Kilasec is an AI-aware firewall for enterprise networks. Discover every model API call, redact secrets and PII before they leave, and cap runaway agent spend — without an SDK, and without installing anything on user devices.
The current crop of AI security startups asks you to integrate a library, run a sidecar, or rewrite your agents. That works exactly until someone in marketing pastes an SSN into ChatGPT, or a vendor's tool you've never heard of starts calling Anthropic from a finance laptop. Kilasec sits in the network where you already enforce policy.
Decrypted inspection of OpenAI, Anthropic, Copilot, Gemini, Bedrock, Ollama, and 30+ other endpoints — including ones we haven't named yet, classified on the fly.
Secrets, credentials, customer PII, and credit cards are caught and masked the moment they leave your network — not when an SDK says please.
Every request is tied to a real host, VLAN, and owner using the DHCP lease database — the source of truth your network already maintains. No agent identity that can be spoofed.
SDK approaches assume you control every code path that calls an LLM. You don't. Browser extensions, third-party tools, agents your engineers downloaded last week — none of them link your library.
| SDK / library Lakera, Straiker, PolicyLayer |
URL filtering / SWG Netskope, Zscaler |
Kilasec Network-layer firewall |
|
|---|---|---|---|
| Catches AI tools you didn't know about | No — only what you instrument | Partial — domain only | Yes — every TLS flow |
| Redacts secrets & PII in prompts | Yes | No — payload not inspected | Yes |
| Identity per request | Library-supplied (spoofable) | User-Agent / SSO | DHCP lease (network-truth) |
| Token / cost visibility per agent | Only instrumented agents | No | Yes — every model, every call |
| Deployment effort | Code change in every app | Endpoint agent rollout | One push via your network |
| Coverage of unmanaged BYOD & vendors | No | If on managed device | Yes — anything on the network |
The collector is a single Linux container running a TLS-decrypting proxy and our policy engine. Your existing network advertises it to every device — no install on user laptops, no SDK in your apps.
None of these are hypothetical. They're the events our policy engine flagged in real customer environments during the closed beta.
An engineer asked ChatGPT to help debug a script. The script had hardcoded AWS_ACCESS_KEY and AWS_SECRET. Both would have left the network.
A support team's AI agent received raw chat transcripts containing customer SSNs and credit card numbers. None of it should have reached Anthropic.
A new vendor tool started calling api.deepseek.com from a finance laptop. Nobody in IT had ever heard of it.
A misconfigured QA agent started rerunning evals on Opus. At that rate, $50K by morning. The daily-spend rule paused it.
Designed for the network operator, not the AI engineer. Ordered rules, dense logs, identity from the lease — what you already know how to read.
We onboard 1–2 networks a week. Send us your work email and we'll set up your collector within 24 hours of approval.
No credit card. Free during beta. Single tenant per customer.