GETTING STARTED
FROM ZERO TO PROTECTED IN UNDER 15 MINUTES
This guide walks you through scanning your MCP tools, creating an account, deploying your first Shield Alarm, and receiving your first alert. No prior setup required.
SCAN YOUR MCP TOOLS
Before you create an account, run the MCP Scanner against your local configuration. It checks every MCP server you have configured and assigns a security grade from A (hardened) to F (critical issues found). No account or API key required.
$ npx @agentdefenders/mcp-scan
The scanner discovers MCP server configurations in VS Code, Cursor, Windsurf, and Claude Desktop. It runs four analyzers -- permission audit, transport check, tool-name collision detection, and suspicious environment variable analysis -- then prints a letter grade with a breakdown per server.
Grade A or B = good baseline. Grade C or below = action items listed in the output. Fix those first, then re-scan.
CREATE YOUR ACCOUNT
Sign up at app.agentdefenders.ai/signup with your email or GitHub account. Every new account starts with a 14-day free trial of Shield Pro features -- no credit card required.
After signup you get access to the Shield Dashboard where you can manage alarms, view detection events, configure alert channels, and monitor your security posture across all your projects.
Your account includes 5 Shield Alarms on the free tier. Pro unlocks 50 alarms, all alert channels, and 90-day history retention.
DEPLOY YOUR FIRST ALARM
Install the Shield agent on any machine where your AI agents run. The agent watches for unauthorized access to alarm files, environment variables, and API endpoints you have configured.
$ curl -fsSL https://get.agentdefenders.ai | sh
Once the agent is running, create an alarm from the dashboard. Shield supports several alarm types, each designed for a specific threat vector:
FILE ALARM
Plants a decoy file (credentials, config). Any read triggers an alert.
ENV ALARM
Injects a fake API key into the environment. Any usage triggers an alert.
ENDPOINT ALARM
Exposes a fake LLM API endpoint. Any call triggers an alert.
DNS ALARM
Registers a unique hostname. Any DNS lookup triggers an alert.
Every alarm trigger is a true positive. There are no false alarms -- if the alarm fires, something accessed a resource that no legitimate process should touch.
TEST YOUR ALARM
After deploying an alarm, open its detail page in the dashboard. Click the TEST ALARM button to send a synthetic trigger. Within seconds you should see a test event appear in the alarm timeline and receive an alert through your configured channels.
The test event is clearly marked as synthetic so it will not count toward your incident metrics. Use it to verify your alert pipeline is wired end-to-end before relying on it in production.
SET UP ALERT CHANNELS
Shield can notify you through multiple channels when an alarm fires. Configure one or more from the Settings page in the dashboard:
Free tier includes email and Discord alerts. Slack, Telegram, and webhook channels require Shield Pro.
WHAT HAPPENS NEXT
Once your alarms are deployed and alert channels are configured, Shield runs silently in the background. When an AI agent -- or any process -- accesses one of your alarm resources, here is what happens:
- 01
The alarm fires immediately. The event is logged with a timestamp, source IP, request headers, and the full payload that triggered it.
- 02
Alerts are sent to all your configured channels within seconds.
- 03
The event appears on your Shield Dashboard with full forensic detail so you can investigate the source and scope of the unauthorized access.
- 04
Because every alarm trigger is a guaranteed true positive, you know immediately that something unauthorized happened -- no triage, no noise, no false alarms.
Need help? Reach us at support@agentdefenders.ai
Ready to get started? Scan your tools now -- no account required.