Salus Catches Your AI Agent's Mistakes Before They Cost You Thousands

The Macro: AI Agents Are Doing Real Things and Getting Them Wrong

Here is a scenario that is happening right now at companies running AI agents. An agent processes a customer refund without looking up the order ID. The refund goes through. The money leaves the account. Three hours later, someone notices from a support ticket. By then, hundreds or thousands of dollars are gone.

This is the new reality of agentic AI. Agents are not just generating text. They are taking actions: processing transactions, sending emails, modifying databases, calling APIs. When they get it wrong, the consequences are real and immediate. A bad chatbot response wastes someone’s time. A bad agent action costs money.

The existing safety infrastructure was built for a different era. Evals test model behavior before deployment but cannot catch runtime errors. Output scoring evaluates responses but does not prevent bad actions. Observability tools like LangSmith and Helicone give you visibility into what happened, but only after it already happened. None of these tools can stop a bad action in the moment it is about to execute.

Salus, backed by Y Combinator, fills that gap. It is an API that wraps around your agent’s tool calls and validates every action before it executes. If an action violates policy or does not make sense, Salus blocks it and provides feedback so the agent can self-correct.

The Micro: One Decorator Per Tool Call

The integration model is deliberately simple. You add one decorator per tool call. That is the entire integration. Salus then intercepts every tool call your agent makes, validates it against your policies, and either allows it to proceed or blocks it with structured feedback.

The structured feedback is the clever part. When Salus blocks an action, it does not just say “no.” It returns specific information about why the action was blocked and what the agent should do instead. This enables the agent to self-repair, adjusting its approach and retrying with a corrected action. The loop is: agent proposes action, Salus validates, if invalid the agent gets feedback and corrects, if valid the action proceeds.

Beyond runtime guardrails, Salus includes an evals system that generates thousands of adversarial test scenarios to measure tool-call accuracy before deployment. This is proactive testing, not reactive monitoring. You can discover where your agent will fail before it reaches production.

Full visibility comes through real-time streaming of agent interactions with complete traces, token usage, and latency metrics. You can see exactly what your agent is doing, what Salus is blocking, and how the agent responds to corrections.

The founding team are Stanford CS roommates. Kevin Pan and Vedant Singh built this while watching the agent ecosystem mature and noticing that nobody was building the safety layer. Vedant has an AI research background from Stanford, which gives the technical foundation for building reliable validation systems.

Salus works with OpenAI, Anthropic, LangChain, LangGraph, and CrewAI. That broad compatibility means teams can adopt it regardless of which agent framework they use.

The competition includes Guardrails AI for output validation, Rebuff for prompt injection protection, and various observability tools. But the specific focus on pre-execution action validation is relatively uncrowded. Most tools either validate outputs after the fact or guard against prompt attacks. Salus guards against the agent simply making bad decisions.

The Verdict

As AI agents take more real-world actions, the need for runtime safety infrastructure will grow proportionally. Salus is positioning itself as the safety layer that sits between the agent and the real world.

At 30 days: how many tool calls per day is Salus validating across its customer base, and what percentage are being blocked? The block rate is a direct measure of how many costly mistakes are being prevented.

At 60 days: are agents improving their self-correction based on Salus feedback? If the feedback loop is working, agents should need fewer corrections over time on the same types of actions.

At 90 days: can customers quantify the cost of mistakes prevented? If Salus is saving companies money by blocking bad actions, the ROI story writes itself.

I think runtime agent safety is going to be a mandatory layer for any company running agents in production. Salus is early to the market with a clean integration model. The question is whether the validation logic is sophisticated enough to catch the truly dangerous mistakes without being so aggressive that it blocks legitimate actions. Getting that balance right is the hard part.