Pipelock is an open-source firewall for AI agents. It runs as a single Go binary between an agent and the network, scans outbound HTTP and MCP traffic for secret exfiltration, prompt injection, and SSRF, and blocks at the boundary before anything leaves. Every allow or block decision is written as a signed receipt you verify yourself, offline, against a published key. There's a live browser challenge where you run a real agent against a real attack, plus a public attack corpus so you can measure any agent firewall against real techniques. Apache 2.0, self-hosted.
- Scans agent egress (HTTP, MCP, WebSocket) for secret exfiltration, prompt injection, and SSRF
- Blocks at the boundary before data leaves — single Go binary, no agent code changes
- Signed decision receipts you verify offline against a published key
- MCP proxy: input, response, and tool scanning plus allow/deny/redirect tool policy
- Public attack corpus (agent-egress-bench) to measure detection against real techniques
- Apache 2.0, self-hosted, single binary
- Guard coding agents (Claude Code, Codex, Cursor, MCP) running against real repos
- Stop secret exfiltration and prompt-injection-driven leaks at the network boundary
- Produce verifiable audit evidence of what your agents were allowed to do
- Put an egress control layer in front of autonomous or background agents

I'm a plumber who taught himself Linux and security and built this because nothing else solved the problem. Pipelock sits between an AI agent and the network and scans what it tries to send out for leaked secrets, prompt injection, and SSRF, then blocks it at the boundary. The part I care about most: when it blocks something, it writes a signed receipt you verify yourself, offline, so you don't have to take my word for any of it. There's a live challenge in the browser, run a real agent against a real attack and try to get the secret out. Come break it and tell me what you find.
Running as a single Go binary between the agent and network is a clean approach — avoids the sidecar/proxy sprawl most agent security tools introduce. The signed, offline-verifiable receipts for each allow/block decision stand out too, since most firewalls just log without giving you something you can audit independently. Have you benchmarked the added latency on MCP traffic under load?

I'm a plumber who taught himself Linux and security and built this because nothing else solved the problem. Pipelock sits between an AI agent and the network and scans what it tries to send out for leaked secrets, prompt injection, and SSRF, then blocks it at the boundary. The part I care about most: when it blocks something, it writes a signed receipt you verify yourself, offline, so you don't have to take my word for any of it. There's a live challenge in the browser, run a real agent against a real attack and try to get the secret out. Come break it and tell me what you find.
Running as a single Go binary between the agent and network is a clean approach — avoids the sidecar/proxy sprawl most agent security tools introduce. The signed, offline-verifiable receipts for each allow/block decision stand out too, since most firewalls just log without giving you something you can audit independently. Have you benchmarked the added latency on MCP traffic under load?
Find your next favorite product or submit your own. Made by @FalakDigital.
Copyright ©2025. All Rights Reserved