The SplxAI team is excited to announce the newest feature for Agentic Radar, our open-source security scanner for agentic workflows. You can now scan your agentic workflows for system prompts – and get actionable suggestions for making those system prompts more precise, reliable, and secure.
System prompts are one of the most overlooked attack surfaces in agent-based architectures. With this new capability, Agentic Radar doesn’t just detect where your agents might be vulnerable – it also helps you fix these issues right at the source.
In this article, we'll break down the benefits of hardening your system prompts and walk you through an example on how to do exactly that using Agentic Radar.
Prompt Hardening in Action
Previously, Agentic Radar focused on making your agentic workflows transparent and detecting potential vulnerabilities. It could map out agents, tools, MCP servers, and their dependencies.
Now it goes one step further. Run a scan on your workflow, and Agentic Radar will:
Extract system prompts for each agent it finds
Analyze them for ambiguity, vagueness, or risk factors
Suggest hardened alternatives that reduce risk and improve performance
Think of it as static analysis for your agent’s brain.
In this section, we’ll walk through a real-world example where Agentic Radar scans an agentic workflow, identifies a weak system prompt, and suggests targeted improvements. We’ll keep things hands-on, so feel free to follow along with the code and try it yourself.
Initial Setup
Install Agentic Radar by following the README instructions from the official repository.
Download (or copy/paste) the agentic workflow written using OpenAI Agents from here.
In your terminal, set your OPENAI_API_KEY environment variable by running:
export OPENAI_API_KEY=<your-openai-api-key>
Scanning Agent Vulnerabilities and Mitigations
Let’s scan the example workflow with Agentic Radar:agentic-radar scan openai-agents -i path/to/example/folder -o report.html
Afterwards, open the generated HTML report in your browser.
In the example we used, we have two agents:
Customer support agent - this agent does the actual job
Guardrail agent - this agent helps the customer support agent by ensuring it doesn’t allow off-topic conversations (in this case, solving math homework for the user)
Agentic Radar performs static code analysis to detect all agents within the workflow. In addition, it also recognizes which mitigations are already implemented for some of the most common LLM vulnerabilities.
You can see that for certain vulnerabilities (Input Length Limit and Intentional Misuse) there are already some mitigations implemented in the code.
Hardening the System Prompt
Agentic Radar also shows us the currently used system prompt for the customer support agent.
While the system prompt is short and simple, it's also too vague and can lead to ambiguous behavior, inconsistent responses, or even unintended model actions. Without clear boundaries or task definitions, the agent may interpret instructions too broadly.
Now, let’s run the same command, but now including the –harden-prompts flag:
agentic-radar scan openai-agents —harden-prompts -i path/to/example/folder -o report.html
After opening the new report, you should see the suggested hardened prompts alongside the current system prompts.
You can click on the copy button (on the right) and replace the old system prompt in the source code with its improved version. You can do that by passing the copied prompt to the instructions parameter of the Customer Support Agent constructor.
Let’s scan the workflow with Agentic Radar again, now with the hardened system prompt:
agentic-radar scan openai-agents -i path/to/example/folder -o report.html
Now let's take a look at the Agent Vulnerability Mitigations section again.
Agentic Radar immediately recognizes that we have employed partial mitigations when it comes to PII Leakage and Jailbreak, as we added a layer of defense through our hardened system prompt.
Conclusion
System prompts may seem like a small part of your agentic architecture, but as we’ve concluded, they can make a huge difference in how your agents behave and how secure they are.
By using Agentic Radar’s new prompt hardening feature, you can quickly identify weak or vague system prompts and replace them with clearer, more secure instructions. This improves both the reliability and safety of your AI agents – often with just a few lines of text.
What’s especially exciting is that Agentic Radar is no longer just a tool for flagging potential issues. It now provides actionable remediation – from specific prompt hardening suggestions to a clearer picture of which vulnerabilities have already been mitigated. It’s not just about awareness; it’s about continuous improvement.
The best part? It fits seamlessly into your existing workflow. One command, one report, and you're already on your way to building more resilient agentic systems.
We’re excited to keep improving Agentic Radar with our valued community. If you haven’t already, check out the GitHub repo and give it a try. And if you’ve got ideas or feedback – feel free to let us know!
Table of contents
