How It Works4-layer execution boundary
Proving GroundLive interactive demo
ArchitectureDeep technical dive
WhitepaperThe official PDF thesis
New
Protocol (EAAP)Open protocol spec
IntegrationsMCP, ChatGPT, REST API
Code AnalyzerCheck your code risk
New
Use CasesFinTech, Healthcare, SaaS, Legal
SOC 2 Audit TrailsAI Agent Compliance
Stop AI SQL InjectionDatabase Governance
Compare ToolsExogram vs alternatives
vs Guardrails AIAction Filtering vs Infrastructure
vs LangChainOrchestration vs Control
Trust CenterCompliance & Security
API ReferenceREST API endpoints
CLI ReferenceTerminal commands
New
MCP SetupClaude Desktop integration
Docs HubAll documentation
Answers & FAQCommon questions
GlossaryAI governance terms
Learning HubGuides & deep-dives
BlogLatest posts & insights
Failure CasesReal AI agent failures
RFC-0001Full protocol spec
PricingGetting Started
Log inGet Started Free →
← SDK Hub/CREW AI 🚣

Securing Multi-Agent Negotiation

CrewAI orchestrates independent agents working collaboratively. When multiple agents (e.g., Researcher & Engineer) negotiate state changes rapidly, they often bypass logical controls. The `exogram-crewai` decorator wraps Task assignments to prevent cross-agent capability escalation.

01. Installation

pip install exogram-crewai

02. Implementation

Replace your standard from crewai import Task import with `SecureTask`. This ties the execution output of any task explicitly to a verified Exogram policy group, preventing an agent from executing outside its mandated scope.

from crewai import Agent, Crew, Process
from exogram_crewai import SecureTask
# 1. Define standard autonomous agents
financial_analyst = Agent(
role='Senior ETF Modeler',
goal='Analyze historical trades and push market orders',
tools=[MarketOrderTool()]
)

# 2. Gate the execution with SecureTask
execute_trades_task = SecureTask(description='Execute batch trade logic on the production broker',expected_output='Trade IDs confirming execution',agent=financial_analyst,# Exogram Verification Hookexo_policy_id="trader_level_2",exo_api_key=os.environ["EXOGRAM_API_KEY"] )

# 3. Assemble and Run
crew = Crew(
agents=[financial_analyst],
tasks=[execute_trades_task],
process=Process.sequential
)

crew.kickoff()

""" If the agent hallucinates, or goes rogue to push an options trade instead of an ETF, SecureTask intercepts the output array, evaluates the payload against the "trader_level_2" Knowledge Graph policy via Exogram, and throws a CrewManagerError blocking the output from being parsed downstream. """

🛡️ The Cross-Agent Privilege Escalation Bypass

A common attack vector in CrewAI is when a low-privilege `Researcher` Agent convinces a high-privilege `Engineer` Agent to execute a capability. By the time the `Engineer` agent runs the tool, it looks legitimate—the original malicious intent is abstracted away in conversational history.

The Exogram Fix: Because Exogram forces metadata provenance via `SecureTask`, every downstream action is chained to its origin node in the Deterministic Graph. If the capability request originates from an unprivileged node (the Researcher), Exogram inherently blocks the execution, regardless of which Agent actually clicks "Go".