Cloud API Proxies
Centralized proxying creates one high-impact failure point.
- - Sensitive prompts transit external proxy infrastructure.
- - A proxy outage can stall every downstream request.
- - Control logic and latency budgets become tightly coupled.
Available now - Public beta
7 layers between your AI agents and disaster.
Security decisions made by rules, not predictions. Runs locally. No LLM in the security path. Your data stays in your infrastructure.
1,743 detection patterns · 7 defense layers · 0 LLMs in the security path
Last updated: February 2026
GuardClaw is a deterministic runtime security layer for AI agents. It enforces 7 independent defense layers — from threat intelligence to receipt chains — using policy rules, not probabilistic LLM inference. It runs locally, keeps data in your infrastructure, and makes every security decision auditable and repeatable.
See it in action
From install to first security report in under two minutes. Version check, health audit, supervised execution, and policy configuration.
Follow along with the full Getting Started tutorial, or explore the complete 15-part series below.
Install in under a minute
Open your Terminal (macOS: search "Terminal" in Spotlight) and paste the commands below.
1 Install Homebrew (if you don't have it)
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
Already have Homebrew? Skip to step 2. Check with brew --version.
2 Install GuardClaw
brew install TakeInterestInc/tap/guardclawThat's it. Global protection activates automatically. Every Claude Code session is now protected.
3 Start Claude Code
claude
Type claude in your terminal to launch Claude Code. All 7 defense layers are active. No configuration needed.
Optional: run guardclaw doctor to verify everything is working.
MCP server setup (per-project)
For per-project MCP and hook configuration, run one of these in your project directory:
guardclaw init claude-code # Claude Code
guardclaw init claude-desktop # Claude Desktop
guardclaw init openclaw # OpenClaw
Run guardclaw init to see all supported platforms. Full setup guide.
How we're different
Not another proxy and not just an output filter. GuardClaw enforces layered controls before high-impact actions run.
Output Validators
Checks after generation miss threats that execute earlier.
- - Risk reaches the model before enforcement decisions.
- - Post-hoc checks cannot prevent every side effect.
- - Incident response starts after damage windows open.
GuardClaw
Deterministic controls run before high-impact actions.
- - Runs in your infrastructure with explicit trust boundaries.
- - 7 independent layers gate risky actions before execution.
- - Audit-ready logs preserve clear evidence for every decision.
Explore all 7 layers
GuardClaw enforces deterministic controls before the model executes side effects. That design keeps trust boundaries explicit and incident response faster.
Works with your stack
GuardClaw wraps your existing tools. No code changes required.
Claude Code
CLI agent
Cursor
AI-powered IDE
Codex CLI
CLI agent
OpenClaw
Open agent framework
Windsurf
AI-powered IDE
Claude Desktop
AI assistant
Docker
Container runtime
Cloud Run
Managed compute
Runs as a local process. Wraps any MCP-compatible client or container runtime.
Total Tool Control.
GuardClaw automatically intercepts native built-ins like Bash and Read, locking down your agent's environment before the very first prompt is processed.
GuardClaw — local supervisor
Initial Telemetry & Gating Tools
Tamper-Proof by Design.
Internal configuration paths are strictly protected. Even if an adversarial agent tries to modify or read its own hooks, GuardClaw enforces a zero-trust policy.
GuardClaw — local supervisor
Intercepting Config Tampering Vectors
Comprehensive Action Logs.
Every blocked attempt, overridden file write, and anomalous pattern is faithfully recorded, giving you absolute observability into what your AI agents are doing.
GuardClaw — local supervisor
Post-Engagement Attack Vector Analysis
7 layers. Defense in depth.
Each layer operates independently. An attacker must defeat all seven to compromise an agent.
1 Threat Intelligence
Known-threat detection using pattern matching and live threat feeds. New attack vectors reported by users protect everyone in real time.
2 Input Validation
Detects prompt injection, data leakage, and malicious payloads before they reach your agent. 1,743 compiled patterns across multiple attack categories.
3 Policy Enforcement
Deny-by-default policies evaluate every action before it runs. If the policy says no, nothing passes through.
4 Capability Tokens
Short-lived, cryptographically signed tokens for every approved action. Single-use, time-bound, scope-limited. Replay attempts fail automatically.
5 Sandboxed Execution
Actions run inside isolated execution boundaries. Agents can only reach resources they are explicitly allowed to access.
6 Human-in-the-Loop
High-risk operations pause for human approval. Approvals are cryptographically bound to the specific request to prevent tampering between approval and execution.
7 Receipt Chain
Cryptographically linked audit trail. Every decision is recorded in a tamper-evident chain. Built for compliance and forensics.
Can you catch them all?
Real attack payloads are heading for your agent. Tap to intercept them. Whatever you miss, the layers catch automatically.
Agent
Catch the injections
Malicious payloads are heading for your agent. Tap them before they get through. Anything you miss, GuardClaw catches.
Prompt Injection
Data Exfiltration
Tool Abuse
Jailbreak
Payload Smuggling
See the layers in action
Launch simulated attacks and watch GuardClaw's seven layers respond in real time.
Attack Types
Defense Layers
Layer 1
Threat Intelligence
Layer 2
Input Validation
Layer 3
Policy Enforcement
Layer 4
Capability Tokens
Layer 5
Sandboxed Execution
Layer 6
Human-in-the-Loop
Layer 7
Receipt Chain
Select an attack type to start
The threat landscape
Real CVEs, active exploit patterns, and evidence from production systems.
The threat landscape is real
These CVEs are active in tools used by millions of developers. Each one was observed in real-world environments.
CVE-2026-25253
OpenClaw token exfiltration
Token exfiltration via malicious gatewayUrl override
CVE-2025-6514
CVSS 9.6
mcp-remote command injection
OS command injection when connecting to untrusted servers
CVE-2025-52882
Claude Code WebSocket bypass
Unauthorized access through WebSocket connection hijacking in Claude Code
CVE-2025-68143
mcp-server-git path traversal
Path traversal via attacker-controlled paths to Git operations
CVE-2025-68144
mcp-server-git argument injection
Argument injection when tool inputs become part of a Git command line
Start protected. Scale when you're ready.
Core security is included free — not a trial, not a teaser. Paid tiers include higher quotas, exports, and enterprise compliance.
Available now
Free
$0
no credit card required
CORE PROTECTION
Everything you need to start securing your AI agents today.
- All 7 defense layers
- 1,743 detection patterns
- Local-first CLI
- Policy templates
- 1 workspace
- 5 custom policies
- 1,000 requests/day
- 1,000 viewable receipts
Need enterprise features now? Let's talk.
Go deeper
Tutorial
Getting Started
Install, run your first security test, and connect to the dashboard in five minutes.
Technical deep dive
Seven Layers of Defense
The defense-in-depth architecture behind GuardClaw's security posture.
Architecture
Zero Trust Was Built for Humans
Why agent-speed autonomy breaks traditional zero trust — and what replaces it.
Philosophy
Security Is a Primitive
Why security belongs in the foundation, not bolted on after launch.
GuardClaw in Practice — 15-Part Series
A step-by-step walkthrough from installation to compliance mapping. Each post includes inline video demos showing exactly what to expect. Whether you're evaluating GuardClaw for yourself or rolling it out across a team, start here.
1. Getting Started 2. Watching Your Agents Work 3. Your Security Dashboard 4. Writing Your First Policy 5. Setup for Claude Code 6. Setup for Cursor 7. The Receipt Chain 8. GuardClaw and SOC 2 9. GuardClaw and GDPR 10. How GuardClaw Is Different 11. Rolling Out Across a Team 12. When Something Gets Blocked 13. The Detection Engine 14. Alerts and Monitoring 15. GuardClaw and the EU AI Act
Frequently asked questions
What is GuardClaw?
GuardClaw is a deterministic runtime security layer for AI agents. It enforces 7 independent defense layers — from threat intelligence to receipt chains — using policy rules, not probabilistic LLM inference. It runs locally, keeps data in your infrastructure, and makes every security decision auditable and repeatable.
How does GuardClaw differ from LLM-based guardrails?
Most guardrail products use a second LLM to judge the first. That means your security path is probabilistic, slow, and opaque. GuardClaw uses deterministic policy rules — pattern matching, allowlists, scope locks, and cryptographic receipt chains — so every decision is fast, repeatable, and auditable. No LLM sits in the security path.
Does GuardClaw use AI to make security decisions?
No. GuardClaw deliberately keeps AI out of the security decision path. All enforcement is deterministic: policy rules, pattern matching, and scope validation. This makes security outcomes repeatable and auditable, unlike probabilistic LLM-based approaches that can be bypassed with prompt injection.
What attack vectors does GuardClaw defend against?
GuardClaw defends against prompt injection (direct and indirect), tool misuse, scope escalation, data exfiltration, unauthorized actions, and supply-chain attacks on agent toolchains. Its 7 layers are: Threat Intelligence, Input Validation, Policy Enforcement, Capability Tokens, Sandboxed Execution, Human-in-the-Loop, and Receipt Chain.
How do I install GuardClaw?
Install GuardClaw via Homebrew (macOS/Linux): brew install TakeInterestInc/tap/guardclaw. Then run guardclaw doctor to check your setup and guardclaw test --audit to score your agent configuration. The full Getting Started tutorial walks you through everything in five minutes: takeinterest.ai/blog/getting-started-with-guardclaw/
Is GuardClaw open source?
GuardClaw is proprietary software licensed under the GuardClaw Proprietary License (EULA). It is not open source. The core runtime runs entirely in your infrastructure with no external dependencies. The Free tier is available at no cost during and after public beta, with Pro and Ultimate paid tiers for teams that need higher quotas and advanced features.
Does GuardClaw send data to external servers?
GuardClaw runs locally by default. All policy evaluation, threat detection, and enforcement happen in your infrastructure. Anonymous telemetry (decision counts, threat scores, timing, platform, version) is enabled by default to improve security patterns for the community and can be disabled at any time with guardclaw telemetry disable. No raw prompts, commands, file paths, or PII are ever collected. On paid plans (Pro and Ultimate), you can also opt out of anonymized training data collection.
Can I adjust how strict GuardClaw is?
Yes. GuardClaw supports multiple strictness levels — paranoid, strict, balanced, and permissive — so you can tune enforcement to your workflow. Paranoid blocks everything not explicitly allowed. Permissive only blocks known-dangerous patterns. You can also write custom allow and deny rules in YAML policies for fine-grained control.
Does GuardClaw detect specific CVEs?
Yes. GuardClaw's Threat Intelligence layer includes patterns for known CVEs affecting AI agent toolchains, along with live threat feeds. When a new vulnerability is reported and verified, detection patterns are distributed to all authenticated users automatically.
How does GuardClaw protect itself from being disabled by an agent?
GuardClaw includes self-reference protection — detection patterns that identify attempts by AI agents to disable, bypass, or modify GuardClaw itself. If an agent tries to uninstall GuardClaw, modify its configuration, or suppress its hooks, those actions are blocked and logged.
Free during public beta. No catches.
All 7 defense layers, 1,743 patterns, and 0 LLMs in the security path. Install in 3 minutes. No credit card. No restrictions.