
Airlock reduces prompt-injection exposure by converting untrusted web pages into sanitized evidence packets before your AI agent reads them.
The web is hostile to agents.
Modern AI agents read web pages to gather information, follow links, and take actions on behalf of users. That makes them targets.
Adversarial content buried in CSS, alt text, or off-screen HTML that overrides agent instructions when parsed.
Links that, when followed, silently instruct the agent to modify its own system prompt or memory store.
Embedded URLs that redirect to attacker-controlled domains after the page renders.
An agent browsing a documentation page encountered an off-screen <div> seeded with injection text designed to trigger a memory-write sequence when the agent summarized the page. Airlock's scanner caught and stripped it before the agent ever processed the content.
The browser layer is the gap. Most AI security investment goes into model hardening or RAG pipelines. Almost none goes into what the agent actually reads.
Simple. Consistent. Invisible to the agent.
- Hidden or off-screen HTML containing injection text
- Script, style, iframe, and embed tags that can't be statically verified
- Links that trigger memory-write or instruction-override sequences
- URLs that redirect to unverifiable destinations
- Clean, readable text content
- Safe outbound links
- Structural metadata — headings, lists, code blocks — for context
MIT licensed. Free forever for self-hosted.
The Airlock scanner library is open source under the MIT license. Self-host it, run it locally, fork it, extend it — no strings.
npx @airlock/scanner https://example.comgithub.com/theagentdeck/airlocknpm install airlock-codespip install airlock-codesdocker pull theagentdeck/airlock-scanner“The protocol is the moat; the scanner is the wedge. We open-sourced the wedge because a moat that only benefits the wealthy isn't a moat.”
Start free. Scale when you're ready.
- 5,000 hosted scans/month
- Audit log
- Community support
- 50,000 hosted scans/month
- Audit log (30 day retention)
- Priority email support
- Private packets, no watermark
- 1,000,000 hosted scans/month
- Audit log (1 year retention)
- Slack support
- 5 seats included
- Unlimited scans
- Dedicated infrastructure
- SLA + dedicated CSM
- Custom integrations
Enterprise? Talk to us.