ThornGuard

ThornGuard is a security proxy for AI agents that use MCP (Model Context Protocol) to connect to external tools. It sits between the AI client and the MCP servers it talks to, inspecting every tool response before the model sees it. Most MCP setups today pass tool responses straight into the model’s context window with nothing in between. That means a compromised or malicious MCP server can hide instructions inside what looks like ordinary data and quietly steer the agent. ThornGuard closes that gap. What it does: • Parses every tool response with tree-sitter (AST-level, not regex) to detect prompt injection and tool-poisoning patterns • Redacts secrets and PII from outbound responses before they reach the model • Keeps a full audit log of what was scanned, flagged, and blocked, accessible from a real-time dashboard • Works with Claude Desktop, Cursor, and VS Code today, with Windsurf, Cline, and Continue on the roadmap • CLI installer handles all the client config changes for you Who it’s for: developers, engineering teams, and security-conscious operators running AI agents with access to real data or tools. Especially useful in team or production settings where “the agent did something weird” becomes a compliance issue. Pricing: paid plans with a 7-day free trial. No free tier, since every tool response runs a semantic pass in the cloud, which is real per-request cost. Built on: Cloudflare Workers, Workers AI, tree-sitter. Categories: MCP security, AI developer tools, prompt injection prevention, AI agent security, dev tools, SaaS. Link: thorns.qwady.app