Adding Security to Your CrewAI Agents

CrewAI makes it easy to build multi-agent systems. But with multiple agents working together, security becomes more complex. If you're also using other frameworks, check our guides for LangChain and AutoGPT.

Multi-Agent Security Challenges

Understanding why agents need permissions is even more critical with multi-agent systems:

• Privilege escalation: One agent grants permissions to another
• Coordination attacks: Agents collude to bypass limits
• Shared resource abuse: One agent exhausts rate limits for all
• Unclear accountability: Which agent caused the problem?

Setting Up Agent Shield with CrewAI

from crewai import Agent, Task, Crew from agentshield import AgentShield shield = AgentShield(api_key="...") # Create protected tools @shield.protect(scope="research.web", agent_id="researcher") def search_web(query): # web search implementation pass @shield.protect(scope="email.send", agent_id="writer", require_approval=True) def send_email(to, content): # email implementation pass # Define agents with specific permissions researcher = Agent( role="Research Analyst", tools=[search_web], # Only has research permissions ) writer = Agent( role="Content Writer", tools=[send_email], # Only has email permissions (with approval) ) crew = Crew(agents=[researcher, writer], tasks=[...])

Per-Agent Rate Limits

Each agent gets independent limits:

shield.configure_limits({ "researcher": {"api.call": {"per_minute": 50}}, "writer": {"email.send": {"per_hour": 10}}, "reviewer": {"files.read": {"per_minute": 100}} })

Agent Coordination Rules

Prevent agents from bypassing security together:

# Agent A cannot grant permissions to Agent B shield.configure_rules({ "no_delegation": True, "shared_limits": False, # Each agent has own limits "require_origin": True # Track which agent initiated })

Audit Trail for Crews

Track the full chain of agent actions. For in-depth logging strategies, see our complete audit logs guide:

{ "crew_id": "crew_xyz", "task_id": "task_123", "actions": [ {"agent": "researcher", "action": "search.web", "time": "14:30:00"}, {"agent": "writer", "action": "email.draft", "time": "14:31:00"}, {"agent": "reviewer", "action": "email.approve", "time": "14:32:00"}, {"agent": "writer", "action": "email.send", "time": "14:32:05"} ] }