Security●●●Banger
Telos – eBPF/LSM Runtime Security for Autonomous AI Agents
Kernel-level intent tracking stops AI exfiltration where EDR and Docker fail.
WizardryBig BrainBold Bet
nevinshine
103mo ago
Back to browse
GitHub Repository
OS-level runtime auditing for unpredictable automation.
74 starsGo
Logira – eBPF runtime auditing for AI agent runs
by melonattacker·Mar 1, 2026·26 points·3 comments
AI Analysis
●●●BangerSolve My ProblemWizardry
eBPF runtime visibility for AI agents—first tool solving the trust problem with Claude Code and similar.
Strengths
- •Addresses genuine security blind spot (agents lying about what they did) with OS-level truth
- •eBPF + cgroup v2 scoping is technically sound; observe-only design avoids false-positive enforcement
- •Built-in detection rules for credential access, persistence, destructive patterns match real agent risks
Weaknesses
- •Linux-only severely limits adoption in mixed-OS teams; macOS and Windows support TBD
- •Early tooling: no UI for browsing events, no integration with CI/CD systems yet
Category
Target Audience
AI agent developers, DevSecOps engineers, automation security teams
Similar To
Falco · osquery · auditd
Post Description
I started using Claude Code (claude --dangerously-skip-permissions) and Codex (codex --yolo) and realized I had no reliable way to know what they actually did. The agent's own output tells you a story, but it's the agent's story.
logira records exec, file, and network events at the OS level via eBPF, scoped per run. Events are saved locally in JSONL and SQLite. It ships with default detection rules for credential access, persistence changes, suspicious exec patterns, and more. Observe-only – it never blocks.
Similar Projects
Security●●●Banger
Raypher–eBPF-based runtime security and hardware identity for AI agents
eBPF kernel hooks enforce agent boundaries at <0.05ms latency; no API polling tax.
Big BrainBold BetWizardry
Kidiga
213mo ago
Developer Tools●●Solid
A police department for your Claude Code agents
Hash-chained audit log catches agent violations at zero token cost.
WizardryNiche Gem
softie123
1187d ago
Security●●Solid
Automatic Fileless Malware Detection via eBPF Probes and LLMs
eBPF kernel hooks give LLMs direct system state access without command probing.
WizardryBold BetNiche Gem
raulgooo
203mo ago
AI/ML●●Solid
OpenSOP, We got tired of agents lying to us, so we built them a harness
YAML process harness that blocks LLMs from skipping steps with receipts.
Bold BetShip It
carlosamg
5315d ago
Security●●●Banger
AegisBPF – Deterministic Runtime Enforcement via eBPF LSM
LSM hooks block operations synchronously; most eBPF security tools only alert asynchronously.
WizardryNiche GemBig Brain
erenari
203mo ago