Pipelock is an open-source AI agent firewall developed by luckyPipewrench, written in Go. It focuses on providing comprehensive security for AI agents, particularly in scenarios where agents have access to sensitive information or system resources. The project's core functionalities include agent egress control, preventing unauthorized outbound connections; Data Loss Prevention (DLP) to safeguard sensitive data; protection against Server-Side Request Forgery (SSRF) attacks; and defense mechanisms against prompt injection.
A key feature of Pipelock is its ability to provide mediator-signed, independently verifiable proof of an agent's actions. This means that evidence of an agent's activity is attested to by an external mediator, outside the agent's process and credentials, enhancing the trustworthiness of audit trails. Pipelock functions as an egress proxy, scanning bidirectional HTTP, WebSocket, and MCP (Machine Comprehension Protocol) traffic. It incorporates 48 credential patterns and 29 injection patterns with 6 pass normalization to detect and mitigate threats.
Pipelock supports integration with various AI development environments and tools, including Claude Code, OpenAI Codex, Cline, OpenCode, Zed, Cursor, VS Code, JetBrains, OpenAI Agents SDK, Google ADK, AutoGen, CrewAI, and LangGraph. The project recently released version 2.5.0, indicating active development and maintenance.