Brex Develops Novel AI Agent Security Platform by Observing Behavior
Fintech company Brex has developed an innovative internal platform called CrabTrap to manage the security risks associated with AI agents, particularly those utilizing frameworks like OpenClaw. Traditional security measures, such as SDK-level permissions and model guardrails, proved insufficient for enterprise-scale agent operations that require real credentials like API keys and OAuth tokens. Brex's approach focuses on intercepting and analyzing all network traffic at the transport layer, enabling nuanced policy decisions for agent requests. This method is framework-agnostic, language-agnostic, and API-agnostic, requiring only simple environment variable configurations for agents. The CrabTrap platform combines deterministic rules with a sophisticated LLM-as-a-judge system, which handles a small percentage of complex or novel requests. A key innovation is its policy-building process, which bootstraps policies from observed agent behavior rather than from pre-defined rules. This involves running agents in shadow mode, analyzing historical network traffic, and drafting natural-language policies that accurately reflect actual agent actions. An evaluation system tests policy changes before deployment, and a live feedback loop allows for continuous refinement based on observed denials and traffic patterns. Brex found this behavioral approach to be significantly more effective than starting from scratch. The platform has also addressed concerns about latency by using fast models and limiting the LLM judge's activation to a small fraction of requests. Prompt injection vulnerabilities are mitigated by structuring requests as JSON objects, ensuring user-controlled content is properly escaped. Ultimately, CrabTrap has fostered greater organizational confidence in deploying AI agents broadly across business operations, transforming the calculus of agent management and delegation.
Brex's CrabTrap platform highlights a critical shift in AI agent governance, moving from prescriptive rule-writing to adaptive, behavior-based enforcement. This approach leverages the network transport layer, an often overlooked but powerful control point, to create a more dynamic and resilient security posture. By observing and learning from actual agent interactions, Brex sidesteps the limitations of static guardrails, which can be easily bypassed or become obsolete with evolving agent capabilities. The integration of an LLM-as-a-judge, judiciously applied to edge cases, offers a scalable way to handle complexity without introducing prohibitive latency. This strategy underscores a broader trend: as AI systems become more autonomous and integrated into business processes, their governance must evolve from rigid controls to intelligent, context-aware systems that can adapt to emergent behaviors and unforeseen scenarios. The success of this model suggests that future enterprise AI security will increasingly rely on continuous monitoring, adaptive policy generation, and a layered defense strategy that incorporates network-level intelligence.
AI-generated to prompt reflection — not editorial opinion, not advice, not a statement of fact. How this works.