Praxen is the open-source reference implementation of Agent Behavior Verification (ABV) — a proactive control model for AI agents and digital workers. It compares an AI agent’s declared policy (a Worker Remit) against whatever evidence is available about that agent — source code, live deployment state, behavioral artifacts, governance docs, or any mix — and reports where observed behavior diverges from declared intent.
Make sure your agent does its job — and only its job.
Praxen is a project sponsored by Exabeam.
| If you are… | Read this first |
|---|---|
| New to the concept and want the “why” | What is Agent Behavior Verification? |
| Setting up Praxen for the first time | Installation |
| Trying it out for the first time | Quickstart — have Claude author a remit for the FinBot demo agent, scan it, and read the report, in about 15 minutes |
| Ready to run your first real analysis | Usage |
| Writing a Worker Remit for an agent | Writing Worker Remits |
| Looking at a report and trying to understand it | Interpreting Reports |
| Disagreeing with a finding or wanting to revise it | Challenging and Revising Findings |
| Wondering why two runs gave slightly different scores | Understanding Run-to-Run Variability |
| Getting the most out of a Praxen report | Working with Praxen |
| Hit a problem on a first run | Usage § Troubleshooting |
| Trying to understand the OWASP frameworks Praxen tags against | OWASP Gen AI Security |
| Trying to understand the RAISE maturity scoring | The RAISE Framework |
Praxen reduces agent verification to a single comparison:
flowchart LR
WR["Worker Remit<br/>(declared policy)"] --> Pbehavior-verifier<br/>skill
EV["Evidence<br/>(source · deployment · behavior · governance)"] --> P
P --> JSON["findings.json<br/>(canonical)"]
JSON --> R["render.py"]
R --> HTML["analysis.html"]
R --> TXT["analysis.txt"]
The output is a self-contained HTML analysis report, a machine-readable findings JSON, and a plain-text summary. Open the HTML in a browser; ingest the JSON in your pipeline.
Praxen produces an expert review that focuses human attention. Each report is a model-assisted analysis of where an agent’s behavior may diverge from its remit. Treat the findings and RAISE maturity score as judgments to act on — a senior reviewer’s notes, not an automated pass/fail. Scores are calibrated per model tier and vary run to run (see Understanding Run-to-Run Variability), and you can challenge and revise any finding.
Praxen works by reading your agent’s real workspace in place — its actual code, config, and logs. It writes findings only to ./reports/ and never modifies the agent. It runs as a skill inside your coding agent, using that agent’s own tools rather than a separate sandbox, so run Praxen where you already trust that agent to operate. The security model and assumptions covers this in full.
Praxen is not just a source-code analyzer. Any of these — alone or in combination — are valid input:
MEMORY.md, SOUL.md), operational logs (action reports, session JSONL, audit trails, escalation logs), live config.The methodology adapts. Categories the input doesn’t cover are scored at lower confidence and explicitly noted in the report. See Usage for how to point Praxen at each type.
Every finding Praxen produces is classified against four industry-standard frameworks simultaneously:
LLM01–LLM10 tagsASI01–ASI10 tagsFor an overview of the OWASP Gen AI Security Project and a one-line gloss on each LLM, Agentic, and MCP risk, see OWASP Gen AI Security. Or browse the live OWASP Coverage Report — aggregate LLM and Agentic Top-10 coverage across Praxen’s example suite, with links into each per-target analysis.
claude plugin marketplace add open-agent-ai-security/praxen then claude plugin install praxen@open-agent-ai-security (or the in-session /plugin ... equivalents — see Installation)behavior-verifier./reports/ relative to where you run the analysis<agent-slug>-analysis-<timestamp>.html, <agent-slug>-findings-<date>.json, <agent-slug>-analysis-<timestamp>.txtFor the full specification, see PRAXEN_SPEC.md at the repo root.