CalHacks 2026

Secure your AI agents
before they ship risk.

Sentinel scans your GitHub repo for AI-agent risk, MCP exposure, prompt injection, secret exfiltration, dangerous tool permissions, and cost abuse, then shows the fix path in one dashboard.

AI agents
agents + MCP mapped
Attack paths
blast radius ranked
Fix plan
least-privilege repair

Try the dashboard flow with a demo repo:

Agentslive
agent has shell + network
MCPlive
server exposes 12 tools
Secretslive
env token reachable
Costlive
unbounded retry loop
Sentinel logo
Agentic risk replayfix path ready
prompt → tool → secret blockedguard added_

Root cause

Agent can reach secrets through tools

User prompt reaches autonomous agent
Agent has filesystem and network tools
Secrets are reachable through runtime env
Patch limits tools and blocks exfiltration
Fix confidence94%

The dashboard makes security obvious

3 min
From scan to plain-English explanation
6
Risk classes mapped from your repo
$0
Worst-case cost exposure after hardening
24/7
Voice Q&A for builders and owners

User journey

Paste a repo.
See the risk. Ship the fix.

The product is not a generic scanner. It is a mission-control dashboard for AI-agent security: every scan explains what can be attacked, what it can cost, who owns it, and exactly what needs to change.

1. Scan the repo

Point Sentinel at GitHub

Paste a repository URL. Sentinel pulls real source, detects AI agents and MCP servers, then builds a security map without asking for credentials.

repo -> agents -> tools_
2. See what can go wrong

Turn code into attack paths

The dashboard shows critical risks, tool permissions, secret reachability, cost exposure, blast radius, and attacker kill chains in one place.

prompt -> tool -> secret_
3. Fix what matters

Ship least-privilege fixes

Sentinel explains the root cause, recommends code and config changes, and gives your team remediation notes that map directly to the finding.

finding -> patch -> trust_

What Sentinel fixes

The risks normal code scanners miss in AI-powered apps.

The dashboard categories are the marketing promise: Sentinel finds the new attack surface created by agents, tools, MCP servers, and LLM cost loops.

Prompt Injection

Guard prompts, sanitize retrieved context, and restrict tool execution.

Secret Exfiltration

Remove paths from agents to env vars, logs, files, and cloud tokens.

Tool Permissions

Apply least privilege across shell, filesystem, network, database, and cloud tools.

MCP Exposure

Audit MCP servers, commands, transports, tool counts, and unsafe external reach.

Cost Abuse

Add rate limits, loop controls, retry caps, and budget-aware execution paths.

AI Agent Blast Radius

Show what each agent can touch, what it can leak, and how to shrink the radius.

Everything connected

From agent risk
to owner, patch, and trust.

Other tools hand you isolated alerts. Sentinel stitches agent permissions, MCP servers, reachable secrets, attack paths, cost exposure, and suggested fixes into one dashboard flow.

Inventory the agents

Detect AI agents, MCP servers, tools, commands, transports, and risky capabilities.

Rank the blast radius

Show critical paths from prompt to tool to secret, cloud, database, or runaway spend.

Ship the hardening

Turn each finding into least-privilege changes and remediation notes for engineering.

Replay

Agent attack path

critical
agent.config.ts
500
blast radius
tools.shell=true
secrets.env=reachable
limits.rate=patched

Surface

agent -> MCP -> tools

Owner

@platform-security

Fix

least-privilege guardrails

Plain-English Security Report

Security results
a builder can actually use

We do not just throw CVE names and stack traces at small teams. Sentinel turns every finding into what happened, why it matters, and what to fix first, with video walkthroughs and a voice assistant for people who do not live in security tooling.

Security Report

5 issues found. Here is the fix order.

C
No auth on dashboard routesFix now
Vite dependency has known CVEUpgrade
API base URL exposed to clientMove env

Guided video

A short walkthrough explains the issue like a teammate would.

Voice assistant

Ask what happened, what to fix, and what customers need to know.

Why now

People are building apps faster than they can secure them.

Small business owners, vibe coders, and solo builders can ship a real app in a weekend. But the app still has auth, secrets, APIs, dependencies, agents, tools, and customer data.

Sentinel sits beside them like a security teammate: it scans the repo, explains the scary parts in plain English, and turns issues into fixes they can understand.

For vibe coders

You can keep building fast without pretending you understand every security term.

For small businesses

Know whether the app taking payments, bookings, or customer data is safe enough to launch.

For non-security teams

Video explanations and voice Q&A turn findings into a clear next step, not a panic spiral.

How it works

The dashboard journey
from repo to fix

Connect → Map → Prioritize → Fix → Monitor. A buyer-friendly story backed by engineering-grade evidence.

1

Connect

Paste a GitHub repo. Sentinel reads real source, caches the scan, and starts mapping code, AI agents, MCP servers, tools, and dependencies.

2

Map

Find every agent, MCP server, tool permission, reachable secret, external sink, and cost exposure before an attacker chains them together.

3

Prioritize

Convert raw findings into attack paths, blast radius, plain-English impact, and fix order so teams know what matters first.

4

Fix

Generate least-privilege hardening, prompt guards, rate limits, MCP fixes, and PR-ready remediation notes that engineers can review.

5

Monitor

Track scan health, critical risk count, fix progress, upcoming scans, and regressions across every repo.

The AI Security Team

Five fix lanes for
AI-agent security

These are the risk lanes visible in the product: prompt injection, secret exfiltration, MCP exposure, tool permissions, and cost abuse.

Prompt Injection

Malicious instructions hidden in user input

Finds where LLM prompts trust untrusted text, tool results, or retrieved context. Then adds guardrails, validation, and safer prompt boundaries.

Jailbreak pathsUnsafe tool callsPrompt leaksContext poisoning

Secret Exfiltration

Agents and tools that can reach keys

Maps every path from an AI agent to environment variables, files, logs, and cloud credentials. Then reduces access and patches unsafe reads.

API keysEnv leaksToken exposureLog leakage

MCP Exposure

Model Context Protocol servers with risky reach

Discovers MCP configs, commands, transports, and tools. Then shows which servers can touch shell, files, databases, network, cloud, or secrets.

MCP serversTool sprawlShell accessNetwork sinks

Tool Permissions

Over-powered agents before they become incidents

Builds a blast-radius view of each agent: filesystem, database, network, email, shell, cloud, and secrets. Then suggests least-privilege fixes.

Shell toolsFile writesDatabase accessCloud permissions

Cost Abuse

Runaway LLM usage and missing rate limits

Models current and worst-case monthly spend when agents can loop, retry, or be abused. Then adds caps, throttles, and safer execution paths.

Token loopsNo rate limitsRetry stormsWorst-case spend

Dashboard surfaces

Every screen answers one question

What is risky, why does it matter, and what should we fix first?

Voice Assistant

Let builders ask what a finding means, what to fix first, and how to explain the risk to a customer or client.

Security Dashboard

Track scan health, fix progress, recent scans, upcoming runs, and critical risk count from one calm owner-ready view.

Security Copilot

Run a repo scan that maps AI agents, MCP servers, attack paths, blast radius, and cost exposure like a mission control panel.

One product, three clear views

Marketable for founders.
Actionable for engineers.

Sentinel translates the same scan into a Copilot mission view, a deep agent-security graph, and a breach/fix workflow.

Security Copilot

The top-level mission control view: repo input, plain-English report, pulse chart, risk KPIs, heatmap, and cost exposure.

Repo-to-risk scan flow
Guided video explanation
Risk KPIs and pulse chart
Voice assistant for follow-up

Agent Security

The deep technical view for engineering: agents, MCP servers, capabilities, attack graph, blast radius, and remediation report.

Agent and MCP discovery
Permission blast radius
Attack graph and stages
Downloadable remediation report

Breach + Auto Fix

The proof-and-repair view: show the attacker path, explain the impact, then move directly into prioritized hardening.

Live attack terminal
Customer impact from findings
DAST-style evidence
Fix-first remediation path
Humanized security

You should not need a security team to understand your security report.

Sentinel is built for the people actually shipping the product: founders, freelancers, vibe coders, agencies, and small teams. It explains each issue like a patient teammate, then turns the fix into a short action list.

A short video walks through what happened and why it matters.
A voice assistant answers follow-up questions in plain English.
Auto-Fix turns confusing findings into fix tickets and PR steps.

Sentinel Assistant

Ask anything about the report

What does “No Authentication on Any Route” mean for my finance dashboard?
Anyone who finds your URL could open customer and transaction pages. Fix auth first, then upgrade the vulnerable dependency.
Video summary ready
Sentinel logo

Ship the app fast.
Understand the risk before customers do.

Run a repo scan, watch the explanation, ask the assistant what it means, and fix the dangerous paths before launch.