Hey Product Hunt! 👋 I'm Abenezer, the maker of Lelu-ai. I build AI agents and train models, and the thing that kept nagging me was the asymmetry: everyone's racing to give agents more power — more tools, more autonomy — and almost no one is building the brakes. When an agent gets it wrong, it's not a typo. It's a refund issued, a record deleted, an email sent to the wrong person — instant and irreversible. And "the model was confident" is no defense. So I built Lelu: a safety layer that authorizes every agent action before it runs. It catches prompt injection, gates on the model's real confidence, and routes uncertain calls to a human — returning allow, deny, human-review, or a safe alternative. The one insight behind it: you can't trust an agent's self-reported confidence — a manipulated agent will happily claim it's 100% sure. So Lelu derives confidence from the model's token log-probabilities, something the agent can't fake. It's fully open source (MIT) and self-hosted — your data never leaves your infra. Works with LangChain, CrewAI, MCP, and Amazon Bedrock out of the box. I'd genuinely love your feedback — especially from folks running agents in production: how do you decide when an agent is "sure enough" to take an irreversible action? PRs and issues are very welcome too. 🙏 Repo: github.com/lelu-auth/lelu

Lelu-ai

Stop manipulated AI agents before they act

Stop manipulated AI agents before they act