This work addresses critical security risks—such as privacy breaches, financial losses, and system compromise—faced by tool-augmented large language model agents during execution. To mitigate these threats, we propose the first lightweight and general-purpose attribute-based access control (ABAC) framework. Designed with a client-server architecture, the framework enables non-intrusive integration of diverse agents on the client side with approximately ten lines of code, while the server employs three complementary mechanisms to detect both intra-tool and cross-tool risks in real time. The system supports fine-grained permission control, visual policy configuration, and runtime auditing. Our open-source implementation demonstrates effective protection across agents implemented in multiple languages and architectural paradigms.

LLM-based agents have recently attracted significant attention due to their ability to autonomously invoke relevant tools to accomplish complex tasks. However, recent studies have shown that these agents face severe security risks, which may lead to privacy leakage, financial loss, or even full system compromise. In this paper, we present AgentGuard, an attribute-based access control framework for tool-use LLM-based agents. AgentGuard adopts a client-server architecture. On the client side, AgentGuard provides lightweight integration for agents implemented in different programming languages and architectures. It requires only minor code modifications (e.g., around 10 lines) without changing the underlying agent execution logic. On the server side, AgentGuard provides three complementary inspection mechanisms to cover both single-tool and cross-tool security risks in agent execution. In addition, it offers a visualized front-end interface for security policy specification and runtime auditing. Currently, AgentGuard is publicly accessible at https://github.com/WhitzardAgent/AgentGuard.