Airlock

Hey Product Hunt! 👋 I'm Stijn, and I built Airlock because I kept seeing the same pattern: companies wanted to deploy AI agents, but their security teams were (rightfully) terrified. The "oh shit" moment: A startup built an AI customer support agent. Worked great in testing. Then in production, a prompt injection made it issue $50K in refunds. Their agent had direct API access to Stripe with no guardrails. That's when it clicked: we're handing agents the keys to our backend, but treating them like trusted employees instead of the autonomous systems they are. The problem: AI agents need API access to be useful (Stripe for payments, external tools for actions, ...). But they're also: - Vulnerable to prompt injection - Unpredictable in edge cases - Learning systems that can't be fully trusted with sensitive operations Most solutions force you to either: - Give agents full access (scary) - Severely limit what they can do (defeats the purpose) - Build custom security layers (months of work) What Airlock does: We sit between your AI agents and your APIs as a security proxy. You get: - Zero-trust credential management - agents never see your real API keys - Human-in-the-loop approvals - block sensitive actions until a human approves (via Slack/Dashboard) - PII redaction - prevent sensitive data from leaking to LLM providers - Complete audit trails - every tool call logged and traceable And the best part? Zero code changes. Just point your MCP server through Airlock. We're starting with MCP (Model Context Protocol) since it's becoming the standard for agent-to-tool communication, but this same problem exists everywhere agents touch APIs. Would love to hear: would you use Airlock? What would make this an instant 'yes' for your use case?