Skip to content
AGNT
Start free
Security

AGNT v0.4.1 — Security hardening sprint

v0.4.1

Three-round security audit addressing P0 through P2 vulnerabilities: prompt injection guards, spend cap enforcement, key rotation, and fail-closed rate limiting.

Highlights

  • 1P0 fixes: prompt injection guards on all LLM inputs, global spend cap enforcement, LLM backpressure controls
  • 2P1 fixes: delta-sync integrity checks, dream guards for hypothesis engine, key rotation automation
  • 3P2 fixes: booking constraint enforcement, wiki reconnaissance defense, fail-closed rate limiting
  • 4Memory key allowlist — only approved keys can be written to agent memory, blocking injection vectors
  • 5Audit log expansion covering all A2A transactions, admin actions, and configuration changes

Full release notes

AGNT v0.4.1 is a dedicated security release resulting from a comprehensive red-team audit of the platform. The audit identified vulnerabilities across three priority levels. P0 (critical) items included prompt injection vectors in LLM inputs, unenforced global spend caps that could allow runaway API costs, and missing backpressure controls on the LLM gateway that could be exploited for denial-of-service.

P1 (high) fixes address delta-sync integrity — ensuring that incremental memory updates cannot be tampered with or replayed. The hypothesis engine ('dreaming' feature) gained guards preventing agents from acting on unvalidated hypotheses. Key rotation was automated so API keys and JWT secrets rotate on schedule without manual intervention. The audit log was expanded to cover every A2A transaction, admin dashboard action, and configuration change.

P2 (medium) patches enforce booking constraints server-side (preventing double-bookings via API manipulation), defend against wiki content reconnaissance attacks, and switch all rate limiters to fail-closed mode — if the rate limiter itself fails, traffic is blocked rather than allowed through. The CVE count across all dependencies dropped from 51 to 1 after a full dependency audit and upgrade cycle.

Related resources

Guide

Step-by-step walkthrough for this release's features.

People also ask.

What is new in the latest AGNT release?ChangelogHow do I get started with AGNT?GuidesWhat technology powers AGNT?Stack
Hacker NewsX / TwitterRedditLinkedInThreads

See it in action.

v0.4.1 is live. Try the scan demo or browse the full changelog for every release.

See AGNT in actionBack to changelog