Show HN: Pipelock – All-in-one security harness for AI coding agents (github.com)

Pipelock, a new all-in-one security harness for AI coding agents, has been introduced to enhance the security of AI agents like Claude Code and OpenHands. This innovative tool bundles multiple security features into a single binary with no dependencies, including network control, credential exfiltration detection, prompt injection scanning, and workspace integrity monitoring. By separating the agent process (which handles sensitive API keys) from a fetch proxy (which has no secrets), Pipelock effectively limits the agents' exposure to potential threats while managing web requests through a rigorous seven-layer scanner pipeline. The significance of Pipelock for the AI and machine learning community lies in its robust approach to preventing security breaches commonly associated with AI agents operating with shell access and API keys. By utilizing capability separation, Pipelock ensures that any exfiltration attempts, such as requests to malicious URLs, are thwarted before they can compromise sensitive information. With features such as denylisting known harmful domains, entropy analysis for detecting encrypted data in URLs, and proactive monitoring of workspace integrity, Pipelock sets a new standard for security in AI development. This tool not only enhances the safety of AI deployments but also provides developers with customizable configurations to suit various security needs.