See every AI call
Decrypted inspection of OpenAI, Anthropic, Copilot, Gemini, Bedrock, Ollama and 30+ endpoints — classified on the fly, including ones not yet named.
Kilasec inspects every AI call leaving your network — discovers shadow models, redacts secrets and PII before they cross the wire, and holds runaway agents for approval. No SDK. No endpoint agent. It lives where you already enforce policy.
The current crop asks you to integrate an SDK, run a sidecar, or rewrite your agents — which works right up until someone pastes an API key into ChatGPT, or a vendor tool you've never heard of starts calling a model from a finance laptop.
Decrypted inspection of OpenAI, Anthropic, Copilot, Gemini, Bedrock, Ollama and 30+ endpoints — classified on the fly, including ones not yet named.
Secrets, credentials, customer PII and card numbers are masked the moment they leave the network — not when an SDK politely asks.
Map each request to a user and directory group — from AD, DHCP, or CSV. Write allow group:eng → api.anthropic.com.
Every admin change and blocked request, retained 30 days to 7 years. Export for SOC 2, HIPAA, or your own change control.
Built for the sysadmin who has to live with it. No endpoint agent to push, no application changes, no new box to rack — a single hardened container on hardware you already have.
Runs read-only, non-root, --cap-drop=ALL, no-new-privileges. amd64 or arm64 — a mini-PC, a VM, or a spare NUC is plenty.
Point your existing PAC file or proxy at the collector. Nothing touches user devices. Roll it back by pointing them away.
Only the model endpoints you scope get decrypted and inspected. Everything else routes direct, untouched — so the vast majority of traffic sees zero added hops. Inspected calls stream through a single in-line TLS-terminating proxy.
Buffers to disk if the cloud blips, drains cleanly on shutdown, and every decision is written to an audit log you own.
# the entire deployment — one service services: collector: image: ghcr.io/kilasec/collector:latest network_mode: host # sees the edge read_only: true cap_drop: [ALL] security_opt: ["no-new-privileges"] environment: KILASEC_ENROLL: ${ENROLLMENT_CODE} restart: unless-stopped # bring it up $ docker compose up -d # … and to remove it entirely $ docker compose down
No logos to show yet — we're in closed beta. So here's the thing itself: an engineer sends a prompt with a live cloud credential in it, and Kilasec stops the request before it ever reaches the provider.
Illustrative replay of a real policy decision.
The exact event patterns Kilasec's policy engine detects and acts on — the everyday ways sensitive data, shadow AI, and runaway cost leave a network through model APIs.
An engineer asked for help debugging a script with a hardcoded access key and secret. Both would have left the network in the prompt body.
A support team's AI agent received raw transcripts containing SSNs and card numbers. None of it should have reached the provider.
A new vendor tool started reaching api.deepseek.com from a finance laptop. Nobody in IT had heard of it.
A misconfigured QA agent kept re-running evals on a frontier model. At that rate, tens of thousands by morning.
We're onboarding a small number of networks each week. Drop your work email and we'll reach out with an invite.