Clampd sits between your agents and the tools they use. Every database query, API call, file access, and shell command - inspected, scoped, and enforced before it executes. If an agent goes rogue, we kill it in under 25ms. One line to integrate. Self-hosted. Your data never leaves your network.
$ pip install clampd / npm install @clampd/sdk
AI agents call tools with full credentials. One prompt injection turns your helpful assistant into an attacker with insider access.
Malicious instructions hidden in retrieved documents redirect your agent to execute harmful tool calls.
Agents inherit broad OAuth scopes. One compromised chain grants access to delete databases, send emails, transfer funds.
Injected payloads silently exfil sensitive data through tool calls - API keys, PII, credentials sent to attacker endpoints.
Multi-step agents amplify risk. A single poisoned step cascades through the entire chain with compounding damage.
Developers spin up agents with API keys. No logging, no approval, no audit trail. Your CISO doesn't know they exist.
When an agent goes rogue, there's no way to cut access in real-time. By the time you notice, the damage is done.
Every call is classified, evaluated, and audited - before it reaches the downstream service. Sub-10ms median latency.
Verify credentials, resolve agent profile, check kill-switch status and scoped permissions. Reject unauthenticated requests immediately.
Rules engine matches patterns against known threats. Policy engine allows or denies based on risk score, agent scope, and session context. Violations blocked in real-time.
Apply least-privilege access - each call is scoped to only the permissions it needs. Forward to the downstream tool and capture the response.
Every event recorded. Tool name, risk score, policy action, denial reason, latency - full audit trail. See full architecture →
Every prompt is scanned and every tool call is classified, scoped, and enforced. Covering all 18 tool-call categories with behavioral anomaly scoring, scope tokens, and cross-agent correlation - all sub-10ms.
Every tool call passes through authentication, classification, policy enforcement, and audit. Ed25519-signed scope tokens cryptographically bind each approval to the specific operation. Under 10ms p95.
Cryptographic scope enforcementPython + TypeScript. OpenAI, Anthropic, LangChain, Google ADK, MCP. 1 line to integrate with any agent framework.
PyPI + npmMulti-layer detection engine covering injection attacks, data exfiltration, privilege escalation, rogue agent behavior, and encoding evasion across 20 languages. Import your own rules in Sigma YAML format. Define policies in Cedar. Custom keyword dictionaries and rule packs configurable from dashboard.
Sigma • Cedar • 20 languagesWrap any MCP server - filesystem, database, GitHub, and more. Every tool call governed. Works with Claude Desktop out of the box.
MCP compatibleMulti-layer cascade terminates rogue agents across all services. Tokens revoked, sessions cleared, credentials invalidated. Idempotent and audited. Typically fires in under 25ms.
<25ms terminationEvery event recorded - tool name, risk score, policy action, denial reason, latency. Query with SQL. PII automatically masked.
SQL-queryable + PII maskingKill, suspend, or pause any agent from the dashboard. Manage policies, edit rules, monitor the live risk feed with real-time updates.
Real-time monitoringRegister every agent with scoped credentials and per-agent policy. No more shadow agents running untracked with shared API keys.
Scoped credentialsFull prompt scanning via /v1/scan-input runs detection rules across all 18 tool-call categories on prompts before they reach the LLM. Response inspection catches PII leaks, data exfiltration, and poisoned responses after tool execution. Both enabled by default in SDKs.
Detects when a tool's behavior changes after approval - SHA-256 descriptor hashing catches tampering immediately. Agent-to-agent delegation chains are validated with depth limits and cycle detection. Every inter-agent hop is verified and scoped.
Tool tampering detectionContinuous risk scoring with behavioral baselines. Detects multi-step attack chains, velocity anomalies, scope violations, and coordinated patterns. Auto-suspend on threshold breach, permanent kill on repeated violations.
Continuous risk scoringFine-grained scope enforcement with configurable exemptions and time-limited approvals. Cryptographic scope tokens bind each approval to the specific operation. Admin configures from dashboard - developer changes nothing.
Least-privilege enforcementBuilt-in CLI attack suite: clampd test. Pre-built attack vectors across multiple categories. Security teams evaluate detection coverage in minutes.
Auto-formatted alerts for Slack (Block Kit) and PagerDuty (Events API v2). Risk-based severity mapping. "Agent tried DROP TABLE - blocked" appears in your incident channel in real-time.
Auto-detect integration typeIntercepts Google AP2 mandates and Coinbase x402 HTTP 402 responses before agent wallets transact. Per-transaction limits, hourly spend caps, vendor whitelists. Supports 8 USD stablecoins across 7 blockchain networks.
AP2 + x402Full organization-based multi-tenancy. Agents, API keys, policies, scope exemptions, and audit logs are all isolated per org. Built for platform teams and MSPs managing multiple product squads.
Org-based isolationAuto-generated compliance report templates aligned to HIPAA, GDPR, SOC 2, and ISO 27001 frameworks. Control mapping with pass/fail status. Luhn credit card validation, 18 HIPAA PHI identifiers, data classification (Restricted/Confidential/Internal/Public). Evidence collection from tool call audit data.
4 compliance frameworksAll security features included on the free tier (up to 25 agents). No credit card required.
All features included. Same security pipeline as Enterprise with limited agent count.
Same features as Design Partner. Higher limits, RBAC, SSO, and longer retention.
Sign up for free. No credit card required. Install the SDK and start guarding tool calls in minutes.
Enterprise? support@clampd.dev