As organizations rapidly adopt AI-driven systems, Permiso Security has taken a significant step to strengthen security by introducing SandyClaw, a dynamic analysis platform designed specifically to evaluate AI agent skills. This launch comes at a time when AI agents are becoming deeply embedded in enterprise operations, thereby increasing the need for advanced security mechanisms that go beyond traditional approaches.
AI agents rely heavily on downloadable “skills” to interact with tools, APIs, and services. However, as skill marketplaces expand, they are increasingly resembling a software supply chain making them attractive targets for attackers. Consequently, malicious actors have already started publishing harmful skills, exposing organizations to new and evolving threats. While existing security methods depend largely on static code analysis or large language model (LLM)-based evaluations, these approaches fail to detect behaviors that only appear during execution.
To address this critical gap, Permiso Security developed SandyClaw to execute skills within a secure sandbox environment. By doing so, the platform captures and records every action at both the LLM and operating system levels. Moreover, it provides a detailed, evidence-backed verdict using multiple detection engines, ensuring organizations gain complete visibility into how a skill behaves before deployment.
Notably, SandyClaw introduces a behavioral-first approach to AI security. Instead of simply scanning code, it actively detonates agent skills and monitors activities such as network calls, file writes, domain resolutions, and access to sensitive environment variables. In addition, the platform intercepts and decrypts SSL traffic, which allows it to uncover hidden data exfiltration attempts that traditional tools might miss.
“Agents are only as trustworthy as the skills they run. As skill marketplaces become the primary distribution channel for agent capabilities, the ability to validate what a skill actually does before it reaches your environment becomes a security requirement, not a nice-to-have. That is what SandyClaw delivers.”
- Paul Nguyen, Co-Founder and Co-CEO, Permiso Security
Furthermore, SandyClaw integrates multiple detection engines, including Sigma, Yara, Nova, and Snort, alongside custom-built detection rules. As a result, security teams receive transparent and verifiable insights rather than relying on abstract risk scores. This transparency empowers organizations to independently validate findings and make informed security decisions.
Equally important, the platform supports major AI agent frameworks such as OpenClaw, Cursor, and Codex. It can also automatically analyze skills whenever they are downloaded or installed, ensuring continuous monitoring across environments. This capability significantly reduces the risk of introducing compromised or malicious components into enterprise systems.
“Most skill scanners inspect code or ask an LLM for an opinion. But real risk shows up at runtime: network activity, file writes, and access to sensitive environment variables. SandyClaw was built on the belief that behavior is more revealing than source code alone. We detonate the skill, capture everything it does, and let the evidence speak for itself.”
- Ian Ahl, CTO, Permiso Security
Ultimately, with the introduction of SandyClaw, Permiso Security is redefining how organizations approach AI security. By shifting from static analysis to real-time behavioral monitoring, the company enables enterprises to proactively identify risks, enforce stronger controls, and safely scale AI adoption in an increasingly complex threat landscape.
Recommended Cyber Technology News :
- Hammerspace Adds FIPS 140-3 Cryptography Support to Strengthen Data Security
- SEALSQ Strengthens Blockchain Security with Post-Quantum Cryptography
- NordVPN Introduces Crypto Wallet Address Checker to Tackle Cryptocurrency Fraud
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.c
