Early Access — Free for founding teams

Secure your AI agents. Prove what they did.

estoppl intercepts every AI agent tool call, enforces guardrails, and produces a third-party-signed certificate your customer's CISO verifies in 30 seconds. Set up in 2 minutes.

Get Started FreeSee a live certificate →Book a Demo

See it in action

Watch estoppl intercept Stripe MCP tool calls in Cursor, block a $50,000 invoice from the cloud dashboard, and log every action with a signed audit trail.

One platform to secure, monitor, and verify AI agent actions

AI agents call APIs, execute code, and move money. estoppl gives you control over what they can do — and proof of what they did.

Org-Wide Dashboard

Monitor every agent in real time. Event feeds, decision badges, request/response inspection, and compliance exports.

Custom Policy Rules

Block lists, allow lists, amount thresholds, rate limits, and custom conditional rules on any field. Per-agent overrides.

Human Review

High-risk tool calls pause until a human approves or denies. One-click approve/deny via email, Slack, webhook, or dashboard.

Cryptographic Audit Trail

Every tool call signed with Ed25519 and hash-chained. Tamper-evident. Download verifiable receipts and compliance exports.

Attestation Header

Every forwarded request carries an X-Estoppl-Attestation header. Upstream servers verify governance before processing.

Remote Kill Switch

Block a tool or shut down an agent from the dashboard. Every proxy picks up the change within 5 seconds.

estoppl dashboard showing tool call events with ALLOW, BLOCK, and HUMAN_REQUIRED decisions

How it works

estoppl sits between your AI agents and the tools they call. Every action is intercepted, evaluated against policy, signed, and synced to the cloud for org-wide visibility and verification.

Your Agents
Agent 1
Agent 2
Agent 3
estoppl proxy
Policy evaluation·Ed25519 signing·Attestation header
Allowed calls forwarded
MCP Server A
MCP Server B
MCP Server C
Blocked calls never reach upstream
Every event synced
estoppl Cloud
Dashboard
Alerting
Kill switch
WORM
Verification API

Read the full architecture →

Built for AI agent vendors selling into regulated industries

The Standing Certificate accelerates security review by 30-50%. The compliance dividend tier produces the per-vertical regulatory evidence pack your customer's compliance team contractually requires.

AI agents → broker-dealers / RIAs / asset managers

Our customer's compliance team wants evidence covering our agent's tool calls that fits their SEC 17a-4 / FINRA 4511 recordkeeping arrangements. Vanta and ISO 42001 don't cut it. Our deals stall in CISO review.

Standing Certificate ships with every enterprise quote. Continuous tamper-evident audit trail integrates with their existing D3P / recordkeeping arrangements as supplementary evidence. CISO verifies the certificate independently with one CLI command.

AI agents → healthcare providers / payers

Hospital procurement asks for HIPAA Security Rule evidence on our agent's data access patterns. We don't have a clean way to produce it.

Per-tool policy enforcement + signed event chain + audit evidence that maps to HIPAA Security Rule technical safeguards (45 CFR §164.312). Supports your customer's existing HIPAA compliance program — does not replace it.

AI agents → federal contractors / agencies

We're trying to land a DoD prime as a customer. They want continuous evidence of agent action governance for ATO review. Our security packet is rejected.

Continuous attestation evidence on top of the Standing Certificate. Maps to NIST AI 600-1 control families. Integrates with the agency's existing FedRAMP / ATO process — does not certify FedRAMP itself.

Enterprise CISO (consumer of certificate)

An AI vendor sent me a Standing Certificate. How do I verify it independently? I don't want to trust their cloud or ours.

Run estoppl verify-certificate cert.json. Fetches the issuer's public key from JWKS, verifies Ed25519 signature offline, returns VALID + drill-down summary in under 30 seconds. Algorithm spec is published — re-implement in any language.

Get started

estoppl CloudFree during Early Access

For teams

Sign up, pick a policy template, connect your proxy. No credit card. No sales call. Start in 2 minutes.

  • Dashboard with real-time event monitoring
  • Custom policy rules and human review
  • Kill switch — block any tool in seconds
  • Email and Slack notifications with one-click approve/deny
  • Compliance exports and verifiable receipts
Get Started Free
Open Source

For developers

Full proxy with guardrails, signed audit trail, and local dashboard. Apache 2.0. No account required.

npmnpm install -g estoppl
Homebrewbrew tap estoppl/tap && brew install estoppl
View on GitHub

Start securing your AI agents today

Sign up, connect your first proxy, and see every tool call in your dashboard within minutes. Free during early access.

Get Started FreeBook a Demo