AI Agent Security

Tirith protects AI coding agents at every layer — from the configs they read to the commands they execute.

MCPMCP Server — 7 Tools#

Run tirith mcp-server or use tirith setup <tool> --with-mcp to register tirith as an MCP server. AI agents can call these tools before taking action:

tirith_check_command

Analyze shell commands for pipe-to-shell, homograph URLs, env injection, and more.

tirith_check_url

Score URLs for homograph attacks, punycode tricks, shortened URLs, raw IPs.

tirith_check_paste

Check pasted content for ANSI escapes, bidi controls, zero-width characters.

tirith_scan_file

Scan a file for hidden content, invisible Unicode, config poisoning.

tirith_scan_directory

Recursive directory scan with AI config file prioritization.

tirith_verify_mcp_config

Validate MCP configs for insecure servers, shell injection in args, wildcard tools.

tirith_fetch_cloaking

Detect server-side cloaking (different content for bots vs browsers).

SCANConfig File Scanning#

tirith scan detects prompt injection and hidden payloads in AI config files. It prioritizes and scans 50+ known AI config file patterns:

.cursorrules.windsurfrules.clinerulesCLAUDE.mdcopilot-instructions.md.claude/ settings, agents, skills, plugins, rules.cursor/, .vscode/, .windsurf/, .cline/, .continue/, .roo/, .codex/ configsmcp.json, .mcp.json, mcp_settings.json.github/copilot-instructions.md, .github/agents/*.md

What it catches in configs#

Prompt Injection

Skill activation triggers, permission bypass attempts, safety dismissal, identity reassignment, cross-tool override instructions.

Invisible Unicode

Zero-width characters, bidi controls, soft hyphens, Unicode tags hiding instructions.

MCP Config Issues

Insecure HTTP connections, raw IP servers, shell metacharacters in args, duplicate server names, wildcard tool access.

HIDEHidden Content Detection#

Detects content invisible to humans but readable by AI in HTML, Markdown, and PDF:

TechniqueDetails
CSS hidingdisplay:none, visibility:hidden, opacity:0, font-size:0, off-screen positioning
Color hidingWhite-on-white text, similar foreground/background (contrast ratio < 1.5:1)
HTML/MD commentsLong comments hiding instructions for AI agents
PDF hidden textSub-pixel rendered text (font-size < 1px) invisible to readers but parseable by LLMs

CLOAKCloaking Detection#

tirith fetch compares server responses across 6 user-agents to detect when servers serve different content to AI bots vs browsers:

ChromeClaudeBotChatGPT-UserPerplexityBotGooglebotcurl
shell
$ tirith fetch https://example.com/install.sh

SETUPQuick Setup for AI Tools#

Use tirith setup <tool> for one-command configuration:

shell
$ tirith setup claude-code --with-mcp # Claude Code + MCP server
$ tirith setup codex # OpenAI Codex
$ tirith setup cursor # Cursor
$ tirith setup vscode # VS Code
$ tirith setup windsurf # Windsurf

For detailed per-tool setup guides, see MCP Integration.