SingGuard-NSFA covers 185 agent threat scenarios
Ant Group’s AI Security Lab has open-sourced SingGuard-NSFA, a security guardrail framework built for autonomous AI agents.
SingGuard-NSFA targets agentic AI systems that do more than generate text. It is built for software that can plan, call tools and carry out actions on its own.
According to Ant Group, the framework focuses on operational threats such as prompt injection. It adds a security layer that intercepts malicious requests and validates responses before an agent executes an autonomous action.
Open-source agent frameworks such as OpenClaw have spread from research labs into business use. Ant Group pointed to OpenClaw’s “one-click deployment” and “full-stack autonomy” as features that also raise risks such as permission escalation and prompt injection.
OWASP’s Top 10 for Agentic Applications 2026 classifies goal hijacking, tool misuse, malicious code execution, and identity and privilege abuse as critical vulnerabilities.
Ant Group argues that traditional security tools often miss those behavioural threats. SingGuard-NSFA is designed to close that gap with controls tailored to agent behaviour.
Its threat taxonomy maps 185 distinct operational threat scenarios across 7 categories. To test and refine the system, Ant Group’s AI Security Lab built a benchmark suite covering 133 languages with nearly 100,000 samples.
Benchmark results underline both scale and speed. The 0.8B parameter model performs at a level comparable with competing 8B models, while the 9B variant reaches real-time detection latency of about 50 milliseconds.
Tsinghua University and ClawAegis
This release builds on earlier work from Ant Group’s AI Security Lab on the open-source agent ecosystem. The lab previously carried out specialised security audits on the OpenClaw framework.
In April 2026, Ant Group and Tsinghua University open-sourced ClawAegis, a security plugin designed to cover the full lifecycle of OpenClaw agents.
Ant Group tied the new framework to more than 20 years of work in payment safety, data security and privacy protection. Those systems already support products including Alipay AI Pay and the AI healthcare app AQ.
As a result, the company is presenting SingGuard-NSFA as a production-ready framework for complex operating environments, not only as a research project.
Following the 12 July 2026 release, developers building agentic AI systems have another open-source security option aimed at prompt injection and other operational threats.





