Summary
Create a clear, public-facing "Why Guard0?" document that articulates g0's unique value proposition, target audience, and decision framework for evaluating agent security tools.
Motivation
g0 has exceptional technical depth (1,180+ rules, 12 domains, 10 standards, 10 parsers, 4,020+ payloads) but no single document that answers "why should I choose g0?" The positioning story is currently scattered across:
- Root README (tagline + feature list)
docs/PRODUCT_ROADMAP.md (gap analysis, market size)docs/NEXT_STEPS.md (detailed capability comparison)
A developer evaluating agent security tools needs a clear, honest comparison to make a decision.
Proposed Content
1. The Problem
- AI agents make autonomous decisions, call tools, access data
- Traditional security tools don't understand agent-specific risks
- Compliance standards (OWASP Agentic, ISO 42001, EU AI Act) require agent-specific controls
- The agent attack surface spans: code, prompts, tools, data flows, MCP configs, model access
2. What Makes g0 Different
- Static + Dynamic: Analyze code AND red-team live agents in one tool
- Framework-aware: 10 parsers understand LangChain, CrewAI, MCP, etc. — not just pattern matching
- Compliance-native: Every finding auto-mapped to 10 standards
- Developer-first:
npx g0 scan . — zero config, works offline
- Open source: Full transparency, community contributions, no vendor lock-in
- Depth: 1,180+ rules across 12 security domains — not just prompt injection
3. Decision Framework
Help readers decide based on their situation:
- Building agents in-house → g0 scan + test
- Need compliance reports → g0 scan --report
- Running MCP servers → g0 mcp + endpoint
- CI/CD security gates → g0 gate / g0 scan --ci
- Monitoring production agents → g0 daemon
- Evaluating agent risk → g0 inventory + flows
4. Capability Matrix
Honest comparison across dimensions:
- Static analysis depth (rules, domains, languages, frameworks)
- Dynamic testing (payload count, attack categories, adaptive strategies)
- Compliance coverage (standards mapped, report formats)
- Runtime capabilities (monitoring, enforcement, proxying)
- Platform integration (CI/CD, IDE, cloud dashboard)
- Pricing (open source core vs commercial)
5. Who Is g0 For?
- Developers building AI agents who need security feedback during development
- Security teams who need to assess and govern the agent landscape
- Architects who need to map agent infrastructure and data flows
- Compliance teams who need audit-ready evidence for standards
File to Create
docs/why-guard0.md — the positioning document- Link from root README and docs/README.md
Acceptance Criteria
Summary
Create a clear, public-facing "Why Guard0?" document that articulates g0's unique value proposition, target audience, and decision framework for evaluating agent security tools.
Motivation
g0 has exceptional technical depth (1,180+ rules, 12 domains, 10 standards, 10 parsers, 4,020+ payloads) but no single document that answers "why should I choose g0?" The positioning story is currently scattered across:
docs/PRODUCT_ROADMAP.md(gap analysis, market size)docs/NEXT_STEPS.md(detailed capability comparison)A developer evaluating agent security tools needs a clear, honest comparison to make a decision.
Proposed Content
1. The Problem
2. What Makes g0 Different
npx g0 scan .— zero config, works offline3. Decision Framework
Help readers decide based on their situation:
4. Capability Matrix
Honest comparison across dimensions:
5. Who Is g0 For?
File to Create
docs/why-guard0.md— the positioning documentAcceptance Criteria