# Safety

> Endpoint security platform for AI-powered development that gives security teams real-time visibility and governance over AI tools, packages, MCP servers, and IDE extensions across developer fleets.

Safety is an endpoint security platform built specifically for organizations where developers use AI coding agents like Claude Code, GitHub Copilot, and OpenAI Codex. Founded in Vancouver, Safety takes a prevention-first approach to software supply chain security, deploying agentlessly via MDM to give security teams visibility and control over the workstation layer that traditional EDR, MDM, and SCA tools miss.

## What It Is

Safety fills the gap between existing security tooling and the new reality of AI-assisted development. Traditional endpoint detection tools catch OS-level events and malware signatures; code scanners catch dependencies in CI/CD pipelines. Neither sees what AI agents install locally, which MCP servers are running, or what IDE extensions developers have added. Safety positions itself as the independent, vendor-neutral layer that covers all of these — packages across npm, PyPI, and 10+ ecosystems, every MCP server and IDE extension in use, shadow AI detection, and configuration drift monitoring.

## Three-Pillar Architecture

Safety organizes its capabilities into three areas:

- **Visibility** — A real-time inventory of every developer machine, covering packages, AI tools, MCP servers, IDE extensions, and containers. Includes shadow AI detection to distinguish personal versus enterprise accounts.
- **Risk Detection** — A proprietary data engine that combines public vulnerability feeds with LLM-powered analysis and malicious package scanning. Safety claims its engine detects 4x more vulnerabilities than public sources such as NVD or GitHub Security Advisories, and catches threats days before public disclosure.
- **Prevention** — An MCP Server integration that intercepts Claude Code and other agents at the moment of intent, checking packages against proprietary intelligence before installation. A Package Firewall blocks malicious packages before install; an IDE extension firewall is listed as coming soon.

## Deployment Model

Safety is designed for zero developer disruption. It deploys silently via MDM in under 24 hours, requires no developer buy-in, and wraps software installers (pip, npm, VS Code Extensions) to block malicious or unapproved software without changing existing workflows. The agentless background scan approach means security teams get coverage without asking developers to install or configure anything.

## Data Engine and Coverage

Safety's about page states its cybersecurity research team and AI-powered systems analyze millions of package releases and code changes to maintain what it describes as the industry's most comprehensive vulnerability database. The homepage shows a vulnerability coverage comparison listing Safety at 8,659 vulnerabilities versus Dependabot at 1,800, PipAudit at 2,400, GitLab at 3,100, OSV at 4,300, Snyk at 4,300, and Anaconda at 4,300. The tool also integrates into CI/CD pipelines, Jenkins, GitHub Actions, and Docker containers for teams that want both workstation and pipeline coverage.

## Who It's For

Safety targets security teams at organizations where developers actively use AI coding agents. The about page notes its products are used by independent contributors, Fortune 500 companies, AI research labs, and government agencies — though these are vendor-published claims. The company reports 2M+ downloads per month and a database of 18,000+ Python vulnerabilities. Safety is a remote-first team of approximately 20 people based across 6 countries.

## Features
- Agentless deployment via MDM
- Real-time workstation inventory
- MCP server detection and governance
- IDE extension firewall
- Package Firewall for pip, npm, and more
- Shadow AI detection
- Configuration drift monitoring
- Proprietary vulnerability database (4x public sources)
- Malicious package scanning
- LLM-powered vulnerability analysis
- CI/CD integration (Jenkins, GitHub Actions, Docker)
- Claude Code MCP Server integration
- License compliance scanning
- Security reporting and AI-powered insights
- Policy enforcement at workstation layer

## Integrations
Claude Code, GitHub Copilot, OpenAI Codex, pip, npm, VS Code Extensions, Jenkins, GitHub Actions, Docker, PyPI, MDM (Jamf, Intune, Kandji)

## Platforms
WEB, API, VSC_EXTENSION, CLI

## Pricing
Freemium — Free tier available with paid upgrades

## Links
- Website: https://getsafety.com
- Documentation: https://www.getsafety.com/sign-up
- Repository: https://github.com/pyupio
- EveryDev.ai: https://www.everydev.ai/tools/safety-cli
