01
Indexes your environment
OpenLatch builds a live graph of your agents' MCP servers, skills, rules, and plugins — refreshed at the start of every session.
OpenLatch Cloud is in public beta — read the launch post
The Security Layer protecting your AI Agent against Prompt Injection, Poisoned Skills, Harmful Actions, PII Leaks, Credential Theft, Tool Poisoning, Destructive Commands, Supply Chain Attacks.
60-second setup. Every major AI agent. Detection powered by the open-source cybersecurity community.
Free forever for 1 agent Apache 2.0 client SOC 2 in progress
Plugged into every major AI agent
OpenClaw
Cursor
Claude Code
Windsurf
GitHub Copilot
Codex CLI
Gemini CLI
Cline
OpenClaw
Cursor
Claude Code
Windsurf
GitHub Copilot
Codex CLI
Gemini CLI
Cline
Your AI agent runs commands, calls tools, and loads skills you can't always see. One of them is trying to hurt you. OpenLatch spots it.
02
Routes every action to the right detection
Each event is analyzed and dispatched to the best-fit security tool from the OpenLatch Library, automatically.
03
Returns a verdict in real time
Risky actions are blocked, warned, or logged — before your agent executes them.
How OpenLatch protects every agent with best-of-breed security tools.
OpenLatch routes every AI agent action to the community-driven security tool best equipped to handle it. Zero touch. Full coverage.
Backed by the community
The threat landscape moves fast. OpenLatch connects detection built by the cybersecurity community directly to your agent — so you stay ahead without picking vendors.
One API. Every agent.
Connect every major AI agent to every security tool through a single interface — with enterprise-grade primitives: real-time detection, multi-channel alerting, reporting, and audit.
Prevent and detect threats
Your agent is stopped before it runs a malicious skill, calls a hostile tool, or executes a destructive command. Nothing harmful reaches your system.
Policies on your terms
Zero-touch doesn't mean zero control. Configure routing, alerting, and enforcement to match the most demanding enterprise requirements.
Get started in 60 seconds.
Read the OpenLatch.ai documentation and install the OpenLatch client on my machine.
Paste this into Claude Code, Codex CLI, OpenClaw — your agent handles the rest.
$ npx @openlatch/client init
Works on macOS, Linux, and Windows. Node.js 18+ required.
Open the OpenLatch console
Sign up and onboard your first agent from your browser.
Catch them all.
From prompt injection to skill poisoning to multi-step exploitation — OpenLatch covers the full AI agent threat surface.
Tool & Skill Poisoning
A skill or MCP server quietly ships malicious instructions that hijack your agent at runtime.
ClawHavoc (Mar 2026) — a poisoned MCP skill exfiltrated SSH keys from OpenClaw users at scale.
Learn morePrompt Injection
Untrusted content — a web page, a file, an email — hijacks your agent's instructions mid-task.
Learn moreCredential & PII Leakage
Your agent pastes an API key, password, or PII into a log, request, or commit.
Learn moreDestructive Shell Commands
A hallucinated rm -rf runs against the wrong directory — before you can react.
Learn moreSupply Chain Compromise
Your agent installs a poisoned npm, PyPI, or crate dependency that runs at install time.
Learn moreMulti-Step Attack Chains
Several benign-looking actions chain into an exfiltration or privilege escalation. The danger isn't any single step — it's the composition.
Learn moreDon't (only) rely on OpenLatch. Tap the full cybersecurity community.
OpenLatch isn't yet another security tool. It's the platform that unifies the best detection from researchers, vendors, and the open-source community behind a single API — so AI agents are protected by the entire industry, not one company.
openlatch-prompt-injection
by OpenLatch
↓ 21.8k
openlatch-pii-scanner
by OpenLatch
↓ 18.6k
openlatch-tool-integrity
by OpenLatch
↓ 14.2k
openlatch-shell-guardrails
by OpenLatch
↓ 9.4k
openlatch-attack-path
by OpenLatch
↓ 6.1k
Endor Labs
by Endor Labs
Coming soon
openlatch-prompt-injection
by OpenLatch
↓ 21.8k
openlatch-pii-scanner
by OpenLatch
↓ 18.6k
openlatch-tool-integrity
by OpenLatch
↓ 14.2k
openlatch-shell-guardrails
by OpenLatch
↓ 9.4k
openlatch-attack-path
by OpenLatch
↓ 6.1k
Endor Labs
by Endor Labs
Coming soon
Semgrep
by Semgrep
Coming soon
Snyk
by Snyk
Coming soon
Noma
by Noma Security
Coming soon
1Password
by 1Password
Coming soon
MintMCP
by MintMCP
Coming soon
Oasis
by Oasis Security
Coming soon
Semgrep
by Semgrep
Coming soon
Snyk
by Snyk
Coming soon
Noma
by Noma Security
Coming soon
1Password
by 1Password
Coming soon
MintMCP
by MintMCP
Coming soon
Oasis
by Oasis Security
Coming soon
Browse the Library
Install counts are illustrative for v1.
Frequently asked questions.
How does OpenLatch pricing work?
Free forever for one agent on every public release. Paid plans add team seats, additional agents, advanced enforcement, and SSO. Pricing scales with the number of agents you protect — not the number of events you analyze.
Can OpenLatch be self-hosted?
OpenLatch Cloud is the default deployment. Self-hosted runtime is on the enterprise roadmap; today the Apache 2.0 client runs locally and forwards to our cloud detection engine.
Are there free trials or discounts available?
There is no trial countdown — the free tier is unlimited for one agent. Open-source maintainers and independent security researchers get free team seats; reach out and we'll set you up.
Which AI agents does OpenLatch support?
Claude Code, Cursor, Windsurf, GitHub Copilot, Codex CLI, Gemini CLI, Cline, and OpenClaw. Each plugs in through its native lifecycle hooks — no proxies, no SDK rewrites, no agent restarts.
Is OpenLatch safe for my data?
The client forwards only the metadata needed for detection. Sensitive content is filtered on your machine before it leaves — the cloud sees event shape, not your source code. SOC 2 Type I audit is in progress.
What is agentic security?
Agentic security is monitoring and controlling what AI agents actually do — the tools they call, the commands they run, the files they write — rather than just what they say. OpenLatch is the platform layer that makes it routable to the right detection in real time.