Pipelock: Open-Source AI Agent Firewall

The rapid adoption of agentic AI in software development has exposed a glaring security gap: agents often run with full shell privileges, environment variables that contain API keys, and unrestricted internet connectivity. A single compromised call can exfiltrate credentials to an attacker‑controlled domain, turning the AI assistant into a high‑value target. Enterprises are therefore scrambling for solutions that can enforce egress controls without requiring agents to be rewritten or heavily instrumented.

Pipelock addresses this need with a lightweight, 20‑megabyte Go binary that acts as a forward‑proxy positioned between the AI agent and the external network. Its architecture enforces strict capability separation—agents retain secrets but lack direct network access, while the proxy handles all outbound traffic and applies an 11‑layer scanning pipeline. The pipeline includes scheme enforcement, CRLF injection detection, path traversal blocking, domain blocklisting, data‑loss‑prevention for 48 credential patterns, SSRF protection, rate limiting, and per‑domain data budgets. Response scanning adds 25 injection patterns and multi‑pass normalization to thwart evasion techniques. All traffic that cannot be safely parsed is blocked by default, and audit logs are cryptographically chained with optional Ed25519 signatures.

Beyond technical safeguards, Pipelock’s open‑source licensing and extensive compliance mappings—covering OWASP Agentic AI Top 10, MITRE ATT&CK, EU AI Act, SOC 2, and NIST 800‑53—make it a compelling foundation for organizations building secure AI pipelines. The project’s roadmap includes a public attestation format and broader language SDKs, inviting external auditors and other open‑source projects to interoperate. As AI agents become integral to enterprise workflows, tools like Pipelock will likely become a de‑facto standard for protecting secret‑laden, internet‑connected AI workloads.