Prevent Insider Threats When Your Employees Have AI Coding Assistants
Open-source MCP security gateway that monitors every tool execution from Claude Code, Copilot, and Cursor. Block credential theft, data exfiltration, and network reconnaissance before execution.
Organizations deploy Claude Code, Copilot, and Cursor to thousands of employees with zero security monitoring.
Employee gives notice on Friday. Monday morning, they use Claude Code to exfiltrate the entire customer database to a personal S3 bucket before security notices.
Attacker gains access via phishing. Uses GitHub Copilot to scan internal networks, harvest SSH keys, and move laterally before detection systems catch up.
AI agent exceeds its intended scope and starts accessing production credentials, running network scans, or exfiltrating sensitive files autonomously.
Real-time threat analysis at the Model Context Protocol (MCP) layer. Every bash command, file access, and API call analyzed before execution.
Pattern-based detection for reconnaissance tools, credential access, hacking tools, privilege escalation, and exfiltration. Session-aware analyzers track multi-phase kill chains across hours and days.
Commands scored 0-100. Block threats scoring 70+. Terminate entire sessions scoring 90+. Alert security teams for suspicious activity scoring 50-69.
Redis-backed session state tracks reconnaissance, credential access, and exfiltration phases. Individual requests may pass, but multi-phase progression triggers termination.
Works with Claude Code, Cursor, Windsurf, and any MCP-compatible AI coding assistant. Drop-in proxy with no modifications to AI models.
Built in Rust for memory safety and speed. Pattern analysis in <50ms P95. Single instance handles 10,000+ requests/second with predictable latency.
Not a SaaS product. Data never leaves your infrastructure. Deploy via Docker Compose, Kubernetes, or bare metal. Source code is auditable and modifiable.
Honest detection coverage against sophisticated insider threats
nmap, masscan, port scans, service enumeration, internal network discovery, multi-port scanning, CIDR range targeting.
SSH keys, .env files, .aws/credentials, cloud configs, /etc/shadow, database passwords, API tokens, certificate files.
curl to pastebin, large transfers to external IPs, database dumps, compression before transfer, bulk file operations.
sqlmap, metasploit, burpsuite, nikto, hydra, john, hashcat, custom exploit frameworks, reverse shells.
sudo abuse, setuid binaries, capabilities manipulation, IAM policy changes, role assumption, container escapes.
Conversation analysis detects pretexting, authority manipulation, urgency tactics, jailbreak attempts, and context manipulation.
Docker Compose for single-server deployments. Kubernetes for HA deployments. Terraform for cloud deployments.
git clone https://github.com/clay-good/proxilion
cd proxilion
docker compose up -d
./demo.shGateway running on port 8787. Dashboard on port 3000. Grafana on port 3001.
Open source. Self-hosted. Deploy in 10 minutes. 75-85% detection against sophisticated insider threats. MIT license.
Star on GitHub