SyncWave Blog
Technology 2 min read 90

Traceforce: Security and control in AI agent programming

Discover how Traceforce addresses cybersecurity in AI applications through real-time visibility and open-source pentesting tools.

cybersecurity artificial intelligence

The new frontier of AI security

The mass adoption of artificial intelligence-based tools, such as ChatGPT or Claude, has radically transformed programming and corporate workflows. However, this speed of implementation has left a critical void: the lack of visibility into how these tools interact with corporate data. This is where Traceforce comes in, a solution designed to provide total control without sacrificing developer agility.

As we explored in articles on the evolution of agents, such as Coasty: The evolution of computer-use agent programming, security must evolve at the same pace as the execution capabilities of these systems.

Deep visibility: Beyond traditional EDR

Traditional security teams often rely on tools like EDR or CASB, which fall short when faced with the complexity of Model Context Protocols (MCPs). Traceforce solves this using a lightweight binary and a browser extension developed in javascript (Node.js), capable of mapping connections between AI applications and data sources.

How does it ensure security?

The platform operates under a scheme of transparency and local control:

  • Telemetry monitoring: Collection of metadata regarding which applications and MCPs are running on devices.
  • Local inspection: Analysis of tool calls occurs directly on the user's device, ensuring privacy.
  • Active prevention: Ability to block or warn about risky actions, such as the execution of destructive commands (e.g., DROP TABLE) or API key leakage.

"Security teams can monitor agent activity in real-time, implement controls, and receive alerts about security risks as they emerge," explain its founders, Xia and Varun.

Commitment to the open source ecosystem

One of Traceforce's pillars is its collaborative approach. The company has released a dynamic pentesting tool under an open source license called mcp-xray. This resource is essential for organizations to audit their own MCPs and detect vulnerable configurations before they are exploited.

Conclusion

The current challenge is not to curb the use of AI, but to provide an environment where employees can innovate securely. Traceforce not only identifies risks like plaintext secret exposure, but also fosters a "warn and recognize" culture that allows developers to work without fear, knowing they have a robust layer of protection operating under the hood.

Sources:

Share:

Comments

Loading comments...

Contact

Want to get in touch?

Questions, suggestions or proposals — write to us and we will respond.