CrabTrap: An LLM-as-a-judge HTTP proxy to secure agents in production

· security ai tools · Source ↗

Article

TL;DR

Brex open-sources an HTTP proxy that uses an LLM judge to allow/block agent outbound requests.

Key Takeaways

  • Judge sees outbound HTTP body but not credential reads that already happened upstream
  • Same-family judge and agent share prompt injection vulnerabilities — use different providers
  • LLM-as-judge is probabilistic; 99% secure is a failing grade for security infrastructure

Discussion

Top comments:

  • [simonw]: JSON-escaped policy comment signals false confidence in prompt injection prevention
  • [ArielTM]: Same-provider judge and agent share injection vulnerabilities; use different families
  • [cadamsdotcom]: 99% accuracy is a failing grade for a security control

Discuss on HN