VigilGuard Enterprise v1.7.2: New v2h Detector, Claude Code Integration, Extended API Contract

In agentic environments, the model no longer operates on a single user message. The agent's decision is shaped by the user prompt, the system instruction, the conversation history, and tool responses. Classic prompt injection classifiers, trained primarily on conversational prompts, generate excess false alarms on benign tool outputs in such traffic and at the same time miss part of the real attacks embedded in non-standard input formats.

Version 1.7.2 addresses this gap with two changes inside the detection layer and a new deployment surface inside Claude Code.

vge-promptguard-v2h replaces a single classifier with a new decision architecture. The type of input is recognized in real time, including a classic user prompt, a tool output, a code fragment, and Polish-language text. Based on this recognition, the analysis is routed through the lane best suited to the given case.

The previous classifier, vge-promptguard-v1g, remains the foundation of the solution. It is complemented by a new component specialized in hard attack classes for which earlier model generations showed limited effectiveness.

The upgrade is fully backward compatible. After deployment, customers do not modify their integrations, and security policies remain active without changes.

Claude Code is one of the fastest growing agentic development environments. Every prompt sent in such an environment reaches the model together with its full surrounding context, including code fragments, tool outputs, and system instructions. The attack surface is broader than in a classic chatbot and at the same time has so far remained outside the reach of dedicated detection layers.

vge-cc-guard is the first official Vigil Guard integration with Claude Code. Once enabled, prompts sent to the model in Claude Code pass through Vigil Guard detection before they reach the LLM. The current phase covers user prompt analysis. Subsequent phases will extend the scope to tool calls and agent lifecycle events.

Combining vge-cc-guard with the v2h detector translates into a measurable operational effect for engineering teams using Claude Code: lower alert noise and higher detection effectiveness in a layer that until now relied solely on generic mechanisms.

The API contract has been extended with three optional fields describing the context of the call: the agent identifier, the tool identifier, and the conversation identifier. Two new input source types have also been added: tool input and system prompt.

The change is opt-in and remains fully backward compatible. Existing integrations continue to work without modification. In the analytics layer, operators gain a more complete picture of who queried Vigil Guard, in what context, and with which tool. This forms the basis for context-aware risk scoring, which will be introduced in upcoming releases.

The detection pipeline has been optimized for response time and stability under load. A hard time budget for a single analysis has been introduced, which eliminates situations where a stale verdict reaches a caller whose deadline has already passed. Dynamic request batching is now active by default, including in deployment scenarios where it had previously remained inactive. The amount of data carried in system responses has also been reduced, which lowers the potential surface for prompt content leakage in transit.

On the analytics and billing side, dashboard counters no longer double certain enrichment events, and the usage endpoint backing the billing layer runs significantly faster. Logging under load is stable thanks to a controlled backpressure mechanism, with a dedicated metric exposed in the monitoring layer.

On the deployment side, the upgrade is atomic. Analytics database migration routines distinguish lightweight from heavy operations, which shortens the maintenance window during the upgrade and reduces the risk of unnecessary asset rebuilds on the customer side.

The 1.6.x line extended Vigil Guard with new detection branches, including Scope Drift and dual-pass analysis of long prompts. The 1.7.x line focuses on the quality of the detection itself and on new surfaces where Vigil Guard runs in agentic environments.

VigilGuard Enterprise 1.7.2 is available to all customers under active support. The upgrade is recommended first in environments where agents work with tool outputs, in particular in teams using Claude Code.