores the importance of rigorous governance measures, suggesting that developers commit to maintaining a behavioral Software Bill of Materials (SBOM) of their agents' capabilities. This new tool encourages proactive compliance and auditing, making it easier for teams to mitigate risks associated with deploying autonomous AI systems.