Skip to content

Introduction

Kaizen is runtime security for the AI agents you build. You attach it to an agent, it inspects every action the agent takes, learns the agent's normal behaviour, and flags the actions that fall outside it (and blocks known-bad calls outright). The Observer runs as a sidecar next to your agent, and you choose how deeply it attaches.

Works with your sandbox

A sandbox (Azure Container Apps, OpenAI, Docker, E2B) contains an agent: isolation and deny-default egress. It cannot tell you whether the agent behaved like itself, catch an action that is allowed but malicious, or explain a run. That is Kaizen. Sandboxes make agents safe to run; Kaizen makes them safe to trust. See the Azure Container Apps sandboxes case study, a real agent, prompt-injected, exfiltrating to an allowed host, caught.

What it secures

Agents act through tool calls, API requests, file operations, and outbound connections. Kaizen evaluates those actions, not the prompt or the model's text. The case that matters is an agent doing something outside its normal job, whether it was manipulated, misconfigured, or compromised.

How it fits

  • Client (data plane). A lightweight library you attach to your agent. It reports each action and can block a known-bad call locally. SDKs for Python and TypeScript, an MCP shim, and framework hooks.
  • The sidecar. The Observer, plus the egress collector, runs next to your agent in your own environment. It learns each agent's behaviour, evaluates deviations, and the deeper you attach, the more it sees. Only verdicts leave.
  • Control plane. The managed API and console for policy, keys, verdicts, and exports.

You decide how deeply to attach, from a one-line framework hook up to a ground-truth egress or eBPF collector, and the deeper attachments are delivered by the sidecar. The same Observer and the same verdict contract serve every option. See Observation depth and Architecture.

The verdict contract

inspect(action) -> { decision: allow | block, reason, evidence }

The contract is the same whether you call the SDK directly, wrap an OpenAI Agents run, or sit in front of an MCP server.

Next: Quickstart to attach Kaizen and protect your first agent.