Skip to content
OpenLatch

How It Works

OpenLatch uses a three-layer architecture to detect and block threats from AI coding agents in real time.

Architecture Overview

Section titled “Architecture Overview”
AI Agent → Hook (local client) → Detection Cloud → Verdict → Allow / Block

The entire round-trip happens in milliseconds, so agent workflows feel responsive.

Layer 1: Hook

Section titled “Layer 1: Hook”

The OpenLatch client installs lightweight hooks into your AI agent’s tool call pipeline. When an agent attempts an action — writing a file, running a shell command, making a network request — the hook intercepts it before execution.

What gets intercepted:

  • File system operations (create, write, delete)
  • Shell command execution
  • Network requests
  • Environment variable access

What does NOT get intercepted:

  • Code generation (text output from the agent)
  • Read-only operations (file reads, directory listings)
  • Agent-to-user communication

Layer 2: Detection Cloud

Section titled “Layer 2: Detection Cloud”

Intercepted actions are sent to the OpenLatch detection engine for analysis. The payload includes action metadata — not your source code.

The detection engine evaluates each action against:

  • Known malicious patterns (e.g., reverse shells, credential exfiltration)
  • Anomaly detection (unusual behavior for the current session context)
  • Policy rules (configurable per-organization)

Layer 3: Verdict

Section titled “Layer 3: Verdict”

Each action receives a verdict:

VerdictMeaning
AllowAction is safe — the agent proceeds normally
BlockThreat detected — action is prevented, agent receives an error
FlagSuspicious but not blocked — logged for review

Fail-Open Design

Section titled “Fail-Open Design”

If the detection cloud is unreachable (network outage, timeout), OpenLatch allows the action to proceed. This is a deliberate design choice:

  • Developer productivity is never blocked by infrastructure issues
  • The client logs bypassed actions for later review
  • Timeout threshold is configurable (default: 500ms)

Privacy

Section titled “Privacy”

OpenLatch sends action metadata to the cloud, not your source code:

  • Command strings (e.g., rm -rf /)
  • File paths being written to
  • Network destinations
  • Session context (agent type, project hash)

File contents, source code, and environment variables are never transmitted.