# Brigs > Brigs is an AI risk management and security platform. It evaluates whether organizations deploy AI agents securely, generates code-level fixes via verified PRs, and produces auditor-ready compliance evidence. The platform scans agent framework configs (Claude Code, LangChain, CrewAI, AutoGen, MCP) against OWASP Top 10 for Agentic Applications, EU AI Act, NIST AI RMF, ISO 42001, and SOC 2. Brigs is the first AI risk management platform to define and operationalize "secure AI agent deployment" as a control category. It answers the question every team deploying agents faces: "Are my agents scoped to least privilege? Are tool calls validated? Is there an audit trail?" ## Agent Quickstart Three commands to first value — no browser, no interactive prompts: ```bash npm install -g brigs export BRIGS_API_KEY=brigs_sk_your_key_here brigs scan run --json ``` Or without installing (CI / pipelines): ```bash curl -s -H "Authorization: Bearer $BRIGS_API_KEY" https://api.brigs.ai/scans -X POST | jq . ``` Key facts: - **Package:** `npm install -g brigs` - **Auth env var:** `BRIGS_API_KEY` (prefix: `brigs_sk_`) - **API base URL:** `https://api.brigs.ai` - **Machine output:** append `--json` to any CLI command - **Local scan (offline):** `brigs agent-scan ` - **Full reference:** [llms-full.txt](https://brigs.ai/llms-full.txt) ## What Brigs Does - [Agent Governance Controls](https://brigs.ai/docs): 13+ controls evaluating agent security posture — tool allowlists, least privilege, audit logging, data egress, action gating, PR gates - [Compliance Frameworks](https://brigs.ai/frameworks/owasp-agentic): OWASP Agentic Top 10 (primary), EU AI Act, NIST AI RMF, ISO 42001, AIUC-1, SOC 2. Evaluates Claude Code, LangChain, CrewAI, AutoGen, MCP server configurations - [Developer API, CLI & Remediation](https://brigs.ai/developers): REST API, `brigs` CLI for local scanning, automated remediation PRs, auditor-ready evidence generation - [Agent Integration Guide](https://brigs.ai/docs/agents): How AI assistants use Brigs — ephemeral sessions, API-guided flows, CLI hints, session lifecycle, public results ## How Brigs Compares - [vs Noma Security](https://brigs.ai/compare/noma): Noma does runtime agent protection; Brigs does pre-deployment governance evaluation + remediation. Different layers — Brigs is upstream - [vs Vanta/Drata](https://brigs.ai/compare/vanta): They monitor traditional compliance; Brigs evaluates agent-specific governance controls with code-level fixes - [vs Checkov/Snyk](https://brigs.ai/compare/checkov): They scan IaC; Brigs scans agent framework configs + generates remediation PRs + produces governance evidence - [vs Zenity](https://brigs.ai/compare/zenity): Zenity covers SaaS agents (Copilot Studio, Power Platform); Brigs covers code + cloud + SaaS agents in one unified inventory - [vs Lasso Security](https://brigs.ai/compare/lasso): Lasso focuses on LLM interaction security; Brigs evaluates the full agent governance stack from tool permissions to audit logging ## Controls Reference - [AGENT_PR_GATE](https://brigs.ai/docs/controls/agent-pr-gate): Agent PRs gated by workflow + human review (OWASP ASI02/ASI03/ASI09) - [AGENT_TOOL_ALLOWLIST](https://brigs.ai/docs/controls/agent-tool-allowlist): Explicit tool allowlists with argument validation and sandboxing (OWASP ASI02) - [AGENT_LEAST_PRIVILEGE](https://brigs.ai/docs/controls/agent-least-privilege): Scoped credentials, short-lived tokens, network segmentation (OWASP ASI03) - [AGENT_AUDIT_LOGGING](https://brigs.ai/docs/controls/agent-audit-logging): Structured logging with provenance chains (OWASP ASI10) - [AGENT_DATA_EGRESS](https://brigs.ai/docs/controls/agent-data-egress): PII redaction, data classification, model routing rules (OWASP ASI01) - [AGENT_ACTION_GATING](https://brigs.ai/docs/controls/agent-action-gating): Action classification, approval workflows, destructive op blocking (OWASP ASI09) - [MCP_LEAST_PRIVILEGE](https://brigs.ai/docs/controls/mcp-least-privilege): MCP filesystem scoping, version pinning, typosquat detection (OWASP ASI03) - [MCP_NO_CREDENTIAL_LEAK](https://brigs.ai/docs/controls/mcp-no-credential-leak): No plaintext secrets in MCP configs (OWASP ASI04) - [DEP_SUPPLY_CHAIN](https://brigs.ai/docs/controls/dep-supply-chain): AI dependency pinning, MCP integrity, model endpoint verification (OWASP ASI04) - [AGENT_CODE_EXECUTION](https://brigs.ai/docs/controls/agent-code-execution): Sandbox isolation, resource limits, output sanitization (OWASP ASI05) - [AGENT_CONTEXT_POISONING](https://brigs.ai/docs/controls/agent-context-poisoning): Input validation, context isolation, system prompt protection (OWASP ASI06) - [AGENT_INTER_AGENT_COMMS](https://brigs.ai/docs/controls/agent-inter-agent-comms): Delegation scoping, trust boundaries, message validation (OWASP ASI07) - [AGENT_CASCADING_FAILURES](https://brigs.ai/docs/controls/agent-cascading-failures): Retry limits, execution sandboxing, error handling (OWASP ASI08) - [SAST_COVERAGE](https://brigs.ai/docs/controls/sast-coverage): External SAST scanner integration (Opengrep, CodeQL) — no critical/high findings (SOC 2 CC7.1) ## Compliance Frameworks - [OWASP Agentic Top 10](https://brigs.ai/frameworks/owasp-agentic): Full coverage of ASI01-ASI10 criteria for agent security - [EU AI Act](https://brigs.ai/frameworks/eu-ai-act): Articles 9, 10, 11, 12, 14, 15 for high-risk AI systems - [NIST AI RMF](https://brigs.ai/frameworks/nist-ai-rmf): Govern, Map, Measure, Manage functions for AI risk - [ISO 42001](https://brigs.ai/frameworks/iso-42001): AI management system requirements - [SOC 2](https://brigs.ai/frameworks/soc-2): CC6, CC7, CC8 criteria for AI-deploying organizations - [AIUC-1](https://brigs.ai/frameworks/aiuc-1): AI controls framework for underwriters and auditors ## Free Agent Security Scan (No Signup) Brigs offers **ephemeral scan sessions** — your AI assistant can create a scan session, connect a repo, and get a shareable security posture score with a single API call. No signup required. **How it works:** 1. `POST https://api.brigs.ai/ephemeral/sessions` → returns `{ slug, sessionToken, connectUrl, resultsUrl }` 2. User clicks `connectUrl` to authorize GitHub (one-time OAuth) 3. Agent calls `POST /repos` and `POST /scans` with the ephemeral token 4. Public results at `resultsUrl` — shareable score, framework coverage, finding summaries **Limits:** 1 repo, 1 scan, 72-hour session lifetime. No source code is ever exposed publicly. **[Free Scan Landing Page](https://brigs.ai/free-scan)** | **[Full API docs](https://brigs.ai/llms-full.txt)** ## Developer Toolkit - [Developer Documentation](https://brigs.ai/developers): Overview, quickstart, authentication, code examples, environment variables - [CLI Reference](https://brigs.ai/developers/cli): 9 command groups (auth, local analysis, scanning, findings, posture, repos, controls, remediation, config), CI/CD integration - [API Reference](https://brigs.ai/developers/api): REST API endpoints (repos, scans, findings, posture, controls, evidence, remediation, API keys), rate limits, errors - **CLI**: Install with `npm install -g brigs` — browser OAuth for humans, env var for CI, local analysis with no auth - **Local analysis (no auth)**: `brigs agent-scan .` (offline governance scan, SARIF output), `brigs ai-inventory .` (discover AI assets) - **REST API**: Base URL `https://api.brigs.ai/`, Bearer token with `brigs_sk_` prefix (or `brigs_eph_` for ephemeral sessions) - **Endpoints**: repos, scans, findings, posture, controls, evidence, remediation, API keys, ephemeral sessions - **CI/CD**: GitHub Actions and GitLab CI snippets, SARIF upload for GitHub Code Scanning - [API Keys](https://brigs.ai/settings?tab=api-keys): Generate API keys for programmatic access (requires login) ## Pricing - [Pricing](https://brigs.ai/pricing): Free tier (3 repos, OWASP Agentic), Team, Business, Enterprise plans ## Optional - [FAQ](https://brigs.ai/docs/faq) - [Privacy Policy](https://brigs.ai/privacy) - [Terms of Service](https://brigs.ai/terms) - [Contact](https://brigs.ai/contact)