From Scanning to Shielding: Defense-in-Depth for AI Agents
Originally published on opena2a.org
Security scanners find vulnerabilities. They run once, produce a report, and stop. But vulnerabilities do not stop being introduced after a scan completes. OpenA2A Shield provides continuous protection -- credential scanning, configuration integrity monitoring, runtime threat detection, and security posture scoring that runs alongside your development workflow.
The Limitation of Point-in-Time Scanning
Traditional security scanning operates in a review-fix-forget cycle. A scanner runs, produces findings, the team fixes them, and the project moves on -- until the next scan reveals new issues introduced since the last run. This gap between scans is where vulnerabilities accumulate.
For AI agent projects, this gap is particularly costly. Agents accumulate credentials for API access, MCP server configurations change as tools are added and removed, and configuration files drift from secure defaults. Shield addresses this by making security monitoring continuous rather than periodic.
Four Layers of Protection
Shield implements defense-in-depth through four complementary layers, each addressing a different class of security concern:
Layer 1: Credential Protection (Secretless)
Prevents AI coding tools from reading credential files. Configures file-blocking rules so that .env, .key, and .pem files are excluded from AI context windows. AI tools reference credentials by variable name, never by value.
opena2a shield secretlessLayer 2: Configuration Integrity (ConfigGuard)
Monitors configuration files for unauthorized changes. Computes SHA-256 hashes of critical configs (MCP settings, agent configurations, security policies) and alerts when files are modified outside of a signed change workflow.
opena2a guard sign # Sign current config state
opena2a guard verify # Check for unauthorized changesLayer 3: Runtime Detection (ARP)
Monitors running agent processes for suspicious behavior patterns -- unexpected network connections, privilege escalation attempts, unauthorized file system access, and anomalous resource consumption.
opena2a shield detect # Run runtime detection scanLayer 4: Security Posture Scoring
Aggregates findings from all layers into a single posture score (0-100) with category breakdowns. Shows the current state, the recovery path, and which actions have the highest impact on the score.
opena2a shield status # View protection status and scoreGetting Started
Shield activates with a single command. It detects your project type and enables the appropriate protection layers automatically.
# Install and activate Shield
npm install -g opena2a-cli
opena2a shield init
# Check protection status
opena2a shield status
# View the security event log
opena2a shield log
# Run integrity self-check
opena2a shield selfcheckShield runs locally with zero network calls. All scanning, monitoring, and scoring happens on your machine. The event log is an append-only JSONL file with SHA-256 hash chain integrity -- each event references the hash of the previous event, making tampering detectable.
Scanning vs Shielding
| Capability | Scanner | Shield |
|---|---|---|
| Credential detection | Point-in-time | Continuous + prevention |
| Config monitoring | Not covered | Hash-verified integrity |
| Runtime threats | Not covered | Process monitoring |
| Posture tracking | Report per scan | Continuous score |
Activate Shield
Credential protection. Config integrity. Runtime detection. Posture scoring.
npx opena2a-cli shield initThis is a condensed version of the full post. Read the complete article on opena2a.org
© 2026 OpenA2A. Open source under Apache-2.0 License.