Why AI Agent Security Needs Layers

No single tool catches everything. A SAST scanner misses secrets. A secret scanner misses vulnerable dependencies. A dependency scanner misses prompt injection in your MCP config. That's why we built a 7-layer defense workflow โ€” each layer catches what the others miss.

Here's the workflow we use every day. Total setup time: 5 minutes.

Layer 1: MCP Config Audit

Before writing any code, audit your MCP server configurations:

"Scan my MCP configuration for security issues"

This checks every MCP server in your ~/.claude/settings.json for prompt injection patterns, SSRF-capable parameters, and credential exposure. Run this every time you install a new MCP server.

Layer 2: Dependency Scan

Before starting a coding session, scan your project dependencies:

"Scan this project's dependencies for vulnerabilities"

Zfuzz checks 10 lockfile formats against the OSV.dev vulnerability database. It finds known CVEs in your dependency tree โ€” including transitive dependencies that npm audit sometimes misses.

Layer 3: Secret Detection

Before every commit, scan for hardcoded secrets:

"Scan this project for hardcoded secrets and API keys"

430+ patterns covering AWS, GCP, Azure, Stripe, OpenAI, Anthropic, GitHub, and dozens more. Shannon entropy analysis catches custom token formats that regex patterns miss.

Layer 4: SAST Analysis

During code review, run static analysis:

"Scan this code for security vulnerabilities"

441 SAST rules with taint analysis track data flow from untrusted sources (user input, HTTP parameters) to dangerous sinks (SQL queries, shell commands, file operations). Taint analysis is available for JavaScript/TypeScript and Python.

Layer 5: Threat Modeling

For every major feature, run a threat model:

"Threat model this feature using STRIDE"

STRIDE analysis identifies Spoofing, Tampering, Repudiation, Information Disclosure, DoS, and Elevation of Privilege risks. MITRE ATT&CK technique IDs map each threat to real-world attack knowledge.

Layer 6: Runtime Guard

Agent Guard provides runtime protection while the AI agent operates. It hooks into tool execution and blocks dangerous operations:

# In ~/.claude/settings.json
{
  "hooks": {
    "PreToolUse": [{
      "command": "zfuzz guard check --event PreToolUse"
    }]
  }
}

Seven built-in rules protect against shell injection, SSRF, path traversal, secret leakage, dangerous commands (rm -rf, DROP TABLE), rate limiting abuse, and file access outside project boundaries.

Layer 7: CI/CD Security Gate

The final layer blocks insecure code from reaching production:

# .github/workflows/security.yml
- name: Zfuzz Security Scan
  uses: zfuzz-dev/scan-action@v1
  with:
    fail_on: critical
    upload_sarif: true

The GitHub Action runs SAST + SCA + secrets scanning, uploads findings as SARIF to GitHub Code Scanning, and posts a PR comment with the security summary. PRs with critical findings are blocked.

The Complete Stack

LayerWhenWhatCatches
1. MCP AuditOn MCP installscan_mcp_configTool poisoning, prompt injection
2. DependenciesSession startscan_dependenciesKnown CVEs in packages
3. SecretsPre-commitscan_secretsHardcoded credentials
4. SASTCode reviewscan_codeInjection, XSS, auth bugs
5. Threat ModelFeature designthreat_modelArchitectural risks
6. Runtime GuardAlways-onAgent Guard hooksLive exploitation attempts
7. CI GatePR mergeGitHub ActionEverything, as a gate

Get Started

Layers 1-5 install in one command. Layers 6-7 take 3 more minutes.

claude mcp add zfuzz -- npx @zfuzz/mcp

GitHub ยท npm