I Built Hermes Immune System — A Safety Lab for AI Agents
This is a submission for the Hermes Agent Challenge : Build With Hermes Agent What I Built Most agent demos prove that an AI agent can act. Hermes Immune System proves whether it should be allowed to . It's a local-first autonomous agent safety lab — a controlled enterprise sandbox where Hermes stress-tests an AI agent against realistic organizational threats: prompt injection hidden in internal documents, executive pressure to bypass policy, secrets embedded in repo files, poisoned memory attempts, and malicious instructions buried inside external web content. The output isn't a chat summary. It's an auditable Agent Safety Case — a scored, evidence-backed governance report that answers one question: Is this agent resilient, does it need guardrails, or is it too dangerous to deploy? Why This Problem Matters Now Traditional AI safety focuses on content moderation — blocking bad answers. Autonomous agents create a different risk surface entirely, because they can act. They read files, browse the web, write to memory, call tools, trigger workflows. That means: • A hostile instruction inside a trusted-looking document can become an executed action • An urgent email from a "VP of Finance" can pressure an agent into bypassing data policy • A vendor's pricing page can embed hidden instructions targeting the browsing agent • A helpful-looking project note can attempt to permanently poison the agent's memory The scary part isn't that these attacks are exotic. It's that they're easy, and most agents have no immune system to catch them. Hermes Immune System converts these failure modes into repeatable, explainable safety drills — run before the agent ever touches production data. The Dashboard Eight screens, each doing a specific job: Demo Agent Comparison Mode Three agents, same risk scenario. The gap tells the whole story. Mission Control Live stats after a completed run — 1 mission, 3 risks found, 2 actions gated, score 74/100. Mission cards show run status (Pending / Compl