AKIOS
The Open-Source Security Cage
for AI Agents
Cage your AI agents before they leak data, burn budgets, or run unchecked.
Kernel-level sandbox · Real-time PII redaction · Tamper-proof audit · Cost & loop kill-switches
pip install akios
Why AKIOS
Sandboxed by Default
Run agents in a strict kernel sandbox (seccomp-bpf + userns). Network and filesystem access denied by default.
Cost & Loop Kills
Hard kill-switches for API costs and infinite loops. Enforce budgets per workflow.
PII Redaction
Real-time PII detection and redaction built-in. 53 patterns catch emails, SSNs, credit cards, API keys, and more — before data reaches any provider.
Auditable Logs
Ship auditable logs and reproducible builds. Every action is signed and traceable.
Explicit Policies
Connect tools with explicit policies, not magic. You define exactly what an agent can access.
Minimal & Native
Single binary, no heavy dependencies. Native Unix design for clean CI/CD integration.
Quickstart (3 minutes)
Install AKIOS and run your first sandboxed AI workflow. You'll see kernel-level isolation, PII redaction, and audit logging — working out of the box.
# Install
pip install akios
# Initialize a project
akios init my-project
cd my-project
# Run the sample workflow
akios run templates/hello-workflow.ymlExpected output:
[akios] environment: native linux (kernel-hard)
[akios] sandbox: seccomp-bpf, cgroups v2
[akios] pii: redaction enabled (53 patterns)
[akios] audit: Merkle trail initialized
[akios] workflow: completed successfully in 1.2sArchitecture
Runtime layers: policy engine, kernel sandbox (seccomp + cgroups), PII redaction, budget/loop controls, tamper-proof audit — then agents access tools/APIs under your explicit policies.
Security guarantees (every run)
The cage enforces these controls for every agent:
- Process IsolationKernel controls (cgroups v2 + seccomp‑bpf) enforce hard boundaries between every agent process.
- Syscall FilteringDefault‑deny policy on network and filesystem. Only explicitly allowed calls pass.
- PII Redaction53 patterns detect and redact sensitive data in real time — on all inputs and outputs.
- Tamper-Proof AuditEvery action is cryptographically signed into a Merkle chain. Logs can't be altered after the fact.
- Cost & Loop Kill-SwitchesHard budget limits per workflow. Runaway agents are terminated, not throttled.
- Sandbox-First ExecutionThe sandbox is enforced before any tool call. No code runs outside the boundary.
Core agents
Four built-in agents cover typical workflows, all running inside the security cage:
Filesystem
Allowlisted reads, optional writes; path and mode constrained.
HTTP
Rate-limited requests with PII-redacted payloads and headers.
LLM
Token and cost tracking with budget kills; prompts/responses redacted.
Tool Executor
Whitelisted commands in a sandboxed subprocess with syscall filtering.
Trusted across regulated industries
See how organizations use AKIOS to integrate AI securely and stay compliant — from healthcare to government.
HIPAA-compliant PII redaction and audit trails for patient data processed by AI agents. EU AI Act high-risk ready.
Read case study → Banking & InsuranceSandboxed AI workflows for transaction fraud detection under GLBA, SOX, and BSA/AML compliance controls.
Read case study → AccountingSecure document processing and financial data extraction under SOX and PCAOB audit controls.
Read case study → LegalPrivilege-preserving contract review and document analysis with complete network isolation and audit trails.
Read case study → GovernmentAir-gapped, auditable AI deployments meeting FedRAMP, NIST 800-53, and FISMA data sovereignty requirements.
Read case study → InsuranceSandboxed AI for claims processing with PII redaction, fraud detection, and NAIC-compliant audit trails.
Read case study → PharmaceuticalAI-powered clinical trial analysis under FDA 21 CFR Part 11, HIPAA, and GCP controls with full reproducibility.
Read case study → Energy & UtilitiesOT-isolated AI for grid anomaly detection under NERC CIP with zero control-system access and complete audit trails.
Read case study →EnforceCore
The open-source enforcement framework we designed as the foundation of AKIOS. Runtime policy enforcement, PII redaction, Merkle audit, and resource guards — for any Python agent framework.
Policy Engine
Declarative YAML policies evaluated at every call boundary. Mandatory, not advisory.
PII Redactor
Real-time detection and redaction on inputs and outputs. Configurable strategies.
Merkle Auditor
SHA-256 Merkle tree audit trail. Tamper-proof, cryptographically chained.
Resource Guard
Cross-platform resource limits: time, memory, cost. Automatic kill-switch.
Frequently asked
What about performance?
25ms startup on t3.medium, 44+ workflows/sec throughput, ~21MB memory. <5ms policy enforcement, <50ms PII redaction. Full benchmarks in docs.
How much does it cost?
AKIOS is completely free and open source under GPL-3.0-only. No licensing fees. Download, deploy, and run on your infrastructure.
Will it work with my stack?
AKIOS works with OpenAI, Anthropic, AWS Bedrock, Grok, Mistral, and Gemini. Run on Linux (kernel-hard), macOS, or Docker. pip install or container — your choice.
How is security actually enforced?
seccomp-bpf on Linux + kernel namespaces. Docker container isolation on other platforms. Policies signed & verified before execution.
Ready to Cage Your AI Agents?
Get hands-on in minutes with our Quickstart, or explore the code on GitHub. AKIOS is free, open source, and ready for your first workflow.
Need help or to report an issue? Use GitHub Discussions or Issues — no contact form to keep support open and transparent.
Have a question? Visit the Community page or use GitHub Discussions/Issues for open, transparent support.