Syntrix — Security for Agentic AI

The new attack surface

Agentic AI broke your threat model.

MCP, tool use, and autonomous subagents introduced exposure patterns that don't exist anywhere else. Most teams ship agents with controls designed for static APIs — and pay for it later.

Prompt injection through tool results

A poisoned email, PDF, or webpage flows through your agent's tool result and rewrites its instructions. Classic CSRF, new vector.

MCP servers bound to 0.0.0.0

The exact pattern behind CVE-2026-23744. A one-line config mistake exposes the agent's full tool surface to any attacker on the network.

Subagent privilege inheritance

Spawned agents quietly run with the parent's permissions. A confused-deputy attack on the subagent moves money or sends mail.

Tool description hijacking

Adversarial text in a tool's description steers the host model to call different tools, leak context, or skip approval gates.

Credentials in model context

API keys, OAuth tokens, and exchange secrets leak into prompts and logs. Routine prompt injection becomes an exfiltration primitive.

No audit trail you can trust

If the agent can write its own logs, the logs don't survive contact with an attacker. Most agent stacks ship with no tamper-evidence at all.

The platform

Three layers of defense, one platform.

Automated Scanner

Point us at an MCP server, agent endpoint, or tunnel. We run ten checks mapped to the OWASP Agentic Top 10 — auth, injection, exposure, scoping — and return a risk score, findings list, and remediation in under 90 seconds.

— SAAS · CLI · CI INTEGRATION

Manual Pen Test

Black-box and grey-box engagements against your agent stack. Mapped to OWASP Agentic Top 10 and MITRE ATLAS. Deliverable: full report, executive summary, proof-of-concept exploits, remediation roadmap, and a re-test.

— STARTING $2,500 · 5 BUSINESS DAYS

Runtime Monitoring

Continuous scanning + alerting hooked into your CI and your prod agents. Catches regressions, new injection paths, and config drift the moment they ship. Slack and PagerDuty integrations ready.

— BETA · INVITE ONLY · Q3 2026

The checks

Every probe maps to a real-world attack pattern.

Built on the OWASP Agentic Top 10, the MCP authorization spec, the CIS MCP Companion Guide, and the live CVE feed. New checks ship as the threat landscape moves.

NET-01Network exposure / 0.0.0.0 bindingASI06

TLS-01Transport security · TLS · HSTSASI02

AUTH-01Authentication enforcementASI06

TOOL-01Tool description injection patternsASI01

PERM-01Overly broad tool capabilitiesASI06

INJ-01Indirect prompt injection canaryASI01

SAMP-01Sampling capability exposureASI10

RATE-01Rate limiting on agent surfaceASI10

ERR-01Verbose error / info disclosureASI02

CORS-01CORS misconfigurationASI06

Pricing

Start free. Scale when you need to.

No enterprise sales call required. Bring a credit card and an MCP URL.

Free

$0forever

For tinkerers and OSS maintainers. Run a single scan and see what you ship.

1 scan per month
Public scan results
Markdown report
Community support

Start scanning

Pro

$49per scan

Pay-as-you-go for solo devs and small teams shipping agents to prod.

Unlimited targets
Private results
JSON + Markdown export
CI integration · GitHub Action
Email support

Buy a scan

Team

$499/ month

Continuous monitoring across all your agent infrastructure with alerts where your team works.

Unlimited scans
Continuous monitoring
Slack + PagerDuty alerts
SSO · Audit log
Priority support

Talk to us

Manual engagement

Need a real human looking at your agent stack?

We run scoped penetration tests against agentic systems — voice control, MCP integrations, autonomous subagents, the works. Five business days, OWASP-aligned report, fixed price. No enterprise sales cycle.

Book an audit →