AI agents introduce security problems that traditional tools weren't built for. These guides explain the threats, the defenses, and where the gaps are.
Get Started
Set up Pipelock with your IDE in minutes.
Claude Code
One-command hook setup for Bash, WebFetch, Write, Edit, and MCP scanning. The fastest path to agent security.
Cursor IDE
One-command install. DLP and injection blocking for every agent action in Cursor.
VS Code
MCP proxy integration for VS Code. Wraps all MCP servers through Pipelock’s scanner.
JetBrains / Junie
Wrap Junie MCP servers with bidirectional scanning. IntelliJ, PyCharm, WebStorm, GoLand.
Threats
Understand the Attack Surface
Deep dives on attack vectors and defenses.
AI Egress Proxy
What an AI egress proxy does, how it differs from a traditional proxy, and deployment patterns for agent traffic.
Open Source AI Firewall
What counts as an AI firewall, why open source matters, and how the options compare. Proxy vs in-process tradeoffs.
AI Agent Security
Three security layers explained: hooks, guardrails, and egress inspection. What each one stops and where the gaps are.
Agent Security Best Practices
Practical checklist: least privilege, network isolation, runtime inspection, audit logging, and adversarial testing.
Agent Security Tools
Scanners, firewalls, gateways, and governance platforms compared. What each category catches and what gets through.
How to Secure Your MCP Setup
The practitioner tutorial. Seven attacks, seven defenses, real config for each one.
MCP Vulnerabilities
Every MCP attack vector in one place. Tool poisoning, rug-pulls, SSRF, credential theft, session hijacking. Defenses for each.
Shadow MCP
Unauthorized AI connectivity in your codebase. How to detect undocumented MCP servers, assess the risk, and enforce policy at runtime.
MCP Tool Poisoning
Malicious tool descriptions, schema injection, rug-pull attacks. How runtime detection catches what static analysis misses.
MCP Security
Tool poisoning, rug-pulls, and how to protect MCP connections. Maps to OWASP MCP Top 10.
Agent Egress Security
Preventing credential leaks and data exfiltration from AI agents via URLs, headers, and bodies.
Prompt Injection Defense
Catching injection at the proxy layer with 6-pass normalization, not just at the model.
LLM Prompt Injection
What prompt injection is, why agents make it worse, and the defense-in-depth approach.
Prompt Injection Detection
Pattern matching, ML classification, normalization pipelines, and how to combine detection layers.
MCP Proxy
How Pipelock’s MCP proxy scans tool calls, tool responses, and tool descriptions bidirectionally.
MCP Gateway
What an MCP gateway does, how it differs from a proxy, and what to look for when choosing one.
MCP Authorization
OAuth 2.1, tool-level RBAC, confused deputy, and audit patterns. How the MCP spec and the market handle access control.
MCP Security Tools
Scanners, proxies, and gateways compared. What each category checks and how to evaluate them.
Secure Agent Deployment
Pre-launch to production. Threat modeling, secret isolation, runtime controls, and kill switches.
Canary Tokens
Plant synthetic credentials in your environment. Catch real exfiltration regardless of encoding.
Evidence
Compliance and Audit Trail
Prove security to auditors and regulators.
AI Agent Compliance
Audit logs, runtime policy, and signed evidence. Map agent behavior to SOC 2, EU AI Act, NIST 800-53, and OWASP.
Flight Recorder
Hash-chained, tamper-evident audit log with Ed25519 signed checkpoints and redaction support.
Compliance Evidence
OWASP, NIST 800-53, EU AI Act, SOC 2 framework mappings. Signed assessment reports.
EU AI Act Compliance
How Pipelock’s runtime controls map to EU AI Act requirements for high-risk AI systems.
Community Rules
Install signed, versioned detection patterns with one command. Hot-reloadable.
Frameworks
Security Framework Coverage
How Pipelock maps to industry standards.
OWASP MCP Top 10
The ten MCP risks OWASP tracks (beta), mapped to scanner, gateway, proxy, identity, and audit tool coverage.
OWASP Agentic Top 10
10/10 categories covered. Per-threat assessment with specific scanner mappings.
OWASP AIVSS Coverage
Maps to all 10 agentic risk categories in the AIVSS v0.8 scoring system.
OWASP Top 10 for LLMs
7/10 categories covered. Network-layer defense for the 2025 LLM Top 10.
OWASP Agentic AI Threats
12/15 threats covered in the Agentic AI framework.
SlowMist MCP Security
10 full, 8 partial coverage against the 19-item MCP security validation guide.