Brex ships CrabTrap for agent security

CrabTrap is a smart sign of where agent security is headed: less trust in framework-level permissions, more enforcement at the network boundary.

• –Transport-layer placement makes it framework-agnostic; agents just use HTTP_PROXY and HTTPS_PROXY instead of custom SDK wrappers.
• –Static rules handle known traffic cheaply, while the LLM judge only reviews unfamiliar or nuanced requests.
• –Brex says its production use had LLM review on fewer than 3% of requests, which makes the latency story more credible.
• –The proxy’s cleartext TLS interception and lack of response filtering are serious trust-boundary tradeoffs developers need to understand.
• –Audit logs, policy generation from traffic, and replay evals make this feel closer to agent ops infrastructure than a toy guardrail.