pip install red-specter-glass
Every AI security tool tests from the outside. Run a scan. Get a report. But nobody watches the wire in real time. Your AI agents are making hundreds of API calls per minute — to LLM providers, MCP servers, tool endpoints, and other agents — and you have no visibility into any of it. You are deploying agents whose traffic you have never seen.
Your agent talks to GPT-4, Claude, Gemini, local models, MCP servers, and other agents. You have never inspected a single message. You don't know what your agent is sending or receiving.
API keys, bearer tokens, session credentials — flowing through every request. No interception. No scanning. No alerts. You would never run a web app without a proxy. Why are you running AI agents without one?
Your carefully crafted system prompt — with all your business logic, guardrails, and proprietary instructions — is sent in plaintext with every API call. And you have never looked at what comes back.
Your agents make calls you never authorised. Here is what flies across the wire, unchecked:
GLASS sits between your AI agent and everything it talks to. Every message passes through GLASS — decoded, inspected, scanned, logged. Pause it. Modify it. Drop it. Replay it. The wire is yours.
GLASS does not just proxy HTTP. It decodes AI protocols natively — reassembling streaming responses, parsing JSON-RPC messages, and understanding the structure of every conversation. Not packet capture. Protocol intelligence.
Full decode of chat completion requests and responses. Streaming SSE chunk reassembly. Function calls, tool use, and system prompts extracted and displayed in real time.
Native decode of Anthropic's Messages API. System prompts, tool use blocks, and content blocks parsed individually. Streaming event reconstruction.
Gemini generateContent and streamGenerateContent decoded natively. Safety ratings, citation metadata, and grounding results extracted per response.
Model Context Protocol messages decoded at the JSON-RPC layer. Tool registrations, capability negotiations, and action invocations fully parsed and inspectable.
LangChain callback traffic and LangGraph state transitions intercepted and decoded. Chain step visibility, agent reasoning traces, and tool call sequences.
Google's Agent-to-Agent protocol decoded natively. Task lifecycle, artifact exchange, and capability discovery messages fully visible and modifiable.
Any HTTP/HTTPS traffic proxied with full TLS interception. Request/response pairs captured, headers inspected, bodies decoded. The baseline for everything else.
GLASS gives you the same power over AI agent traffic that Burp Suite gives you over web traffic. Pause any message. Read it. Change it. Send it. Or drop it entirely. Full control over the wire.
Pause any message in transit — request or response. Inspect the full decoded payload. Modify any field: system prompts, user messages, tool calls, function arguments. Forward the modified version or drop it entirely. Man-in-the-middle for AI agents.
Capture entire agent sessions — every request, every response, every tool call, every streaming chunk. Replay sessions with modifications. Inject payloads into recorded sessions. Build regression test suites from real traffic.
Automated traffic modification. Define rules that match patterns in requests or responses and replace them on the fly. Swap system prompts. Inject instructions. Modify tool responses. Runs continuously without manual intervention.
SSE (Server-Sent Events) chunk reassembly in real time. See the complete response as it builds, not as a stream of fragments. Works across OpenAI, Anthropic, and Gemini streaming endpoints. Protocol-native, not regex.
Every message that passes through GLASS is automatically scanned by 10 passive detection engines. No configuration required. No rules to write. Alerts fire in real time on the dashboard. Findings are recorded in the session log with full evidence.
API keys, bearer tokens, passwords, and secrets detected in request and response bodies.
Names, emails, phone numbers, addresses, SSNs, and other personal data flagged in transit.
Detects when system prompts are leaked in model responses — partial or full extraction.
Known injection patterns detected in incoming messages and tool responses before they reach the agent.
Detects suspicious tool invocation patterns — privilege escalation, file system access, network calls to unexpected endpoints.
Detects data being extracted through model responses, tool outputs, or agent-to-agent messages.
Baseline traffic patterns established per session. Deviations in message size, frequency, and content flagged automatically.
Real-time token counting and cost estimation across all proxied traffic. Per-session, per-model, per-agent breakdowns.
Toxicity, bias, and harmful content detected in both agent outputs and model responses using pattern matching.
Detects model substitution by fingerprinting response patterns. Alerts if the model behind the API changes unexpectedly.
GLASS is not a stage. It is the lens through which every stage can be focused. Point FORGE through GLASS to see every payload in transit. Route ARSENAL through GLASS to watch agent exploitation in real time. GLASS amplifies every tool in the pipeline.
Every proxied message displayed in real time. Protocol-decoded. Colour-coded by status. Alerts fire on the right panel when scanners detect issues. Click any row to inspect the full decoded message.
| # | Protocol | Host | Method | Status | Size | Time |
|---|---|---|---|---|---|---|
| 1247 | OpenAI | api.openai.com | POST /v1/chat/completions | 200 | 4.2 KB | 142ms |
| 1246 | MCP | localhost:3001 | JSON-RPC tools/call | 200 | 892 B | 23ms |
| 1245 | Anthropic | api.anthropic.com | POST /v1/messages | 200 | 6.8 KB | 890ms |
| 1244 | A2A | agent-beta:8080 | POST /tasks/send | 200 | 1.1 KB | 45ms |
| 1243 | OpenAI | api.openai.com | POST /v1/chat/completions | 200 | 3.9 KB | 1.2s |
| 1242 | MCP | localhost:3001 | JSON-RPC tools/list | 200 | 2.4 KB | 12ms |
| 1241 | Gemini | generativelanguage.googleapis.com | POST /v1/models/gemini-pro:generate | 200 | 5.1 KB | 670ms |
Everything through the CLI. Start a proxy. Intercept a session. Replay with injected payloads. Scan recorded traffic. Generate a signed report. Pipe it into your SIEM.
Every session recorded by GLASS is cryptographically signed. Every finding is timestamped. Every alert is mapped to MITRE ATLAS. Every report exports natively to your SIEM. Evidence that holds up under audit.
Every recorded session cryptographically signed with Ed25519. Tamper-evident by design. Verify that no message was added, removed, or modified after capture.
Trusted timestamping for every session and finding. Prove when traffic was captured. Prove when alerts fired. Immutable temporal evidence chain.
Every scanner finding mapped to MITRE ATLAS techniques. Machine-learning attack taxonomy applied automatically. Consistent with industry-standard threat classification.
Native export to Splunk (HEC/CIM), Microsoft Sentinel (CEF/Log Analytics), and IBM QRadar (LEEF 2.0/Syslog). One flag. Signatures preserved across export.
Decodes AI protocols, not just HTTP. Understands conversations, not packets.
No equivalent exists. There is no Burp Suite for AI agents. Until now.
Amplifies FORGE, ARSENAL, PHANTOM, and POLTERGEIST. Every tool gains wire visibility.
Ed25519 + RFC 3161. Sessions that hold up under legal and compliance audit.
Instantly understood by every security practitioner on earth. No explanation needed.
Red Specter GLASS is intended for authorised security testing and traffic inspection only. Intercepting network traffic on systems you do not own or have explicit permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Always obtain written authorisation before conducting any security assessments or traffic interception. Apache License 2.0.
Every AI agent has traffic you have never inspected. Every LLM call carries data you have never seen. GLASS gives you the wire. See everything. Intercept anything. Attack through the wire.
Contact