Pipelock Blog
Security research and practical guidance for AI agent systems.
Pipelock is an open-source firewall for AI agents. It sits between agents and the outside world, scanning for secrets, blocking exfiltration, detecting prompt injection, and monitoring workspace integrity.
The First AI Agent Espionage Campaign: What Defenses Matter
February 13, 2026
The attack you’ve been warned about finally happened.
Securing Claude Code with Pipelock
February 10, 2026
Every MCP server response flows directly into Claude Code’s context window. If any of those servers return a prompt injection payload buried in otherwise-normal content, the agent processes it without question. Your API keys, tokens, and credentials can leave through an outbound HTTP request before you notice anything happened.
283 ClawHub Skills Are Leaking Your Secrets
February 09, 2026
Snyk just published research showing that 283 out of 3,984 ClawHub skills, roughly 7.1% of the entire registry, contain critical security flaws that expose API keys, passwords, and even credit card numbers through the LLM context window.
Lateral movement in multi-agent LLM systems
February 08, 2026
A security gap nobody is patching