FAQ: Norton AI Agent Protection

AI Agent Protection is a real-time security layer that sits between your AI agent and your system. Before an action executes (running a command, downloading a file, writing to disk), AI Agent Protection checks it first and either allows it, blocks it, or asks you for input. It lets your agents work fast without letting threats slip through.

AI agent security is a fast-moving space, and the Beta period gives us room to iterate as new threats and platforms emerge. We’re continually evolving the product, adding and refining detection rules, and gathering invaluable feedback from early users.

AI Agent Protection works with Claude Code, Cursor, and OpenClaw. All platforms share the same detection engine and threat rules, so you get the same level of protection regardless of which tool you use. We're actively expanding platform support.

1. Open your Norton device security app.

2. On the left panel, click Security.

3. In the Security dashboard, click Advanced Security.

4. Click Computer, scroll down to the AI Agent Protection section.

5. Next to the supported platform(s) of your choice, click Add Protection and follow the on-screen instructions to complete the installation.

Every action your AI agent attempts gets one of three verdicts:

• Allow: No threat detected. The action proceeds normally.

• Ask: Something looks suspicious. The action is paused so you can approve or reject it.

• Deny: Confirmed threat. Blocked automatically, no action needed from you.

Verdicts are the result of multiple detection layers running in parallel:

• Local heuristics: Pattern-based rules that catch dangerous commands, credential exposure, obfuscation, and more. For example, if your agent tries to run a command that would delete your entire home directory, this layer catches it before it executes.

• URL reputation: Real-time lookups against Norton's threat intelligence to identify malicious, phishing, or scam URLs. If your agent fetches a URL that Norton already knows is hosting malware or a fake login page, it's blocked instantly.

• Package supply-chain checks: Verifies whether packages (third-party libraries and tools your agent may try to install) are legitimate, checks file reputation, and flags suspiciously new packages. If your agent tries to install a package that was only published two hours ago with a name one character off from a popular library, this layer flags it as a likely attack.

Each layer produces a signal with a confidence score. The decision engine combines all signals and decides the verdict.

AI Agent Protection automatically blocks confirmed threats, including:

• Malicious URLs: Links that lead to malware downloads, phishing pages, or scam sites.

• Destructive commands: Commands that could delete critical files or wipe important data from your system.

• Reverse shells: Tricks that let an attacker remotely control your machine by opening a hidden connection back to them.

• Credential leaks: Accidentally exposing passwords, API keys, or access tokens (for example, by including them in code your agent writes or shares).

• Supply-chain attacks: Installing software packages that are compromised, fake, or intentionally named to look like popular legitimate ones (known as "typosquatting")

• Obfuscated payloads: Malicious commands disguised using encoding tricks (like Base64 or hex) so they don't look dangerous at first glance.

When something looks suspicious but isn't a confirmed threat, AI Agent Protection pauses the action and shows you what was flagged. You'll see the details directly in your agent's interface (e.g., in the terminal or chat) and can choose to approve or reject the action before it proceeds.

To turn off AI Agent Protection, disable or remove it from the platform you're using:

• Claude Code: Run the command, claude plugin remove sage@sage, to uninstall the plugin.

• Cursor: Disable the AI Agent Protection extension from the Extensions panel.

• OpenClaw: Uninstall the plugin.

We are also working on adding controls directly in Norton’s Advanced Security settings so you can manage protection in one place.

AI Agent Protection runs its core detection engine locally on your computer. Your commands, source code, file content, and file paths are all analyzed on-device.

To provide effective protection, AI Agent Protection also makes a few cloud-based checks to strengthen our protection:

• URL reputation: URLs your agent accesses are sent to Norton’s reputation service for malware, phishing, and scam detection.

• Package reputation: Package hashes are checked against a file reputation service.

• Package registry lookups: Package names are queried against public registries (npmjs.org, pypi.org) to verify existence, version, and integrity. This is how AI Agent Protection catches typosquatted and hallucinated packages.

• Version check: On session start, your AI Agent Protection version, OS, and agent platform are sent to check for updates. No user content is included.

Yes. AI Agent Protection's detection rules are written in a human-readable format and are available for review. The rules cover categories like destructive commands, credential leaks, reverse shells, persistence techniques, obfuscation, supply-chain threats, and malicious URLs. Each rule includes an ID, severity, confidence score, and the pattern it matches.

AI Agent Protection is powered by Sage, an agentic security engine from Gen, the family of trusted consumer brands that Norton is a part of. You can explore the full rule set at https://github.com/gendigitalinc/sage/tree/main/threats.

Partially. The local detection rules, which cover dangerous commands, credential leaks, obfuscation, and more, work fully offline. URL reputation and package checks require an internet connection, but if those services are unreachable, AI Agent Protection continues protecting you using local rules only.