Unauthorized Resource Access Detection
Define exactly which domains, file paths, and tools an agent is allowed to access. The Resource Access Detector flags any out-of-scope access in real time.
Python SDK
from prysmai.detectors import ResourceAccessDetector
detector = ResourceAccessDetector(
allowed_domains=["api.openai.com", "*.internal.corp"],
allowed_tools=["search", "calculator", "database_query"],
allowed_file_patterns=["/data/*", "/tmp/*"],
blocked_domains=["*.malware.com"],
blocked_file_patterns=["/etc/shadow", "/root/*"],
)
session.attach_detector(detector)
Detection Types
| Type | Description |
|---|---|
| unauthorized_domain | Agent accessed a domain not in the allowed list |
| blocked_domain | Agent accessed an explicitly blocked domain |
| unauthorized_tool | Agent invoked a tool not in the allowed list |
| unauthorized_file | Agent accessed a file path outside allowed patterns |
| blocked_file | Agent accessed an explicitly blocked file path |
Dashboard
Navigate to Dashboard → Resource Access to view:
- Violation counts by type and severity
- Full violation log with domain/tool/path details
- Acknowledge, resolve, or mark as false positive