AI Agent Protection - FAQs | Avast
Skip to main content

AI Agent Protection - FAQs

General

What is AI Agent Protection?

AI Agent Protection (Sage) is feature available in the new Avast One on Windows. It is a real-time security layer that sits between your AI agent and your system. Before an action executes (running a command, downloading a file, writing to disk), AI Agent Protection checks it first and either allows it, blocks it, or asks you for input. It helps your agents work fast without letting threats slip through.

AI Agent Protection is available in both free and paid versions of New Avast One:

  • New Avast One with Free Antivirus
  • New Avast One with Premium Security

What platforms does AI Agent Protection support?

AI Agent Protection works with Claude Code, Cursor, and OpenClaw. All platforms share the same detection engine and threat rules, so you get the same level of protection regardless of which tool you use. We are actively expanding platform support.

Setup

How do I enable AI Agent Protection?

To enable AI Agent Protection:

  1. Open Avast One, hover your cursor over the side menu and select Premium Security (or Free Antivirus).
  2. Select AI Agent Protection.
  3. Next to the supported platform(s) of your choice, click Add Protection.
  4. The onboarding page for Sage opens: https://ai.gendigital.com/sage.
  5. Follow the on-screen instructions to complete the installation.

Once installed, Sage integrates with the agent’s tool calls and analyzes them before execution. Each action initiated by the AI agent receives one of three verdicts: Allow, Ask, Deny.

How do I turn off AI Agent Protection?

To turn off AI Agent Protection:

  1. Open Avast One, hover your cursor over the side menu and select Premium Security (or Free Antivirus).
  2. Select AI Agent Protection.
  3. Next to the supported platform(s), click ••• (the three-dots), and select Remove protection.

AI Agent Protection is disabled.

Usage and information

What is the three-verdict system?

Every action your AI agent attempts gets one of three verdicts:

  • Allow: No threat detected. The action proceeds normally.
  • Ask: Something looks suspicious. The action is paused so you can approve or reject it.
  • Deny: Confirmed threat. Blocked automatically, no action needed from you.

How are verdicts determined?

Verdicts are the result of multiple detection layers running in parallel:

  • Local heuristics: Pattern-based rules that catch dangerous commands, credential exposure, obfuscation, and more. For example, if your agent tries to run a command that would delete your entire home directory, this layer catches it before it executes.
  • URL reputation: Real-time lookups against Avast threat intelligence to identify malicious, phishing, or scam URLs. If your agent fetches a URL that Avast already knows is hosting malware or a fake login page, it is blocked instantly.
  • Package supply-chain checks: Verifies whether packages (third-party libraries and tools your agent may try to install) are legitimate, checks file reputation, and flags suspiciously new packages. If your agent tries to install a package that was only published two hours ago with a name one character off from a popular library, this layer flags it as a likely attack.

Each layer produces a signal with a confidence score. The decision engine combines all signals and decides the verdict.

What types of threats does AI Agent Protection stop automatically?

AI Agent Protection automatically blocks confirmed threats, including:

  • Malicious URLs: Links that lead to malware downloads, phishing pages, or scam sites.
  • Destructive commands: Commands that could delete critical files or wipe important data from your system.
  • Prompt injection attacks: Hidden instructions in files, websites, or chats that try to trick your AI agent into ignoring your commands or leaking data.
  • Reverse shells: Tricks that let an attacker remotely control your machine by opening a hidden connection back to them.
  • Credential leaks: Accidentally exposing passwords, API keys, or access tokens (for example, by including them in code your agent writes or shares).
  • Supply-chain attacks: Installing software packages that are compromised, fake, or intentionally named to look like popular legitimate ones (known as "typosquatting").
  • Unsafe plugins and tools: AI plugins, skills, or tools that ask for too much access or contain built‑in malicious behavior.
  • Malicious scripts in AI content: Dangerous scripts or code snippets hidden inside files your AI agent creates or opens.
  • Obfuscated payloads: Malicious commands disguised using encoding tricks (like Base64 or hex) so they do not look dangerous at first glance.

What happens when AI Agent Protection pauses an action for review?

When something looks suspicious but is not a confirmed threat, AI Agent Protection pauses the action and shows you what was flagged. You will see the details directly in your agent's interface (e.g., in the terminal or chat) and can choose to approve or reject the action before it proceeds.

What data is analyzed on-device? What is sent to the cloud?

AI Agent Protection runs its core detection engine locally on your computer. Your commands, source code, file content, and file paths are all analyzed on-device.

To provide effective protection, AI Agent Protection also makes a few cloud-based checks to strengthen our protection:

  • URL reputation: URLs your agent accesses are sent to Avast reputation service for malware, phishing, and scam detection.
  • Package reputation: Package hashes are checked against a file reputation service.
  • Package registry lookups: Package names are queried against public registries (npmjs.org, pypi.org) to verify existence, version, and integrity. This is how AI Agent Protection catches typosquatted and hallucinated packages.
  • Plugin and tool lookups: When your agent uses a plugin or tool, AI Agent Protection checks a secure fingerprint of that skill against Avast cloud service to help spot risky or unwanted tools.
  • Version check: On session start, your AI Agent Protection version, OS, and agent platform are sent to check for updates. No user content is included.

Can I see or inspect the detection rules AI Agent Protection uses?

Yes. AI Agent Protection's detection rules are written in a human-readable format and are available for review. The rules cover categories like destructive commands, credential leaks, reverse shells, persistence techniques, obfuscation, supply-chain threats, and malicious URLs. Each rule includes an ID, severity, confidence score, and the pattern it matches.

AI Agent Protection is powered by Sage, an agentic security engine from Gen, the family of trusted consumer brands that Avast is a part of. You can explore the full rule set at https://github.com/gendigitalinc/sage/tree/main/threats.

Does AI Agent Protection work offline?

Partially. The local detection rules, which cover dangerous commands, credential leaks, obfuscation, and more, work fully offline. URL reputation and package checks require an internet connection, but if those services are unreachable, AI Agent Protection continues protecting you using local rules only.

  • Avast One
  • Windows


Updated on: May-15-2026

Was this article helpful?

Need additional help?

Contact us

Device problems?

Our experts are here to help!

Call +1 844 973 3072 for all your non-AVAST tech issues
For US residents only. Non-US residents, please click the banner to get your number.
Avast logo
Canada (English)
For home
For business
For partners
Company
Avast logo © 2025 Gen Digital Inc. All rights reserved.
Privacy policy Products policy Legal Report vulnerability Modern Slavery Statement Do not sell my info Subscription details Cookie Settings