Scan beyond source-code bugs
AI-agent security includes secrets, dangerous paths, prompt sources, tool permissions, policies, dependencies, workflows, and sensitive-data context.
Keep evidence in the review loop
Redacted PR comments, status checks, approved issue creation, and policy files make exposure review part of the engineering workflow.
Preserve repository history
CapitalGuard architecture stores score history, exposure events, policy fingerprints, reports, and verification state so each scan strengthens the repository record.
