AgentX coverage
We stop 23 of the 32. Here are the 9 we do not fully stop.
The ARE Incident Database is a public registry of 32 catastrophic agent failures that actually happened, each one cited and indexed onto the OWASP Agentic Security Top 10. This page is our claim against it, and every claim on it ships a check you can run.
Most vendors tell you what they block. Almost nobody tells you what they miss, because a list of misses is a list a competitor can quote. Ours is below.
Category by category.
AgentX stops 6 of the 10 OWASP ASI categories at the action layer. The other 4 are named here, with what is missing and who owns it instead. A security engineer who catches you overclaiming once will never believe the rest of it, so we would rather hand you the list ourselves.
Do not trust it. Run it.
11 of the covered entries ship a check you can copy off this page and execute. No key, no gateway, no account, and nothing leaves your machine. This is the Replit production wipe, from the registry, against the free package:
pip install agentx-security-sdkfrom agentx_sdk import agentx_protect, is_block
@agentx_protect(agent_id="aredb-check", action="db_write")
def run_sql(query: str):
return "EXECUTED" # the agent never gets here
result = run_sql("DROP TABLE users;")
print(is_block(result)) # True
print(result) # the block, and the safe path to take insteadWe do not take our own word for it either. A test in the registry repo scrapes the snippet out of every published entry and runs it against a real install, asserting that the block fires and that the tool body never executed. It runs on every push. If a claim stops being true, the entry gets reclassified, not reworded. Read the test.
The registry is not ours to grade.
AREDB is maintained by AgentX Core and it is deliberately not an AgentX marketing surface. It carries no install line, no product nav, and a coverage index any vendor may join on the same terms we hold ourselves to here. If you build in this space, claim your coverage.