PipeLab

PipeLab is the company behind Pipelock, an open-source agent firewall designed to secure AI agent traffic. Pipelock is a single Go binary (Apache 2.0 licensed) that sits between AI agents and the internet, scanning every HTTP, WebSocket, and MCP (Model Context Protocol) message through an 11-layer pipeline before it leaves the host environment. The core problem Pipelock addresses is the security risk posed by AI agents that have shell access, API keys, and unrestricted network connectivity. Pipelock intercepts and blocks secret leaks, unsafe tool traffic, prompt-injection responses, SSRF attempts, and tool poisoning. PipeLab ships a small ecosystem of related tools: - Pipelock: the core open-source agent firewall binary - Agent Egress Bench: a tool-neutral attack corpus (155 cases, 17 categories) for validating any agent egress proxy - Pipelock Rules: community detection patterns distributed as signed YAML bundles (Ed25519), supporting hot-reload for DLP, prompt-injection, and tool-poisoning coverage Pipelock is listed in the CNCF Landscape under Security & Compliance and publishes coverage mappings for OWASP MCP Top 10, OWASP Agentic Top 10, MITRE ATLAS, EU AI Act, NIST AI RMF, HIPAA, and SOC 2. The product supports Kubernetes deployment via a companion-proxy topology, enabling enforced egress boundaries with NetworkPolicies, workload identity binding, and PodDisruptionBudgets. PipeLab operates with no cloud dependencies and no external funding. Pro features cover multi-agent coordination use cases.