LlamaFirewall (Meta)

Host-level firewall for LLM agents to prevent malicious tool use.

Visit ai.meta.com/research/publications/llamafirewall-an-open-source-guardrail-system-for-building-secure-ai-agents ↗

What it does

Meta's open-source host-level firewall designed specifically for LLM agents. Prevents malicious tool use by intercepting and validating agent actions before they execute, acting as a security enforcement layer between the LLM and its tools.

Security relevance

Directly addresses the Lethal Trifecta — LlamaFirewall intercepts tool calls from LLM agents and validates them against security policies before execution. This breaks the chain between prompt injection and harmful action by adding an independent validation layer that the LLM cannot bypass.

When to use it

Deploy when building AI agents that use tools with real-world effects (file access, API calls, database queries). Requires architectural integration — the firewall must sit between the agent and its tool layer. Expert-level deployment but essential for any agent with meaningful permissions.

OWASP coverage

Risks addressed — mapped to both OWASP Top 10 standards. 3 in LLM, 3 in Agentic.

LLM Top 10 · 2025 · 3/10 covered

LLM01 · Prompt Injection LLM07 · System Prompt Leakage LLM08 · Vector & Embedding Weaknesses

Agentic Top 10 · 2026 · 3/10 covered

ASI01 · Agent Goal Hijack ASI02 · Tool Misuse & Exploitation ASI04 · Agentic Supply Chain Vulnerabilities

The raw record

What Yuntona stores. Single source of truth — fork it on GitHub.

name: LlamaFirewall (Meta)
slug: llamafirewall-meta
type: Mixed
category: AI Guardrails & Firewalls
url: https://ai.meta.com/research/publications/llamafirewall-an-open-source-guardrail-system-for-building-secure-ai-agents

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM01, LLM07, LLM08]
  asi:  [ASI01, ASI02, ASI04]

complexity:    Expert Required
pricing:       —
audience:      Builder
lifecycle:     [deploy]

tags: [Agents, Firewall, Meta, Open Source]