pipelab.org

What It Is

PipeLab’s core product, Pipelock, is an open-source outbound firewall for AI Agents. It sits between AI Agents and the internet, performing boundary inspection and blocking for MCP, HTTP, and WebSocket messages. It focuses on risks that arise when Agents have shell access, API keys, or tool-calling capabilities, such as secret leakage, responses to prompt injection, SSRF, and tool poisoning.

Core Capabilities

In terms of protection, Pipelock provides an 11-layer scanning pipeline, 48 DLP credential patterns, and 29 prompt-injection detection patterns, with support for encoded content such as Base64, hex, URL encoding, and Unicode. Its MCP security features include tool-poisoning detection, rug-pull tracking, policy-engine redirection, session binding, and chained detection. Deployment is via a single Go binary of around 22MB. It is open source under Apache 2.0, can be self-hosted, and has no cloud dependency. On Linux it uses Landlock, seccomp, and network namespaces; on macOS it uses sandbox-exec.

Management, Alerts, and Compliance

The free version already includes a kill switch, adaptive execution, HITL, audit logs, metrics, and signed reports in HTML/JSON/SARIF formats. Operations integrations include Prometheus, webhooks, syslog, and OTLP. Its evidence capabilities are a notable strength, including a hash-chained flight recorder, Ed25519-signed receipts, offline verification, and assessment reports. For compliance, the documentation only states that it is listed in the CNCF Landscape and provides mappings to OWASP MCP Top 10, OWASP Agentic Top 10, MITRE ATLAS, EU AI Act, NIST AI RMF, HIPAA, and SOC 2; this does not mean it has obtained those certifications.

Pricing, Pros, and Cons

Community is permanently free and does not require a credit card. It includes the full security engine, but is limited to one default security profile. Pro is offered at a $49/month founding offer price, with list pricing of $99/month or $490/year. It adds unlimited named profiles, per-profile DLP/allowlists/rate limits, Agent-level auditing, and more. Assess costs $999/year and provides signed assessment evidence. The main advantages are that it is open source, lightweight, telemetry-free, and cost-effective. The drawbacks are that centralized enterprise governance is still expected in v2.7, and Pro support is limited to best-effort email support.

Who It’s For and China Access

Pipelock is a good fit for developers, startups, and security teams deploying MCP, Claude Code, or multi-Agent automation, especially in environments that require self-hosting, auditability, and offline verification. Enterprises that need a traditional full-featured WAF, EDR, or mature commercial SLA should evaluate it carefully. The source material does not provide details on access from mainland China, payment methods, or local alternatives, so china_access can only be marked as unknown.