Brex releases CrabTrap proxy to solve AI agent security bottleneck
Brex has open-sourced CrabTrap, a network-proxy that uses an LLM to police autonomous agents, a development that could unlock stalled enterprise adoption of agentic AI.
Brex has released CrabTrap, an open-source network proxy designed to secure AI agents at the transport layer. The tool intercepts all outbound HTTP traffic from autonomous agents, using a combination of static rules and a large language model to approve or deny requests in real time.
The release targets a critical bottleneck for corporate AI spending. While agentic frameworks like OpenClaw are gaining traction, enterprises have hesitated to grant agents the API keys and OAuth tokens needed for meaningful work. “The more capable you make an agent, the more dangerous it becomes, and the safer you make it, the less useful it is,” said Brex co-founder and CEO Pedro Franceschi.
CrabTrap operates as a framework-agnostic proxy, avoiding the need for complex per-tool integrations. By routing traffic at the network layer, it applies deterministic rules to predictable, high-volume requests. For the roughly 3% of unusual traffic, it deploys a fast LLM, such as Claude Haiku, to make nuanced decisions.
To prevent prompt injection, where a malicious URL or payload manipulates the security model, Brex structures incoming requests as JSON objects. This ensures user-controlled content is escaped rather than interpreted as raw text by the judging model.
Rather than writing policies from scratch, the platform bootstraps them from observed network traffic. “Our key insight was to bootstrap policy from observed behavior rather than write it from scratch,” Franceschi said. An internal agentic loop analyzes historical data to draft natural-language rules, which are tested against past audit logs before deployment.
For Brex, the immediate impact was operational, resolving internal hesitation about deploying autonomous agents broadly. The audit trails also revealed redundant API calls, allowing the company to trim wasted compute and token costs. “The proxy became a discovery tool, not just an enforcement one,” Franceschi said.
As an open-source project, CrabTrap is positioned to evolve with community input. Future developments are expected to include single sign-on, role-based access controls, and programmatic APIs to automate the policy lifecycle. These features would further align the tool with enterprise compliance requirements.