Every agent security tool solves a different slice of the problem. Some work at the inference layer. Some work at the network layer. Some scan at install time. Some scan at runtime. These pages break down the differences so you can pick the right tool, or combine them for defense in depth.
Agent Firewall vs WAF
Different threat models, different traffic directions. Why WAFs don’t cover agent egress and what does.
Pipelock vs LlamaFirewall
Network-layer proxy vs inference-layer Python SDK. Two complementary approaches to agent security.
Pipelock vs Agent Wall
Both secure MCP, but Pipelock also covers HTTP, WebSocket, and process containment.
Agent Firewall vs Guardrails
Guardrails shape model behavior. Firewalls enforce network boundaries. You probably need both.
For the full definition and threat model, see What is an agent firewall?.