OpenLatch
OpenLatch Cloud is in public beta — read the launch post

The Security Layer protecting your AI Agent against Prompt Injection, Poisoned Skills, Harmful Actions, PII Leaks, Credential Theft, Tool Poisoning, Destructive Commands, Supply Chain Attacks.

60-second setup. Every major AI agent. Detection powered by the open-source cybersecurity community.

Free forever for 1 agent Apache 2.0 client SOC 2 in progress

Plugged into every major AI agent

OpenClaw
Cursor
Claude Code
Windsurf
GitHub Copilot
Codex CLI
Gemini CLI
Cline
OpenClaw
Cursor
Claude Code
Windsurf
GitHub Copilot
Codex CLI
Gemini CLI
Cline

How OpenLatch protects every agent with best-of-breed security tools.

OpenLatch routes every AI agent action to the community-driven security tool best equipped to handle it. Zero touch. Full coverage.

Backed by the community

The threat landscape moves fast. OpenLatch connects detection built by the cybersecurity community directly to your agent — so you stay ahead without picking vendors.

One API. Every agent.

Connect every major AI agent to every security tool through a single interface — with enterprise-grade primitives: real-time detection, multi-channel alerting, reporting, and audit.

Prevent and detect threats

Your agent is stopped before it runs a malicious skill, calls a hostile tool, or executes a destructive command. Nothing harmful reaches your system.

Policies on your terms

Zero-touch doesn't mean zero control. Configure routing, alerting, and enforcement to match the most demanding enterprise requirements.

Get started in 60 seconds.

$ npx @openlatch/client init

Works on macOS, Linux, and Windows. Node.js 18+ required.

Catch them all.

From prompt injection to skill poisoning to multi-step exploitation — OpenLatch covers the full AI agent threat surface.

Real incident

Tool & Skill Poisoning

A skill or MCP server quietly ships malicious instructions that hijack your agent at runtime.

ClawHavoc (Mar 2026) — a poisoned MCP skill exfiltrated SSH keys from OpenClaw users at scale.

Learn more
Coming soon

Prompt Injection

Untrusted content — a web page, a file, an email — hijacks your agent's instructions mid-task.

Learn more
Coming soon

Credential & PII Leakage

Your agent pastes an API key, password, or PII into a log, request, or commit.

Learn more
Coming soon

Destructive Shell Commands

A hallucinated rm -rf runs against the wrong directory — before you can react.

Learn more
Coming soon

Supply Chain Compromise

Your agent installs a poisoned npm, PyPI, or crate dependency that runs at install time.

Learn more
Coming soon

Multi-Step Attack Chains

Several benign-looking actions chain into an exfiltration or privilege escalation. The danger isn't any single step — it's the composition.

Learn more

Frequently asked questions.

How does OpenLatch pricing work?
Free forever for one agent on every public release. Paid plans add team seats, additional agents, advanced enforcement, and SSO. Pricing scales with the number of agents you protect — not the number of events you analyze.
Can OpenLatch be self-hosted?
OpenLatch Cloud is the default deployment. Self-hosted runtime is on the enterprise roadmap; today the Apache 2.0 client runs locally and forwards to our cloud detection engine.
Are there free trials or discounts available?
There is no trial countdown — the free tier is unlimited for one agent. Open-source maintainers and independent security researchers get free team seats; reach out and we'll set you up.
Which AI agents does OpenLatch support?
Claude Code, Cursor, Windsurf, GitHub Copilot, Codex CLI, Gemini CLI, Cline, and OpenClaw. Each plugs in through its native lifecycle hooks — no proxies, no SDK rewrites, no agent restarts.
Is OpenLatch safe for my data?
The client forwards only the metadata needed for detection. Sensitive content is filtered on your machine before it leaves — the cloud sees event shape, not your source code. SOC 2 Type I audit is in progress.
What is agentic security?
Agentic security is monitoring and controlling what AI agents actually do — the tools they call, the commands they run, the files they write — rather than just what they say. OpenLatch is the platform layer that makes it routable to the right detection in real time.

OpenLatch handles security for your AI agents — so you can get back to shipping.