Traceforce: Security and control in AI agent programming
Discover how Traceforce addresses cybersecurity in AI applications through real-time visibility and open-source pentesting tools.

The new frontier of AI security
The mass adoption of artificial intelligence-based tools, such as ChatGPT or Claude, has radically transformed programming and corporate workflows. However, this speed of implementation has left a critical void: the lack of visibility into how these tools interact with corporate data. This is where Traceforce comes in, a solution designed to provide total control without sacrificing developer agility.
As we explored in articles on the evolution of agents, such as Coasty: The evolution of computer-use agent programming, security must evolve at the same pace as the execution capabilities of these systems.
Deep visibility: Beyond traditional EDR
Traditional security teams often rely on tools like EDR or CASB, which fall short when faced with the complexity of Model Context Protocols (MCPs). Traceforce solves this using a lightweight binary and a browser extension developed in javascript (Node.js), capable of mapping connections between AI applications and data sources.
How does it ensure security?
The platform operates under a scheme of transparency and local control:
- Telemetry monitoring: Collection of metadata regarding which applications and MCPs are running on devices.
- Local inspection: Analysis of tool calls occurs directly on the user's device, ensuring privacy.
- Active prevention: Ability to block or warn about risky actions, such as the execution of destructive commands (e.g.,
DROP TABLE) or API key leakage.
"Security teams can monitor agent activity in real-time, implement controls, and receive alerts about security risks as they emerge," explain its founders, Xia and Varun.
Commitment to the open source ecosystem
One of Traceforce's pillars is its collaborative approach. The company has released a dynamic pentesting tool under an open source license called mcp-xray. This resource is essential for organizations to audit their own MCPs and detect vulnerable configurations before they are exploited.
Conclusion
The current challenge is not to curb the use of AI, but to provide an environment where employees can innovate securely. Traceforce not only identifies risks like plaintext secret exposure, but also fosters a "warn and recognize" culture that allows developers to work without fear, knowing they have a robust layer of protection operating under the hood.
Sources:
- Hacker News (https://news.ycombinator.com/item?id=48937020)
- Traceforce (https://www.traceforce.ai/)
Related articles
16 de julio de 2026
Traceforce: Seguretat i control en la programació amb agents d'IA
Descobreix com Traceforce aborda la ciberseguretat en aplicacions d'IA mitjançant visibilitat en temps real i eines de pentesting open source.
16 de julio de 2026
Traceforce: Seguridad y control en la programación con agentes de IA
Descubre cómo Traceforce aborda la ciberseguridad en aplicaciones de IA mediante visibilidad en tiempo real y herramientas de pentesting open source.
15 de julio de 2026
Coasty: L'evolució de la programació d'agents d'ús informàtic
Coasty arriba per automatitzar programari llegat mitjançant agents visuals, superant les limitacions del RPA tradicional i la manca d'APIs.
15 de julio de 2026
Coasty: The evolution of computer-use agent programming
Coasty arrives to automate legacy software through visual agents, overcoming the limitations of traditional RPA and the lack of APIs.
Loading comments...