the universal allowlist
for agents.

frontier models miss 57% of threats in the context your agents consume. brin pre-scans packages, skills, and web pages to detect malware, prompt injection, and supply chain attacks. free.

$
read the docs

every context type

six context types, each with a dedicated threat model and scoring methodology. if your agent can reach it, brin scores it.

sub-10ms

pre-scanned results return in under 10ms. fast enough to sit in the critical path of every agent action — no queues, no cold starts.

one http call

no sdk, no auth, no signup. a single GET request returns a score, verdict, and threat data. add to any agent or pipeline.

##securing context, not agents

the default approach to agent security is guardrails — restricting what the agent can do. block certain tools, sandbox file access, limit network calls. it works, but it also cripples the agent. the more you constrain it, the less useful it becomes.

brin takes a different approach. let agents be as unconstrained as possible — and instead score every piece of external context they interact with. the risk was never the agent. it's the external context the agent trusts by default.

in brin-bench, claude opus missed 57% of the threats brin identified — including 100% of graph-based signals like dependency chains and publisher reputation. the model sees content. brin sees identity, behavior, and trust.

secure the context, not the agent. you get safety without sacrificing capability.

##what we score

six types of artifacts that agents consume autonomously — each with a distinct threat model and scoring methodology.

web pages

prompt injection, phishing, cloaking, hidden exfiltration

70% missed by models

packages

install-time attacks, credential harvesting, typosquatting

71% missed by models

repositories

agent config injection, malicious commits, compromised dependencies

89% missed by models

skills

description injection, output poisoning, instruction override

22% missed by models

pull requests

author risk, prompt injection, secret exposure, CI sabotage

benchmark coming soon

contributors

sleeper accounts, typosquat identities, anomalous activity

60% missed by models

##how it works

before your agent acts on any external context, make a single GET request. brin returns a score, verdict, and any detected threats. if brin is unreachable, the agent continues as normal — zero risk to your existing workflow.

api documentation

##latest findings

real threats detected across the ecosystem.

packagedangerous
|
18 hours ago
web pagedangerous
401564coinbase.com/
1 day ago
domaindangerous
www.401564coinbase.com
1 day ago
domaindangerous
malware.wicar.org
1 day ago
pull requestdangerous
tagspaces/tagspaces
1 day ago
explore registry
<10ms
cached response
artifacts scanned (live)
~2.3×
more threats caught vs models alone

every score brin produces is public and the tools are open-source. the api requires no auth, costs nothing, and handles 300 requests per minute per ip. if you prefer not to depend on the api, download the full dataset and host it on your own infrastructure.

the more widely trust signals are available, the harder it becomes for malicious context to spread. open data makes the entire ecosystem safer.

start scoring agent dependencies.

integrate brin in minutes — one GET request is all it takes. query the api, browse the registry, or download the full dataset.

api documentationexplore registry