Sold by: CyberArkÂ
Deployed on AWS
CyberArk Agent Guard is an AI agent security tool.
Agent Guard can be used to secure secrets retrieval for agents managed via an external secret provider, such as AWS Secrets Manager and CyberArk Secrets Manager, and traceability of AI agent MCP communications via Agent Guard MCP Proxy.
Overview
Agent Guard delivers secure secret retrieval and observability for AI agent communications by reducing the risks of unmonitored access and hardcoded secrets. Designed for environments using STDIO communication, it helps keep secrets ephemeral, centrally managed, and out of code. By auditing all interactions and integrating with AWS Secrets Manager or CyberArk Secrets Manager (previously CyberArk Conjur), Agent Guard provides dynamic, just-in-time secret injection, empowering organizations to meet high standards of compliance, traceability, and operational security without compromising performance or flexibility.
Usage instructions:
- github.com/cyberark/agent-guard/blob/main/docs/agent-guard-containerized.md
Key capabilities and differentiators:
- Auditing and monitoring: Interactions between the AI agent and MCP servers are logged, providing complete traceability and compliance with enterprise security standards.
- STDIO-based deployment support: Ideal for local or containerized environments, the proxy supports STDIO communication while isolating the MCP server from direct access to sensitive data on the host.
- Dynamic secret injection: Secrets are ephemeral, so they are not stored in code or local files. Instead, they are dynamically retrieved from your secrets manager (AWS Secrets Manager or CyberArk Secrets Manager), injected into the MCP server session, and disposed of after use.
- Lightweight and flexible: Easy to deploy and integrate into existing AI workflows without introducing significant overhead.
Integration with AWS:
- Agent Guard is configurable with the Amazon Q Developer agent to trace and audit interactions with MCP servers using Agent Guard MCP proxy capability. It can be used for securely retrieving secrets required by the AWS Q Developer agent and its tools. Those secrets can be retrieved from AWS Secrets Manager or CyberArk Secrets Manager.
- Optional integration with AWS CloudWatch: Centralized logging and monitoring for enhanced observability.
- IAM Role support: Allows only authorized agents to access specific secrets or perform actions.
Please note: this offering is offered free-of-charge and is therefore subject to section 1.4 of the CyberArk SaaS Terms of Use.
Highlights
- Auditing and monitoring: Interactions between the AI agent and MCP servers are logged, providing complete traceability and compliance with enterprise security standards.
- Dynamic secret injection: Secrets are ephemeral, so they are not stored in code or local files. Instead, they are dynamically retrieved from your secrets manager (AWS Secrets Manager or CyberArk Secrets Manager), injected into the MCP server session, and disposed of after use.
- STDIO-based deployment support: Ideal for local or containerized environments, the proxy supports STDIO communication while isolating the MCP server from direct access to sensitive data on the host.
Details
Sold by
Categories
Delivery method
Supported services
Delivery option
CyberArk Agent Guard 1.0.1
Latest version
Operating system
Linux
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
This product is available free of charge. Free subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
CyberArk Agent Guard is a free offering.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
CyberArk Agent Guard 1.0.1
Supported services: Learn moreÂ
- Amazon EKS Anywhere
- Amazon ECS Anywhere
- Amazon ECS
- Amazon EKS
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
Automate injecting secrets into environment variables
Additional details
Usage instructions
github.com/cyberark/agent-guard/blob/main/docs/agent-guard-containerized.md
Support
Vendor support
No product warranty or support is provided with Agent Guard. Instead, visit our repository at github.com/cyberark/agent-guard and join our community to connect with developers, ask questions, and share DevOps security best practices.
Please note: this offering is free of charge and is, therefore, subject to section 1.4 of the CyberArk SaaS Terms of Use.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
CyberArk Workforce Identity
By CyberArk
With CyberArk Workforce & Customer Access solutions, organizations can ensure that the right users have secure access to the right resources at the right time.
CyberArk Endpoint Privilege Manager
By CyberArk
CyberArk Endpoint Privilege Manager (EPM) is an Endpoint Privilege Security solution that helps enforce role-specific least privilege for Windows, macOS and Linux workstations and servers. EPM reduces cyber risks through foundational endpoint security controls, defends against ransomware and credential compromise, and safeguards critical endpoint security agents like EDR. It streamlines operations by reducing IT Service Desk load, allowing for greater efficiency. EPM supports secure digital transformation by empowering end users with flexibility while aligning security with business goals. It also ensures audit and compliance by addressing specific regulations and creating an audit trail for endpoint identity and privilege events.
CyberArk Secure Cloud Access
By CyberArk
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
CyberArk MCP Server for Secure Cloud Access
By CyberArk
Secure, just-in-time cloud access for developers and AI agents using Zero Standing Privileges right from the CLI, IDE, or AI assistant such as Amazon Q Developer.
Privileged Access Management
By CyberArk
CyberArk PAM solutions provide end-to-end security for internal IT admins & 3rd party vendors enabling secure high-risk access used to migrate, scale and operate applications on-premises or in the cloud. CyberArk allows IT teams to implement role-specific least privilege, and workflows for both secure standing access and Just-in-Time/Zero Standing Privileges workflows.
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.