The Problem
As multi-agent systems grow (LangGraph, CrewAI, AutoGen, A2A protocol), agents communicate with each other — passing tasks, results, and instructions between them. No security tool currently scans agent-to-agent traffic for prompt injection or poisoned payloads.
An attacker who compromises one agent can use it to inject malicious instructions into every agent it communicates with. This is the "Agent Patient Zero" problem.
Proposed Solution: Bridge Filter
A new SUNGLASSES component that sits between agents and scans inter-agent messages:
from sunglasses.bridge import BridgeFilter
bridge = BridgeFilter()
# Scan a message before passing it to the next agent
result = bridge.scan_handoff(
from_agent="researcher",
to_agent="writer",
payload=message_content
)
if result.is_clean:
writer.receive(message_content)
else:
# Quarantine the message, alert the orchestrator
bridge.quarantine(result)Key capabilities:
- Scan all inter-agent message payloads for injection attacks
- Track trust chains (which agent sent what to whom)
- Detect privilege escalation attempts (agent A trying to get agent B to use tools agent A can't access)
- Quarantine suspicious messages without killing the workflow
- Integrate with Google's A2A protocol and existing frameworks
Context
Our research found that no existing agent framework has built-in secure agent-to-agent communication scanning. This is a greenfield opportunity.
Thesis: "A2A solves interoperability. Sunglasses solves trust."
How to Contribute
This is a larger feature — but individual pieces are approachable:
- Design the
BridgeFilter API interface
- Define what "trust chain" metadata looks like
- Write detection patterns specific to agent-to-agent attacks (instruction delegation abuse, tool access escalation)
- Build framework adapters (LangGraph, CrewAI, AutoGen)
See sunglasses.dev/thesis for our security philosophy. 🕶️
The Problem
As multi-agent systems grow (LangGraph, CrewAI, AutoGen, A2A protocol), agents communicate with each other — passing tasks, results, and instructions between them. No security tool currently scans agent-to-agent traffic for prompt injection or poisoned payloads.
An attacker who compromises one agent can use it to inject malicious instructions into every agent it communicates with. This is the "Agent Patient Zero" problem.
Proposed Solution: Bridge Filter
A new SUNGLASSES component that sits between agents and scans inter-agent messages:
Key capabilities:
Context
Our research found that no existing agent framework has built-in secure agent-to-agent communication scanning. This is a greenfield opportunity.
Thesis: "A2A solves interoperability. Sunglasses solves trust."
How to Contribute
This is a larger feature — but individual pieces are approachable:
BridgeFilterAPI interfaceSee sunglasses.dev/thesis for our security philosophy. 🕶️