AgentWall is runtime security middleware for AI agents. It inspects every input, tool call, and output, blocks or redacts PII / secrets / prompt-injection attempts, and writes a tamper-evident audit log.

How much does AgentWall cost?

Sign-up is free with no credit card required. Each /v1/inspect call costs one credit ($0.05). $5 minimum top-up. Credits never expire.

Which LLM providers does AgentWall support?

Any. AgentWall is provider-agnostic — it sees your inputs, tool calls, and outputs as plain JSON. Works with OpenAI, Anthropic, Gemini, Groq, self-hosted models, or any mix.

Does AgentWall help with SOC 2 or DPDP compliance?

Yes. The tamper-evident audit log + one-click SOC 2 evidence pack produce control-mapped evidence (CC1.4, CC6.1, CC6.6, CC6.7, CC7.1, CC7.2, CC8.1). The end-user transparency API satisfies DPDP §11 and GDPR Article 15.

Can I bring my own LLM to AgentWall?

Yes. Set base URL, API key, and model in Settings → AgentWall Policy. AgentWall routes the LLM-powered checks (hallucination, semantic compression) through your provider. Your key, your bill, your data path.

Features — VENZX

Runtime security for AI agents.
Every input, every tool call, every output — with a verdict you can explain.

Wrap your agent in a single API call. AgentWall checks every prompt for PII and prompt injection, restricts every tool call to the destinations you approve, and writes a tamper-evident log your auditor can use as evidence. Model-agnostic. Provider-agnostic. Pay only for what you inspect.

Stop bad inputs and bad outputs.

Deterministic detectors on every prompt, every tool call, and every response. No fuzzy ML scores — clear rules with explainable verdicts.

PII detection

Catch personal data on its way into the model and on its way out. Block, redact, or just log — the choice is yours per category.

✓Email, SSN, credit card (Luhn-validated), Aadhaar, PAN, US/intl phones, IPv4
✓Tune which categories block vs redact in one click
✓Indian-PII first-class — built for teams shipping in India

Secret scanning

Stop API keys and credentials from ever reaching the model — or worse, ending up in a chat response your user copy-pastes into a Slack thread.

✓OpenAI, Anthropic, Google, AWS, GitHub, Slack, Stripe
✓JWTs, PEM private keys, generic high-entropy tokens
✓Matched secrets masked in the audit log — never echoed back

Prompt injection guard

Block role overrides, jailbreaks, and exfiltration attempts before they reach your model. Deterministic patterns, sub-millisecond latency.

✓22+ tuned patterns for role overrides, DAN, base64 smuggling
✓XSS, SQL injection, and code-execution payloads
✓Each fire returns the exact pattern that matched

Tool-call & domain pinning

Your agent can call `send_email` — but only to your domains. It can call `fetch` — but only to your API. Hard caps stop runaway loops.

✓Allowlist tool names and URL hosts per policy
✓Cap tool calls, token spend, and dollar cost per run
✓Verdicts are pure logic — no fuzzy ML, no surprises

Understand what your agent is actually doing.

Verdicts are only useful if you can debug them. Replay any run, see why every rule fired, and verify your guardrails are still catching attacks today.

Run replay

Pass a `run_id` on every inspect call, and you can replay any agent run frame-by-frame from the dashboard. Every input, tool call, output, and verdict on one timeline.

✓Click any log row to open the full run trace
✓Color-coded by verdict, per-stage chips, per-event findings
✓The fastest answer to "why did the agent do that?"

API

GET /api/dashboard/logs/replay/<run_id>

Dashboard

Logs → click ▶ on any row

Explainable verdicts

Every block, redact, or allow shows the exact rule that fired and the substring it matched. No black boxes, no confidence-score guessing.

✓Pattern IDs like pii.email, secret.openai_api_key, injection.rule_03
✓Matched substrings (secrets masked) attached to every finding
✓Required reading for the EU AI Act explainability clause

API

Every /v1/inspect response — findings[].pattern_id + matched

Dashboard

Logs → click the findings count on any row

Tamper-evident audit log

Every decision your agent makes — and every verdict we give it — recorded to disk with fsync. Exportable on demand. The kind of log auditors actually accept.

✓Append-only JSONL with cryptographic chain on disk
✓Cross-referenced by request_id and run_id
✓Export as YAML, CSV, or a control-mapped SOC 2 ZIP

Built-in self-test

A live "guardrails verified" check that runs eight known-bad payloads through your policy on demand. Proves your protections are still operating today, not the day you set them up.

✓PII, secrets, jailbreaks, disallowed tools — all in one button
✓Pass/fail per attack with timestamps
✓Wire to a scheduler for continuous assurance

API

POST /api/dashboard/canary/run

Dashboard

Overview → "Run canary"

Built to fit your stack, not replace it.

Adopt without breaking production. Bring your own model. Push events anywhere. AgentWall sits in the middle of your agent stack and stays out of the way.

Shadow Mode

Drop AgentWall in front of any agent and watch — without blocking a single request. Build a behavioral profile, generate a policy from real traffic, switch to live when you trust it.

✓Zero risk to your production agent
✓Auto-generates a policy from observed inputs and tool calls
✓One-click promotion to live enforcement

Hallucination guard

Stop your model from inventing facts it couldn’t have known. A fast heuristic check runs on every output; smart mode uses an LLM for deeper verification.

✓Entity-overlap grounding check, no LLM cost
✓Smart mode for high-stakes flows (legal, medical, financial)
✓Returns a score, a verdict, and the unanchored claims it found

Bring your own LLM

The LLM-powered checks (hallucination, semantic compression) can run on your own provider. Your key, your bill, your data path — anything OpenAI-compatible.

✓OpenAI, Anthropic, Gemini, Groq, Ollama, self-hosted
✓API key encrypted at rest, never returned in plaintext
✓Fully optional — falls back to the platform default

Dashboard

Settings → AgentWall Policy → Bring your own LLM

Webhooks

Push verdicts and account events to your own stack the moment they happen. Slack, PagerDuty, your own backend — anywhere that speaks HTTP.

✓inspect.allowed / inspect.blocked / inspect.redacted
✓credits.purchased / credits.low
✓HMAC-signed deliveries with retries

Audit-ready by default.

Made for teams shipping in regulated industries. The evidence your auditor asks for, the privacy endpoints your users have a right to, the deletion controls your DPO requires — all included.

SOC 2 evidence pack

One-click download of a ZIP containing seven CSVs, each mapped to a SOC 2 Trust Services Criteria control, plus a README for your auditor. Generated live from your audit log.

✓CC1.4, CC6.1, CC6.6, CC6.7, CC7.1, CC7.2, CC8.1 — all included
✓Every row cross-referenced back to the source JSONL
✓Saves your team a quarter of audit prep

API

GET /api/dashboard/compliance/soc2-pack

Dashboard

Settings → Data & Privacy → SOC 2 evidence pack

End-user transparency API

A privacy-preserving endpoint your users can hit through your own dashboard. Shows them what happened to their data — counts, categories, timestamps, never content.

✓DPDP Act §11 (India) and GDPR Article 15 (EU)
✓Keyed by an opaque user_id you control
✓Returns aggregated activity — no re-identifying data

API

GET /v1/transparency?user_id=<id>

Right-to-be-forgotten

When a user requests deletion, your data goes with them. AgentWall anonymises the user record and purges API keys, transactions, and usage in one transaction.

✓GDPR Article 17, DPDP §12
✓Audit-safe anonymisation (180-day retention under Indian IT Act preserved)
✓Triggered from the dashboard or the API