Pipelock

Pipelock is an open-source agent firewall that provides network scanning, process containment, and tool policy enforcement for AI agents through a single binary. It acts as a runtime firewall that sits inline between an agent and the internet, using capability separation where the agent process is network-restricted while Pipelock inspects all traffic through an 11-layer scanner pipeline covering secret exfiltration, DLP scanning with 46 built-in patterns, prompt injection detection, SSRF protection, and bidirectional MCP scanning with tool poisoning detection. It operates in three proxy modes—fetch proxy, forward proxy, and WebSocket proxy—and supports three operational modes: strict allowlist-only for high security, balanced for general use, and audit for monitoring. Additional features include a process sandbox using Landlock and seccomp on Linux, MCP tool policy enforcement with pre-execution rules, tool call chain detection, kill switch mechanisms, response scanning with a six-pass normalization pipeline, filesystem monitoring, and event emission for SIEM integration. Pipelock provides GitHub Actions for CI integration, Docker deployment options, and covers multiple OWASP Agentic Top 10 threats, with a core licensed under Apache 2.0 and enterprise features under Elastic License 2.0. 

https://github.com/luckyPipewrench/pipelock

Comments

Post a Comment

Popular posts from this blog

Prompt Engineering Demands Rigorous Evaluation

In the blog post “Prompt Engineering Requires Evaluation” on the Shostack + Associates website, the author argues that treating prompts for large language models (LLMs) merely as creative artefacts is insufficient. Engineering prompts properly demands structured evaluation frameworks — what the AI community calls “evals” — to test which prompt versions work better, with which models, and under which conditions. The post highlights that simply assuming a prompt is “good enough” creates risks when LLMs are integrated into production systems (e.g., for threat modeling). It advocates for measuring prompt performance, variation effects, and tool-chain dependencies (model, context, ancillary materials).  Ultimately the message is: prompt engineering should borrow disciplined practices from software engineering (versioning, testing, benchmarking) rather than relying on informal experimentation.  https://shostack.org/blog/prompt-enignieering-requires-evaluation/
Read more

Secure Vibe Coding Guide: Best Practices for Writing Secure Code

Ken Huang's "Secure Vibe Coding Guide" emphasizes the importance of integrating security into the software development lifecycle. The guide provides best practices for writing secure code, including input validation, proper authentication mechanisms, and secure data storage techniques. It also highlights the necessity of regular code reviews and staying updated with the latest security vulnerabilities and patches. By following these guidelines, developers can create applications that are resilient against common security threats and contribute to a safer digital environment.  https://kenhuangus.substack.com/p/secure-vibe-coding-guide
Read more

KEVIntel: Real-Time Intelligence on Exploited Vulnerabilities

KEVIntel is a dynamic platform providing up-to-date information on known exploited vulnerabilities (KEVs). It aggregates data from over 50 public sources, including CISA, and enriches each entry with metadata such as EPSS scores, online mentions, scanner inclusion, and exploitation status. The platform aims to serve as an early warning system, offering insights even before official publications. KEVIntel supports various formats like JSON, CSV, and RSS, facilitating integration into security operations. These entries include CVSS scores, exploit status, and links to proof-of-concept code, aiding organizations in prioritizing remediation efforts.   https://kevintel.com/
Read more