Security Overview
Your AI agent's security posture at a glance — connected accounts, permissions, and recent activity.
What is Epistemic Sec?
AI agents that call external APIs (GitHub, Google, Slack) need OAuth tokens. If those tokens are too broad or long-lived, a single prompt injection can leak data, delete repos, or send emails as you.
We Attack
Inject SQL, extract credentials, simulate abuse — real payloads, not theory
Token Vault Protects
Auth0 scopes tokens down, limits lifetime, blocks unauthorized actions
We Prove It
7-dimension score shows exactly what improved and what's still at risk
Security Score
8
Grade F — Critical
3 critical scopes (−60 pts)
4 high-risk scopes (−32 pts)
3
Connected
Google, GitHub, Slack
20
Permissions
OAuth scopes granted
12
Activity
9 ok · 2 blocked
Connected Accounts
Services your agents can access
Active Connections
GoogleConnected
alex@example.comSince Apr 8, 2026
gmail.readonlygmail.sendcalendar.readonlydrive+4 more
GitHubConnected
alex@example.comSince Apr 12, 2026
repouseremailrepo_hook+2 more
SlackConnected
alex@example.comSince Apr 1, 2026
readwritereadread+2 more
Agent Actions
Run real API calls via Token Vault