Pipelock Pricing and Assess License

Detection is free. Coordination is paid. Governance is enterprise.

Pipelock's security engine is free and always will be. All scanning, blocking, and signed evidence stay in Community. Paid plans add multi-agent coordination for teams running multiple profiles from one deployment.

Community
Free
Forever. No credit card.
Full security engine, one default security profile
  • 11-layer scanner pipeline with 46 DLP patterns
  • MCP proxy: response, input, and tool scanning
  • Process sandbox (Linux + macOS)
  • Kill switch, adaptive enforcement, HITL
  • TLS interception + cross-request detection
  • Signed reports (HTML, JSON, SARIF)
  • Attack simulation (31 scenarios)
  • Prometheus metrics + webhook/syslog/OTLP
  • All CLI commands, all 7 presets
Get Started

See all capabilities →

Founding Offer
Founding Pro
$49/mo
or $490/yr

First 50 customers or until June 30, 2026

Grandfathered for life

Many named security profiles under one admin boundary
  • Everything in Community
  • Named security profiles (unlimited)
  • Per-profile DLP, allowlists, and rate limits
  • Per-profile mode and enforce overrides
  • Per-profile MCP tool policy
  • Usage budgets per profile (requests, bytes, domains)
  • Dedicated agent listeners (spoof-proof identity)
  • Source CIDR agent resolution
  • Per-profile session profiling thresholds
  • Agent-level audit trails and Prometheus metrics
  • Best-effort email support

For startups, small teams, and solo builders coordinating multiple agent profiles

Claim Founding Price
Enterprise
Let's Talk
Annual contract
Central governance across teams, environments, and deployments
  • Everything in Pro
  • Private onboarding and deployment help
  • Security assessment engagements
  • Centralized rollout planning
  • Annual invoicing and procurement support
  • Private support channel
  • Design-partner access for organizational controls

For security teams managing AI agents across multiple teams, business units, or environments

Contact Us

Includes access to planned features: SSO, fleet policy, browser approvals, audit aggregation.

No agent limits. No seats. No per-request pricing. No machine tax. Just a flat rate.

Annual License
Assess License
$999/yr

One-year license for signed security assessment reports. Run pipelock assess against your deployment and get enterprise-grade evidence with Ed25519 signatures.

Get Assess License

Free Summary

  • Overall letter grade
  • Section scores
  • Top findings summary
  • Pass/fail verdict

Community Forever Promise

Everything that shipped free in v0.3.6 (the last release before paid features) stays free. Period. No clawbacks.

That includes the full scanner pipeline, all proxy modes, MCP protections, TLS interception, kill switch, HITL approvals, audit logging, metrics, reports (HTML, JSON, SARIF), integrity monitoring, all CLI commands, and all presets. If it detects, blocks, scans, or produces signed evidence, it stays free.

FAQ

What counts as a "security profile"?
A security profile is a named configuration for a specific agent, workflow, or trust boundary. Each profile gets its own DLP patterns, allowlists, rate limits, mode, enforce flag, MCP tool policy, session profiling thresholds, and request budgets. Agents can be identified by dedicated listener ports, source CIDRs, or headers. Community uses one default profile. Pro lets you create as many named profiles as you need.
Do licenses phone home?
No. License verification is fully offline using Ed25519 signatures. No network calls, no telemetry, no tracking. The binary verifies the license locally at startup.
Can one license run on multiple machines?
Yes. No machine binding, no hardware fingerprinting. You can deploy Pipelock on as many machines as you need within your licensed scope.
What happens when a license expires?
Agent profiles are disabled. Single-profile protection stays fully active. The proxy keeps protecting traffic, it simply falls back to Community features. No bricking, no lockouts.
Can I try Pro features before buying?
Yes. We offer a guided evaluation path for Pro features. Contact us and we’ll help you test multi-agent coordination in your environment.
What does the Assess license include?
Run pipelock assess against your deployment. The free summary shows your grade, section scores, and top findings. The Assess license ($999/yr) adds server-specific findings, remediation commands, compliance evidence mapped to OWASP/NIST/EU AI Act, and Ed25519-signed evidence bundles. No consulting call required. See sample reports.
What's the difference between Pro and Enterprise?
Scope. Pro coordinates multiple named security profiles under one admin boundary. Enterprise is for teams that need central governance across multiple teams, environments, or deployments, plus custom commercial terms, onboarding, and design-partner access to planned organizational features like SSO and fleet policy distribution.
How does license renewal work?
Your license token is valid for 45 days. Active subscribers receive a fresh token by email before the current one expires. Run pipelock license install <token> to update and restart pipelock. If your subscription auto-renews, the new token is sent automatically.
What's the refund policy?
30-day money-back guarantee, no questions asked. Annual plans get prorated refunds after 30 days. All refunds processed through Polar. Full refund policy.
How do I manage my subscription?
Log into the Polar customer portal to update your payment method, switch plans, download invoices, or cancel. You can also email luckypipe@pipelab.org and we will handle it for you.
Get Pipelock See All Features