AIToday

Brex builds AI agent control layer at network level, not in rules

VentureBeat AI3h ago
Brex builds AI agent control layer at network level, not in rules

Key takeaway

Brex has open-sourced CrabTrap, a network proxy that intercepts AI agent requests and uses an AI judge to approve or deny them based on policy rules. The company discovered that traditional guardrails cannot contain agents equipped with real credentials like API keys, and shifted enforcement from the code level to the network layer. CEO Pedro Franceschi argues that IT leaders should adopt similar centralized network control rather than relying on SDK-level permissions.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    Brex created CrabTrap, an open-source HTTP/HTTPS proxy that intercepts all network traffic from AI agents, examines policy rules, and uses an LLM-as-a-judge to approve or deny requests. The company found that traditional guardrails could not contain what agents were doing with real credentials like API keys and OAuth tokens.

  • Why it matters

    Brex's approach addresses a gap in how AI agents are currently governed—frameworks like OpenClaw enable agents to act, but lack enterprise-scale safeguards. By enforcing policy at the network layer rather than in the agent's code, organizations can audit and control agent behavior in real time, even when agents have genuine credentials to systems that matter.

  • What to watch

    Brex CEO Pedro Franceschi frames this as a shift in how IT leaders should think about agent governance: moving from SDK-level permissions and model guardrails to centralized network control. How widely CrabTrap is adopted, and whether other enterprises adopt similar network-layer enforcement, will signal whether this architectural approach becomes standard practice.

In Depth

Brex, the fintech company, has built an open-source solution called CrabTrap to address a blind spot in how AI agents are secured at enterprise scale. The problem emerged as agentic frameworks like OpenClaw became widely adopted: while these frameworks enable agents to take actions autonomously, they lack proven mechanisms to govern agent behavior when agents have access to real credentials.

The core issue is that agents need genuine API keys, OAuth tokens, and service accounts to function effectively—they are not merely simulated tools but real gateways to live systems. Traditional guardrails, whether embedded at the SDK level or baked into model training, proved insufficient. Brex co-founder and CEO Pedro Franceschi explained to VentureBeat: "What we noticed was that the network layer was an untapped enforcement point. Every request an agent makes is an opportunity to intercept, reason about, and make a policy decision."

CrabTrap works by operating as an HTTP/HTTPS proxy that sits between agents and the systems they request. It intercepts every outbound request, examines the request against policy rules, and uses a LLM-as-a-judge—an AI system trained to evaluate compliance—to determine whether the request should be approved or denied. This approach centralizes control at the network boundary rather than trying to constrain the agent itself.

Franceschi's recommendation to IT leaders is that agent governance should shift away from SDK-level permissions and model guardrails toward centralized network control. By enforcing policy at the network layer, organizations can maintain audit trails and real-time oversight of agent activity, regardless of what code the agent runs or how it was trained. For enterprises deploying agents with real credentials, this architectural change may become standard practice.

Context & Analysis

The article identifies a structural gap in how AI agents are currently managed. OpenClaw and similar agentic frameworks have become widely adopted, but they operate without proven safeguards at enterprise scale. The challenge is that agents need genuine credentials—API keys, OAuth tokens, service accounts—to be useful, yet traditional guardrails (permissions embedded in the agent's code or baked into the model) cannot effectively limit what agents do once those credentials are in hand.

Brex's insight is architectural: the network layer becomes the enforcement point. Every request an agent makes traverses the network, creating an observation and control opportunity that is independent of the agent's code or training. By placing a proxy at this chokepoint and having it evaluate each request against policy rules using an LLM-as-a-judge, Brex sidesteps the limitations of SDK-level permissions and model-level guardrails. Franceschi's message to IT leaders is that this shift—from application-layer controls to network-layer controls—should become the standard practice for agent governance.

FAQ

How does CrabTrap actually control what agents do?
CrabTrap is an HTTP/HTTPS proxy that intercepts all network traffic from agents, examines policy rules, and uses a LLM-as-a-judge to decide whether each request should be approved or denied.
Why doesn't Brex just use traditional guardrails?
Brex found that traditional guardrails could not contain what agents were doing once they had real credentials like API keys, OAuth tokens, and service accounts.

Get the latest Large Language Models news every morning

AI-summarized, only the topics you pick — one digest a day via Email, Slack, or Discord.

Free · takes 30 seconds · unsubscribe anytime

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →