CrewAI lets you build multi-agent pipelines where specialised agents collaborate on complex tasks. Cognisafe adds per-agent safety monitoring — catching prompt injection before it cascades through your crew, detecting PII in agent outputs, and flagging jailbreaks in real time.
Why this matters
In a single-agent setup, a prompt injection affects one model call. In CrewAI, a compromised agent passes its poisoned output to the next agent as trusted context — and the attack propagates through the entire crew. Visibility across every agent call is not optional.
Cascading prompt injection
Agent A reads external content containing an injected instruction and passes it to Agent B as a trusted summary. Agent B acts on the injection without knowing the source was compromised.
PII leakage between agents
A researcher agent retrieves documents containing personal data. The writer agent includes that PII verbatim in its output — which may be logged, stored, or sent externally.
System prompt extraction via delegation
A crafted task passed to a CrewAI agent tricks it into revealing its role description or system instructions — exposing your orchestration logic to an attacker.
Harmful content in agent outputs
An agent processing user-supplied data produces harmful content that downstream agents or your application ingests without filtering — bypassing your content policy.
Quickstart
Cognisafe wraps the LLM provider client CrewAI uses internally — no changes to your agent definitions, tasks, or crew configuration needed.
pip install cognisafe
Add this before you call crew.kickoff():
import cognisafe
cognisafe.configure(
api_key="csk_...", # from cognisafe.uk/dashboard/settings
project_id="my-crew", # name this deployment
)
cognisafe.patch_openai() # wraps CrewAI's OpenAI calls automatically
# or: cognisafe.patch_anthropic() for Claude-based crews
# Your crew definition is unchanged:
crew = Crew(agents=[researcher, writer], tasks=[research_task, write_task])
result = crew.kickoff()Pass agent_name to see exactly which agent in your crew triggered a safety event:
# In your LLM callback or custom tool:
cognisafe.configure(
api_key="csk_...",
project_id="my-crew",
agent_name="researcher", # set per-agent, or per-task
)
cognisafe.patch_openai()
# The dashboard shows "researcher" vs "writer" in the Agent column,
# so you immediately know which role is the attack vector.Advanced setup
Tag each agent with a unique name and your dashboard shows threat rates broken down by role — so you know whether attacks are entering through the researcher, the planner, or the executor.
from crewai import Agent, LLM
import cognisafe
def make_llm(agent_name: str):
"""Return a monitored LLM instance tagged for this agent."""
cognisafe.configure(
api_key="csk_...",
project_id="content-pipeline",
agent_name=agent_name,
)
cognisafe.patch_openai()
return LLM(model="gpt-4o")
researcher = Agent(
role="Senior Researcher",
llm=make_llm("researcher"),
...
)
writer = Agent(
role="Content Writer",
llm=make_llm("writer"),
...
)See which agent in your crew was targeted — researcher, planner, executor — with the full prompt and scorer rationale.
Trace how injected content moves through your crew from agent to agent, with timestamps on every hop.
Jailbreak (LLM01), PII (LLM02), content safety (LLM05), and system prompt extraction (LLM07) scored on every agent call.
Export a PDF audit trail of all flagged events, mapped to OWASP LLM Top 10, ready for security review.
Free tier included. No credit card. Start monitoring in 5 minutes.