KeySpot is a runtime credential security layer for agents, scanning checkpoints to detect and vault exposed credentials. No raw secrets persist in agent state. x402 enables per-call payments on Arb
AI agents are accumulating secrets they were never meant to retain.
When an agent calls a tool that returns an API key, database credential, access token, or private key, that secret enters the agent’s runtime state. Without runtime enforcement, it can persist in memory, vector databases, summaries, logs, and downstream agent workflows.
Traditional security tools do not solve this problem. Git hooks, secret scanners, and static analysis operate on source code. They cannot detect credentials that appear dynamically during agent execution.
KeySpot SDK is an open-source runtime credential security layer for autonomous AI agents. It enforces a Checkpoint → Scan → Vault → Replace lifecycle at every critical boundary, including tool calls, memory saves, summaries, session checkpoints, and vector writes.
When a checkpoint is triggered, KeySpot:
Scans state against 40+ credential patterns.
Propagates taint across derived content, including summaries, embeddings, and rewrites.
Vaults detected secrets through a configurable vault adapter.
Replaces raw values with cryptographically signed, TTL-protected reference tokens.
Records an audit event without storing the secret itself.
To minimize exposure, the entire pipeline runs inside an isolated Worker thread. Raw secret values never return to the application process after detection.
The result is a security model where secrets cannot silently accumulate or spread through agent memory, vector stores, databases, or multi-agent systems. Agents operate on secure references while sensitive values remain protected in dedicated vault infrastructure.
KeySpot integrates with x402 for agent-native USDC payments on Arbitrum One and can be added to existing agent frameworks with:
'npm install @roadsidelab/keyspot-sdk'
Autonomous agents can self-onboard by loading:
https://raw.githubusercontent.com/roadsidedev/keyspot-sdk/main/SKILL.md
This allows both developers and agents to adopt KeySpot with minimal configuration.
<p><span>KeySpot was started from scratch during the Arbitrum Open House London Buildathon.</span></p><p><span>We designed and shipped the core runtime security engine, including the full <strong>Checkpoint → Scan → Vault → Replace</strong> lifecycle for AI agents. </span></p><p><span>The SDK can now detect credentials across 40+ secret types, propagate taint through derived content such as summaries and embeddings, vault sensitive values, and replace them with secure references before they persist.</span></p><p><span>During the hackathon we also built:</span></p><ul><li><p><span>The core TypeScript SDK and monorepo architecture</span></p></li><li><p><span>Taint tracking for derived agent state</span></p></li><li><p><span>Vault integrations and secret management adapters</span></p></li><li><p><span>Vector database integrations that intercept writes before secrets persist</span></p></li><li><p><span>PromptShield for prompt injection and exfiltration detection</span></p></li><li><p><span>x402 integration for agent-native USDC payments on Arbitrum One</span></p></li><li><p><span>Documentation, deployment infrastructure, and npm publication</span></p></li></ul><p><span>The SDK is publicly available today via npm, the hosted services are deployed, and the Arbitrum payment flow is functional end-to-end. All core security primitives, taint tracking, and payment infrastructure were designed and implemented during the hackathon.</span></p>
<p>None</p>
