Skip to main content
Drako is an AI agent security platform that scans your codebase for governance and security risks before deployment, then enforces policies at runtime. It works offline with no account required for scanning, and provides full runtime enforcement when you’re ready.

Quick Start

Install Drako and run your first scan in under two minutes.

Scan Rules

Explore 97 deterministic rules across 16 security categories.

Runtime Enforcement

Protect agents in production with a one-line integration.

CLI Reference

Full reference for every Drako command and flag.

What Drako does

1

Scan your codebase

Run drako scan . to analyze your AI agent project. Drako uses AST-based static analysis — no LLM in the evaluation loop — to produce deterministic results every time.
pip install drako
drako scan .
2

Review findings and scores

Drako produces two scores: a Governance score (are your agents safe?) and a Determinism score (will they behave consistently?). Reachability analysis separates findings that matter from theoretical risks.
3

Generate a config

Run drako init to auto-generate a .drako.yaml config pre-filled with your agents, tools, and recommended policies. Start in audit mode, then upgrade when ready.
4

Enforce at runtime

Add one line to wrap your agent with governance enforcement. Every tool call passes through a 13-stage pipeline before executing.
from drako import govern
crew = govern(crew)

Two scores, two audiences

ScoreAudienceWhat it measures
GovernanceSecurity teamsAre your agents safe to run in production?
DeterminismEngineersWill they behave the same way twice?
Grades run A (90–100) through F (0–39). Start at 100 and deduct per finding, with caps per category.

Key capabilities

97 scan rules

Deterministic rules across security, governance, compliance, determinism, and more. No LLM in the evaluation loop.

Reachability analysis

Separate real risks from theoretical ones. Dangerous tools that no agent uses are dimmed, not screamed at you.

Agent BOM

Pure AST inventory: agents, tools, models, prompts, permissions, MCP servers, and framework versions.

DLP & prompt injection

Presidio-based PII/PCI scanning and bidirectional prompt injection detection on every tool call.

Human-in-the-loop

Pause agents on high-risk actions and escalate to a human. EU AI Act Article 14 compliant.

Audit trail

SHA-256 hash chain with Ed25519 signatures. Tamper-evident, exportable, regulator-ready.

Observability

Built-in dashboard with latency percentiles, violation heatmaps, and drift detection.

EU AI Act compliance

Coverage for Articles 9, 11, 12, and 14. High-risk rules take effect August 2, 2026.

Supported frameworks

Drako integrates with the frameworks your agents already use. Detection is automatic via AST analysis.
FrameworkDetectionFramework-specific rules
CrewAIASTFW-001 → FW-003
LangGraphASTFW-004 → FW-005
AutoGenASTFW-006 → FW-007
Semantic KernelASTFW-008 → FW-009
PydanticAIImportFW-010
LangChainImportGeneral rules
TypeScript/JavaScriptTree-sitter17 additional rules
TypeScript/JavaScript support requires pip install drako[typescript]. This covers LangChain.js, Vercel AI SDK, Mastra, and AutoGen.js.

Build docs developers (and LLMs) love

Get started for freeTalk to us