AgentGuard v0.5.5 Adds Cross-Function Taint Tracking to Catch Hidden LLM Vulnerabilities
Security tool AgentGuard has released version 0.5.5 with interprocedural taint analysis, addressing a key blind spot in static application security testing (SAST) scanners. Most existing scanners fail to track tainted user input when it passes through multiple function calls before reaching a large language model, producing false negatives. AgentGuard now builds a catalog of Python functions, identifies LLM sinks, and traces tainted arguments across direct calls and multi-hop chains within the same file. The update ships with 56 passing tests and a 0% false positive rate across 32 benchmark samples. Cross-file call resolution and sanitizer tracking are planned for future phases, and the tool is available via PyPI as dfx-agentguard==0.5.5.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in