Show HN: Open-Source Gateway to Stop Tool-Abusing Prompt Injections (www.archestra.ai)

A new open-source project called Archestra presents an on-premises gateway designed to stop “tool-abusing” prompt injections and other agent-driven attacks by placing a network-level proxy between AI agents and the external tools/data they call. The pitch: instead of changing agent code, enterprises route agent tool calls through Archestra which enforces fine-grained guardrails per interaction, blocks malicious or anomalous instructions (e.g., “send wire to hackercompany”), prevents data exfiltration and privilege escalation, and provides transparent, auditable controls without relying on third‑party cloud services. For the AI/ML community this matters because agents are becoming ubiquitous but are uniquely vulnerable—prompt injections can manipulate tool calls, and supply‑chain or dependency compromises can cascade. Archestra’s on‑prem proxy model reduces attack surface for production agents, simplifies policy enforcement and compliance, and enables security teams to centrally inspect and control tool usage without reworking agent logic. The open, auditable nature also helps researchers and operators validate defenses and iterate on policies, making secure agent deployment more practical for enterprises and accelerating safer adoption of agentic workflows.