Permiso Security Launches SandyClaw, the First Dynamic Sandbox for AI Agent Skills

News > Technology News

Carbonatix Pre-Player Loader

Audio By Carbonatix

6:00 AM on Thursday, April 2

The Associated Press

PALO ALTO, Calif.--(BUSINESS WIRE)--Apr 2, 2026--

Permiso Security, the unified identity security platform, today announced SandyClaw, the first dynamic analysis platform for AI agent skills. SandyClaw executes skills in a sandboxed environment, records every action at the LLM and operating system level, and delivers a verdict backed by multiple detection engines. Permiso platform customers receive unrestricted access.

AI agents require skills to perform useful work: downloadable capabilities that teach them how to interact with tools, APIs, and services. Skill marketplaces have become the software supply chain for AI agents, and attackers have already begun publishing malicious skills on these platforms. The current approach to skill security relies on static code analysis or LLM-based evaluation. Neither executes the skill, which means neither can detect behavior that only manifests at runtime.

Permiso's threat research team was among the earliest to publicly identify and document malicious skills in the wild. That research led directly to SandyClaw.

Unlike static scanning or runtime containment approaches, SandyClaw applies sandbox detonation, a methodology the cybersecurity industry has relied on for evaluating suspicious executables, to the agent skill ecosystem. It records every LLM action, network call, domain resolution, file write, and environment variable access attempt. SSL traffic is intercepted and decrypted. Analysis runs against Sigma, Yara, Nova, and Snort engines augmented with custom Permiso detection rules. SandyClaw works across all major agent frameworks including OpenClaw, Cursor, and Codex.

"Agents are only as trustworthy as the skills they run. As skill marketplaces become the primary distribution channel for agent capabilities, the ability to validate what a skill actually does before it reaches your environment becomes a security requirement, not a nice-to-have. That is what SandyClaw delivers."

- Paul Nguyen, Co-Founder and Co-CEO, Permiso Security

Key Capabilities

  • Dynamic detonation with full behavioral recording that captures every action at the LLM and OS level, including network calls, file writes, environment variable access, and domain resolution.
  • Multi-engine detection using Sigma, Yara, Nova, and Snort alongside custom Permiso detection rules, delivering evidence-backed verdicts rather than confidence scores.
  • Full traffic visibility with SSL intercept that decrypts encrypted outbound traffic inside the sandbox, exposing exfiltration attempts that would be invisible to tools without decryption capabilities.
  • Full verdict transparency that provides the complete behavioral record behind every determination, including every file written, domain resolved, and network call made, so security teams can verify the finding themselves rather than trusting an opaque score.
  • Cross-framework support and platform integration covering OpenClaw, Cursor, Codex, and other agent frameworks, with the ability to automatically analyze skills when the Permiso platform detects a download or installation.

"Most skill scanners inspect code or ask an LLM for an opinion. But real risk shows up at runtime: network activity, file writes, and access to sensitive environment variables. SandyClaw was built on the belief that behavior is more revealing than source code alone. We detonate the skill, capture everything it does, and let the evidence speak for itself."

- Ian Ahl, CTO, Permiso Security

Availability

SandyClaw is available now. Permiso platform customers receive unrestricted access. Security teams can sign up at sandyclaw.permiso.io to get started. For more information, visit permiso.io.

About Permiso Security

Permiso Security is an identity security platform that discover, protect, and defend against human, non-human, and AI identity threats across cloud and on-premise environments. The platform unifies and classifies identities, assesses exposure risk to strengthen security posture, and identifies suspicious and malicious identity behavior across all environments. Permiso's Universal Identity Graph correlates identity behavior across IdPs, cloud accounts, on-premise environments, and infrastructure to uncover identity relationships, power risk scoring, and surface high-fidelity threats that SIEMs, IGA, and NHI/AI solutions miss natively. Permiso is the 2026 SC Award winner for Best Threat Detection Technology. Learn more at permiso.io.

View source version on businesswire.com:https://www.businesswire.com/news/home/20260402370756/en/

CONTACT: Jared Elder

[email protected]

KEYWORD: CALIFORNIA UNITED STATES NORTH AMERICA

INDUSTRY KEYWORD: TECHNOLOGY SECURITY PROFESSIONAL SERVICES SOFTWARE NETWORKS DATA ANALYTICS DATA MANAGEMENT RETAIL ARTIFICIAL INTELLIGENCE ONLINE RETAIL

SOURCE: Permiso Security

Copyright Business Wire 2026.

PUB: 04/02/2026 09:00 AM/DISC: 04/02/2026 09:02 AM

http://www.businesswire.com/news/home/20260402370756/en

This content is used here with permission. To view the original visit: https://www.businesswire.com/news/home/20260402370756/en/
 

You might also be interested in:

Salem News Channel Today

Sponsored Links

On Air & Up Next

  • The Mike Gallagher Show
    8:00PM - 11:00PM
     
    Mike Gallagher is one of the most listened-to radio talk show hosts in America.   >>
     
  • That Kevin Show
    11:00PM - 1:00AM
     
    Broadcast from the heart of Times Square, Kevin McCullough takes America’s   >>
     
  • The Larry Elder Show
    1:00AM - 3:00AM
    The Larry Elder Show
    (888) 971-7243
     
    Larry Elder personifies the phrase “We’ve Got a Country to Save” The “Sage from   >>
     
  • Firing Line Radio Show
    3:00AM - 4:00AM
     
    Rick Travis will cover the world of firearms each week in an entertaining and   >>
     
  • The Gold Show
    4:00AM - 5:00AM
    The Gold Show
    888-351-8999
     
    Trying to make sense of the markets? Looking to diversify out of all the   >>
     

See the Full Program Guide