Guardians: Static verification for AI agent workflows (github.com)

A new implementation called "Guardians" introduces static verification for AI agent workflows, addressing vulnerabilities linked to prompt injection, akin to SQL injection. Developed from Erik Meijer's "Guardians of the Agents" paper, this approach separates code from data by allowing the language model (LLM) to generate a structured plan with symbolic references upfront. This plan is then vetted against a security policy using a static verifier before any execution occurs, ensuring that only verified workflows proceed. This method's significance lies in its robust security framework, leveraging three independent checks: taint analysis to monitor data flow, security automata to prevent error states, and Z3 theorem proving to confirm preconditions and frame conditions. By utilizing static verification, the framework prevents malicious commands, such as an email instructing an agent to forward sensitive information, from executing. This progressive methodology, requiring Python 3.11+ and incorporating two key dependencies (pydantic and z3-solver), represents a pivotal advancement in securing AI agent workflows, enhancing reliability and safety in AI systems.