InnerWarden is a self-hosted runtime security platform designed to provide kernel-level guardrails for AI agents operating on Linux, macOS, and Windows systems. It addresses the risk of compromised or hijacked AI agents by enforcing security boundaries at the operating system level, below the agent itself. This approach allows AI agents to interact with real infrastructure—such as repositories, servers, and data—while preventing unauthorized or dangerous actions that could result from malicious prompts, poisoned files, or attacker-controlled binaries.
The platform operates locally on the user's own infrastructure, with no mandatory cloud account or external API in the enforcement path. InnerWarden uses a combination of 82 host detectors and an eBPF sensor to monitor system activity beneath the agent, screening every command before execution. Commands and tool calls are checked for risks such as secret theft, destructive actions, suspicious downloads, and unsafe changes. An on-device model scores these activities, and the advisory layer is available for free. For enforcement, the kernel Execution Gate blocks any binary that has not been pre-authorized, and DNS Guard prevents resolution of malicious domains, making certain attacks impossible rather than merely detectable.
InnerWarden maintains a tamper-evident, hash-chained, signable audit trail anchored off-host, ensuring that evidence of agent activity remains under the user's control and can be provided to auditors, customers, or regulators. The system is designed to function air-gapped and is positioned as a solution that combines the freedom for agents to perform real work with strict boundaries enforced at the kernel level. The platform integrates with agent platforms and works with tools such as Claude Code, Cursor, OpenClaw, and any MCP client, according to the information provided.
Installation is performed locally with a single command, and the service defaults to a monitor-only mode. All evidence and policy decisions remain on the user's machine, supporting a local-first, sovereign security model. This tool is intended for organizations and individuals deploying AI agents on their own infrastructure who require provable, kernel-enforced control over agent actions.
Self-Hosted Runtime Security is a Security & compliance platforms product. It protects Linux systems and AI agents by monitoring and blocking risky or unauthorized actions in real time. It is built as an open-source project for system administrators and AI developers. Self-Hosted Runtime Security is open source under the Apache-2.0 license. The product ships for the command line, and it can be self-hosted.
It is developed by InnerWarden Contributors, and the product first shipped in 2026. Development happens publicly on GitHub with 161 stars and 1.6k commits in the last 90 days. PulseGate's similarity index finds few close equivalents — Self-Hosted Runtime Security occupies a relatively distinct niche. Key capabilities include agent supervision, linux host protection, and audit trail.
Latest indexed changes and source events
innerwarden.com discovered by the PulseGate indexer
Other apps tracked under the same category.