Kilasec is an AI-aware firewall for enterprise networks. Discover every model API call, redact secrets and PII before they leave, and cap runaway agent spend — without an SDK, and without installing anything on user devices.
The current crop of AI security startups asks you to integrate a library, run a sidecar, or rewrite your agents. That works exactly until someone in marketing pastes an SSN into ChatGPT, or a vendor's tool you've never heard of starts calling Anthropic from a finance laptop. Kilasec sits in the network where you already enforce policy.
Decrypted inspection of OpenAI, Anthropic, Copilot, Gemini, Bedrock, Ollama, and 30+ other endpoints — including ones we haven't named yet, classified on the fly.
Secrets, credentials, customer PII, and credit cards are caught and masked the moment they leave your network — not when an SDK says please.
Map every request to a real user and AD group — from your directory, your DHCP server, or a CSV upload. Write rules like allow group:engineering to api.anthropic.com instead of staring at IPs.
Every admin change and every blocked request, with configurable retention from 30 days to 7 years. Export for SOC2, HIPAA, or your own change-management process.
SDK approaches assume you control every code path that calls an LLM. You don't. Browser extensions, third-party tools, agents your engineers downloaded last week — none of them link your library.
| SDK / library Lakera, Straiker, PolicyLayer |
URL filtering / SWG Netskope, Zscaler |
Kilasec Network-layer firewall |
|
|---|---|---|---|
| Catches AI tools you didn't know about | No — only what you instrument | Partial — domain only | Yes — every TLS flow |
| Redacts secrets & PII in prompts | Yes | No — payload not inspected | Yes |
| Identity per request | Library-supplied (spoofable) | User-Agent / SSO | User + AD group (network-resolved) |
| Token / cost visibility per agent | Only instrumented agents | No | Yes — every model, every call |
| Deployment effort | Code change in every app | Endpoint agent rollout | One push via your network |
| Coverage of unmanaged BYOD & vendors | No | If on managed device | Yes — anything on the network |
The collector is a single Linux container running a TLS-decrypting proxy and our policy engine. Your existing network advertises it to every device — no install on user laptops, no SDK in your apps.
None of these are hypothetical. They're the events our policy engine flagged in real customer environments during the closed beta.
An engineer asked ChatGPT to help debug a script. The script had hardcoded AWS_ACCESS_KEY and AWS_SECRET. Both would have left the network.
A support team's AI agent received raw chat transcripts containing customer SSNs and credit card numbers. None of it should have reached Anthropic.
A new vendor tool started calling api.deepseek.com from a finance laptop. Nobody in IT had ever heard of it.
A misconfigured QA agent started rerunning evals on Opus. At that rate, $50K by morning. The daily-spend rule paused it.
Designed for the network operator, not the AI engineer. Ordered rules with first-match-wins, dense traffic logs, real user identity, a tabbed rule editor that reads like Palo Alto — not a Slackbot configurator.
The product is iterating fast. Highlights from the last few weeks of beta feedback.
Rule edit reorganised into General / Source / Destination / Schedule / Action tabs with a live plain-English preview at the top. Chip-style inputs for users, groups, hosts, tools, models. One-click presets to add all OpenAI or Anthropic endpoints at once.
Map source IPs to real users and AD groups from your directory, your DHCP server, or a CSV. Rules can now match on user: or group: instead of raw IPs — the PA User-ID model, applied to AI traffic.
Separate from the Traffic Log: every admin change — policy edit, collector approval, retention change, identity mapping — captured with actor, timestamp, target, and JSON diff. CSV export. Filter by actor / action / date.
Restrict rules to specific hours and days of the week with timezone awareness. Block agent calls after 17:00 PT Mon–Fri is now a one-click chip toggle, not a regex.
Admin-curated address objects with labels and categories (approved / experimental / banned). Bulk-import from CSV. The Editor's host chip autocomplete suggests both observed and registered destinations.
Every TLS-decrypted request now resolves to a normalised agent name from the User-Agent header — claude-cli, openai-python, cursor, github-copilot, browser — instead of one giant unknown_agent bucket.
We onboard 1–2 networks a week. Send us your work email and we'll set up your collector within 24 hours of approval.
No credit card. Free during beta.