About Vigile
The trust layer for AI agents.
The Problem
"AI agents are connecting to tools they've never verified."
AI agents are becoming the new software supply chain. MCP servers, agent skills, and tool definitions are installed from community registries with little to no security review. A malicious MCP server can exfiltrate sensitive data, inject hidden instructions, or establish covert communication channels — all while appearing perfectly legitimate.
Our Approach
Static Scanning
Multi-engine scanner with 220+ detection checks across MCP, skill, runtime, and backend analysis.
Trust Scoring
5-factor weighted model (code analysis, dependency health, permission safety, behavioral stability, transparency) producing a 0-100 trust score.
Runtime Monitoring
Sentinel watches what MCP servers actually do on the network — detecting C2 beaconing, data exfiltration, DNS tunneling, and credential theft in real time.
Community Registry
Crowdsourced trust database for MCP servers and agent skills, with automated crawling from npm and GitHub.
The Solution
Vigile wraps every layer of the AI agent supply chain — from static source analysis and dependency scoring to real-time network monitoring — into a single trust signal you can act on. One command, zero config.
By the Numbers
Open Source & Transparency
The Vigile CLI scanner is free and open source (Apache 2.0), available on npm. Every trust score is computed against a documented, public methodology — no black boxes. Our security policy is public, and we welcome responsible disclosure from the community.