Launch
Pipelock
Visit
Premium
Example Image

Pipelock

Open-source AI agent firewall you verify yourself

Visit

Pipelock is an open-source firewall for AI agents. It runs as a single Go binary between an agent and the network, scans outbound HTTP and MCP traffic for secret exfiltration, prompt injection, and SSRF, and blocks at the boundary before anything leaves. Every allow or block decision is written as a signed receipt you verify yourself, offline, against a published key. There's a live browser challenge where you run a real agent against a real attack, plus a public attack corpus so you can measure any agent firewall against real techniques. Apache 2.0, self-hosted.

Example Image
Example Image
Example Image
Example Image
Example Image

Features

- Scans agent egress (HTTP, MCP, WebSocket) for secret exfiltration, prompt injection, and SSRF

- Blocks at the boundary before data leaves — single Go binary, no agent code changes

- Signed decision receipts you verify offline against a published key

- MCP proxy: input, response, and tool scanning plus allow/deny/redirect tool policy

- Public attack corpus (agent-egress-bench) to measure detection against real techniques

- Apache 2.0, self-hosted, single binary

Use Cases

- Guard coding agents (Claude Code, Codex, Cursor, MCP) running against real repos

- Stop secret exfiltration and prompt-injection-driven leaks at the network boundary

- Produce verifiable audit evidence of what your agents were allowed to do

- Put an egress control layer in front of autonomous or background agents

Comments

I'm a plumber who taught himself Linux and security and built this because nothing else solved the problem. Pipelock sits between an AI agent and the network and scans what it tries to send out for leaked secrets, prompt injection, and SSRF, then blocks it at the boundary. The part I care about most: when it blocks something, it writes a signed receipt you verify yourself, offline, so you don't have to take my word for any of it. There's a live challenge in the browser, run a real agent against a real attack and try to get the secret out. Come break it and tell me what you find.

Running as a single Go binary between the agent and network is a clean approach — avoids the sidecar/proxy sprawl most agent security tools introduce. The signed, offline-verifiable receipts for each allow/block decision stand out too, since most firewalls just log without giving you something you can audit independently. Have you benchmarked the added latency on MCP traffic under load?

Premium Products
Social Links

Comments

I'm a plumber who taught himself Linux and security and built this because nothing else solved the problem. Pipelock sits between an AI agent and the network and scans what it tries to send out for leaked secrets, prompt injection, and SSRF, then blocks it at the boundary. The part I care about most: when it blocks something, it writes a signed receipt you verify yourself, offline, so you don't have to take my word for any of it. There's a live challenge in the browser, run a real agent against a real attack and try to get the secret out. Come break it and tell me what you find.

Running as a single Go binary between the agent and network is a clean approach — avoids the sidecar/proxy sprawl most agent security tools introduce. The signed, offline-verifiable receipts for each allow/block decision stand out too, since most firewalls just log without giving you something you can audit independently. Have you benchmarked the added latency on MCP traffic under load?

Premium Products