MVAR is deterministic security for AI agents.
Invariant: UNTRUSTED input + CRITICAL sink -> BLOCK
30-second proof
git clone https://github.com/mvar-security/mvar.git
cd mvar
bash scripts/install.sh
bash scripts/run-agent-testbed.sh --scenario rag_injection
Expected output:
Baseline: ALLOW -> executing bash command
MVAR: BLOCK -> UNTRUSTED input reaching CRITICAL sink
What this demonstrates
- benign tool use still works
- adversarial prompt-injection paths are blocked before execution
- deterministic policy decisions are emitted with auditable metadata
More proof artifacts
- Governed MCP runtime proof:
docs/outreach/GOVERNED_MCP_RUNTIME_PROOF.md
- Attack vector submissions:
docs/ATTACK_VECTOR_SUBMISSIONS.md
MVAR is deterministic security for AI agents.
Invariant:
UNTRUSTED input + CRITICAL sink -> BLOCK30-second proof
git clone https://github.com/mvar-security/mvar.git cd mvar bash scripts/install.sh bash scripts/run-agent-testbed.sh --scenario rag_injectionExpected output:
What this demonstrates
More proof artifacts
docs/outreach/GOVERNED_MCP_RUNTIME_PROOF.mddocs/ATTACK_VECTOR_SUBMISSIONS.md