Protect Claude Agents From Long-Context Injection
Claude's 200K context window is a double-edged sword. Your agents can process entire codebases and long documents — but that same window gives attackers more surface area to embed hidden instructions. Rune wraps your Anthropic client to scan every message and tool use block, catching injections buried deep in context that humans would miss.
from anthropic import Anthropic
from rune import Shield
from rune.integrations.anthropic import shield_client
shield = Shield(api_key="rune_live_xxx")
client = shield_client(Anthropic(), shield=shield, agent_id="my-agent")
# Use exactly like a normal Anthropic client
response = client.messages.create(...)Real-World Attack Scenarios
Long-Context Injection
An attacker embeds instructions deep on page 47 of a 100-page PDF that your Claude agent is analyzing. The instruction overrides the system prompt and redirects tool use.
Without Rune: Claude follows the buried instruction, executing unauthorized tool calls that the user reviewing the output would never notice originated from injected content.
With Rune: Rune scans the full content of messages for injection patterns — including long documents — and flags the hidden instruction before it can influence Claude's behavior.
Multi-Turn Context Poisoning
An attacker injects content early in a long conversation that persists across Claude's entire context window, subtly influencing tool use decisions in later turns.
Without Rune: The poisoned context shapes Claude's reasoning for the rest of the session, causing increasingly misaligned tool calls that appear natural.
With Rune: Rune scans every turn for injection patterns and monitors tool call sequences for behavioral anomalies that indicate context poisoning.
How It Works
Install the SDK
pip install runesec[anthropic] — adds the transparent client wrapper for the Anthropic Python SDK.
Wrap your client
Wrap your Anthropic client with shield_client(). Same API, same message types, same streaming behavior. Your existing Claude integration works unchanged.
Monitor and enforce
Every tool use block is scanned before execution. Large documents are analyzed for hidden injections. View events and configure alerts from the dashboard.
Frequently Asked Questions
How does Rune handle Claude's large context window?
Rune scans the full content of every message, including long documents. It detects injection patterns regardless of where they appear in the context — even buried deep in multi-page documents.
Does it work with Claude's tool use API?
Yes. Rune validates every tool_use block Claude generates and every tool_result block returned to Claude. Each block type is scanned with appropriate detection rules.
Will scanning add latency to Claude responses?
L1 pattern matching adds under 5ms. For most Claude use cases involving long documents, this is negligible compared to the LLM inference time.
Can I use Rune with Claude's streaming API?
Yes. The wrapper supports both standard and streaming message creation, scanning tool use blocks as they are generated.
Secure your Claude agents today
Add runtime security in under 5 minutes. Free plan includes 10,000 events per month.