What is it?
Runtime defense for AI coding agents running across enterprise engineering environments.
Gensee Crate delivers customized enterprise runtime defense for Claude Code, Codex, Cursor, and MCP-style coding workflows by connecting agent intent to OS-level activity before risky commands, file access, credential use, or tool calls happen.
Gensee Crate catches unsafe coding-agent behavior before it becomes a system-level side effect. It connects user requests, agent plans, terminal commands, tool calls, memory, skills, files, credentials, network activity, and processes into one policy-aware trace.
Runtime defense for AI coding agents running across enterprise engineering environments.
It follows coding-agent intent all the way down: terminal commands, MCP/tool calls, memory, skills, files, credentials, network, and processes.
Prompt injection, memory poisoning, credential exposure, unsafe shell commands, risky tool use, and delayed unsafe actions.
A low-latency sidecar beside unmodified coding agents, with centralized policy, monitoring, and on-prem evidence for enterprise deployments.
Any layer can be unsafe: the user request, the agent's plan, or the system action. Gensee Crate maps the full path so it can detect risk and enforce defense in depth instead of trusting one prompt filter.
Agent risk is not always a single bad request. It can be planted in memory, hidden in a skill, carried through an artifact, and triggered days later by a benign-looking task.
A web page, repo, or dependency convinces the agent to save a helpful memory, modify a skill, or leave behind a shell helper.
The agent returns to the project, reads local context, invokes tools, and unknowingly follows the poisoned instruction path.
A file is staged, a secret is touched, a process runs, or a network request leaves the machine. A single-session scanner sees only the final action.
Crate links requests, memories, skill edits, tool calls, artifacts, process launches, file effects, and network activity into one trace.
Memory writes, skill changes, generated scripts, hooks, and executable artifacts become policy surfaces, not invisible agent state.
When Crate blocks or asks for approval, teams can see the chain that made the action risky, not just the last command.
Preliminary AgentCanary Benchmark results show Gensee Crate improving defense rate across threat types.
* Results tested on MacOS running Claude Code with Qwen-3.5-397B model.
Gensee Crate is designed as a non-intrusive runtime sidecar. It works with unmodified coding agents across enterprise engineering environments, without forcing teams to rebuild their agent stack around a security SDK.
Start with Claude Code, Codex, Cursor, and MCP-style tool use as they run today, instead of rebuilding the agent stack around a security SDK.
Designed for where coding agents actually run: developer machines today, managed Linux runtimes next, and centralized enterprise controls across both.
Observe and interpose around tools, files, network, execution, memory, skills, and artifacts without sitting in the user's way.
Targets low false positives and interactive latency, so protection stays practical for real coding sessions instead of slowing developers down.
The same runtime layer feeds company-set policy, centralized monitoring, on-prem evidence storage, identity, alerting, SIEM, and internal developer systems.
Enterprise AI and security teams are starting to ask for runtime defense that follows coding agents across terminals, repos, tools, credentials, endpoints, managed runtimes, and long-running sessions.
“We seek solutions from GenseeAI for in-depth, long-horizon defense for our company-wide AI agent system.”
AI Security Team from a hyperscale IT company
GenseeAI partners with EigentAI and CamelAI, is backed by research from UCSD WukLab, with venture backing from TSFV.
Gensee Crate starts with runtime enforcement around coding agents and extends into centralized policy, monitoring, identity, evidence, and multi-agent controls for company-wide engineering safety.
For individual developers who want local protection when coding agents interact with LLMs, terminals, MCP tools, skills, websites, files, and execution surfaces.
For company-wide engineering safety: distributed deployment, centralized monitoring and control, integration with existing security tooling, company-set policy, identity binding, tamper-evident evidence, quotas, MCP/tool manifests, SIEM integrations, and controls for malicious-human and multi-agent risks.
Book a demo to see Gensee Crate around Claude Code, Codex-style workflows, MCP tools, skills, memory, terminal commands, and system actions. The open-source individual edition is available on GitHub for local trials.