# Agnes > Agnes AI Security — official documentation. APIs, SDKs, analyzers, policies, and operations. ## Docs - [API keys](https://docs.lasscyber.com/administration/api-keys.md): Mint, scope, rotate, and revoke API keys for your tenant. - [Billing](https://docs.lasscyber.com/administration/billing.md): Plans, included quotas, on-demand tokens, the Customer Portal, and how to size your subscription. - [Inviting team members](https://docs.lasscyber.com/administration/inviting-team-members.md): Invite users to your organization, assign roles, and manage team membership. - [Organizations](https://docs.lasscyber.com/administration/organizations.md): Tenants in Agnes — what they are, how to create them, and how multi-tenant isolation works. - [Roles and permissions](https://docs.lasscyber.com/administration/roles-and-permissions.md): The four built-in roles, what each can do, and the underlying scope system. - [Natural Language Analysis](https://docs.lasscyber.com/analyzers/natural-language.md): Language detection, sentiment, entities, topics, and content moderation via Google Cloud Natural Language. - [Analyzers overview](https://docs.lasscyber.com/analyzers/overview.md): The seven Agnes analyzers, what they detect, and when to enable each one. - [Prompt Injection & Jailbreak Detection](https://docs.lasscyber.com/analyzers/prompt-injection-jailbreak.md): BERT-family classifiers tuned to label adversarial prompts. The most important analyzer to put in front of your LLM. - [Safety & Responsible AI Guardrails](https://docs.lasscyber.com/analyzers/safe-responsible-ai.md): LLM-as-a-judge content safety using ShieldGemma. Best for outbound responses. - [Semantic Threat Intelligence](https://docs.lasscyber.com/analyzers/semantic-threat-intelligence.md): Vector similarity against a database of known adversarial prompts. Catches paraphrases the classifier misses. - [Sensitive Data Protection](https://docs.lasscyber.com/analyzers/sensitive-data.md): Detect and optionally de-identify PII, credentials, and other sensitive data using Google Cloud DLP. - [Malicious URL Detection](https://docs.lasscyber.com/analyzers/url-risk.md): Extract URLs and check them against Google Web Risk for malware, phishing, and unwanted-software threats. - [YARA Rule Enforcement](https://docs.lasscyber.com/analyzers/yara.md): Pattern-match prompts against compiled YARA rules — system defaults plus your own custom signatures. - [Idempotency](https://docs.lasscyber.com/api-reference/idempotency.md): Use Idempotency-Key to make write requests safe to retry. - [API reference overview](https://docs.lasscyber.com/api-reference/overview.md): How to use the Agnes HTTP API directly. Endpoint pages are auto-generated from the OpenAPI document. - [Pagination](https://docs.lasscyber.com/api-reference/pagination.md): How to iterate large collections — policies, rules, logs, keys — with skip/limit and the SDK helpers. - [Rate limits](https://docs.lasscyber.com/api-reference/rate-limits.md): Per-tenant rate limits, the headers Agnes returns, and how the SDKs honour them. - [Architecture](https://docs.lasscyber.com/concepts/architecture.md): How Agnes is deployed, the major components, and how data flows between them. - [The Agnes Analyzer](https://docs.lasscyber.com/concepts/combined-analyzer.md): Deep dive into the hero endpoint — POST /api/v1/analyze/ — its policy schema, execution semantics, and termination rules. - [How Agnes works](https://docs.lasscyber.com/concepts/how-agnes-works.md): The end-to-end request lifecycle from your application through the analyzer pipeline and back. - [Policies overview](https://docs.lasscyber.com/concepts/policies-overview.md): The four policy families in Agnes — combined Agnes policies, YARA policies, SDP policies, and safety policies — and when each one applies. - [analyzer_unavailable](https://docs.lasscyber.com/errors/analyzer_unavailable.md): HTTP 503 — a specific analyzer's upstream is degraded. Retry with backoff. - [bad_request](https://docs.lasscyber.com/errors/bad_request.md): HTTP 400 — the request was malformed in a way that could not be expressed as a Pydantic validation error. - [billing_grace_period](https://docs.lasscyber.com/errors/billing_grace_period.md): HTTP 402 / 403 — subscription has lapsed but the tenant is still inside the grace period. - [billing_required](https://docs.lasscyber.com/errors/billing_required.md): HTTP 402 — subscription is in a state that blocks API access. - [email_not_verified](https://docs.lasscyber.com/errors/email_not_verified.md): HTTP 403 — the JWT user has not verified their email address. - [forbidden](https://docs.lasscyber.com/errors/forbidden.md): HTTP 403 — authenticated but not authorised for this resource. - [idempotency_conflict](https://docs.lasscyber.com/errors/idempotency_conflict.md): HTTP 409 — Idempotency-Key was reused with a different request body. - [internal_error](https://docs.lasscyber.com/errors/internal_error.md): HTTP 500 — unexpected server-side failure. Quote request_id when reporting. - [method_not_allowed](https://docs.lasscyber.com/errors/method_not_allowed.md): HTTP 405 — the HTTP method is not supported on this path. - [not_found](https://docs.lasscyber.com/errors/not_found.md): HTTP 404 — resource does not exist or is not visible to this tenant. - [Errors overview](https://docs.lasscyber.com/errors/overview.md): The canonical Agnes error envelope, the full list of stable error codes, and retry guidance. - [payload_too_large](https://docs.lasscyber.com/errors/payload_too_large.md): HTTP 413 — request body or token count exceeds the configured cap. - [rate_limit_exceeded](https://docs.lasscyber.com/errors/rate_limit_exceeded.md): HTTP 429 — the tenant has exceeded its per-minute or per-month request budget. - [service_unavailable](https://docs.lasscyber.com/errors/service_unavailable.md): HTTP 503 — generic temporary unavailability. Retry with backoff. - [unauthorized](https://docs.lasscyber.com/errors/unauthorized.md): HTTP 401 — missing, expired, or invalid credentials. - [unsupported_api_version](https://docs.lasscyber.com/errors/unsupported_api_version.md): HTTP 400 / 410 — the Agnes-Version header is older than the minimum supported version. - [validation_error](https://docs.lasscyber.com/errors/validation_error.md): HTTP 422 — Pydantic / FastAPI request validation failed. The detail field lists the offending fields. - [Authentication](https://docs.lasscyber.com/get-started/authentication.md): How to authenticate to the Agnes API: bearer keys, rotation, scopes, and pinning the API contract version. - [Quickstart](https://docs.lasscyber.com/get-started/quickstart.md): Sign up, mint an API key, and run your first analysis in under five minutes. - [What is Agnes?](https://docs.lasscyber.com/get-started/what-is-agnes.md): A high-level introduction to Agnes AI Security and the threat model it covers. - [Agnes AI Security](https://docs.lasscyber.com/introduction.md): AI security for production LLM applications — prompt injection, jailbreaks, sensitive data, malicious URLs, and threat intelligence behind one API. - [Agnes policies](https://docs.lasscyber.com/policies/agnes-policies.md): Author, edit, version, and ship the combined policies that drive POST /api/v1/analyze/. - [Safety policies](https://docs.lasscyber.com/policies/safety-policies.md): Author the policy text ShieldGemma uses as a judge in the Safety & Responsible AI analyzer. - [SDP policies](https://docs.lasscyber.com/policies/sdp-policies.md): Configure which info types Cloud DLP inspects and how findings are de-identified. - [YARA rules and policies](https://docs.lasscyber.com/policies/yara-rules-and-policies.md): Author YARA rules, group them into policies, and wire them into the YARA analyzer. - [SDK overview](https://docs.lasscyber.com/sdks/overview.md): Two official SDKs — Python and TypeScript — that share one OpenAPI contract and one ergonomic surface. - [Python SDK](https://docs.lasscyber.com/sdks/python.md): Official Python client for Agnes AI Security — pip install agnes-security. - [TypeScript SDK](https://docs.lasscyber.com/sdks/typescript.md): Official TypeScript client for Agnes AI Security — npm install @lasscyber/agnes-security. - [Versioning](https://docs.lasscyber.com/sdks/versioning.md): How the Python and TypeScript SDKs version, how the API contract version works, and the deprecation cadence. - [Sandbox mode (`ak_test_*` keys)](https://docs.lasscyber.com/testing/sandbox-mode.md): Run the full SDK surface against api.lasscyber.com without billing, paid upstream calls, or quota — with deterministic responses you can assert against. - [Analysis logs](https://docs.lasscyber.com/threat-analysis/analysis-logs.md): Query, filter, and export every analyzer decision Agnes has made for your tenant. - [Interpreting results](https://docs.lasscyber.com/threat-analysis/interpreting-results.md): Field-by-field walkthrough of the response from POST /api/v1/analyze/. ## OpenAPI Specs - [openapi](https://docs.lasscyber.com/openapi.json)