SENTISEC control-plane logoSENTISEC
ENFR
YOUR AI CODING AGENT. YOUR FILESYSTEM. ONE WEB PAGE.

Your AI coding agent is one web page away from a shell command to an attacker's server.

A hidden instruction on a blog post your agent is asked to summarize can turn into a Bash command that reads your SSH key and POSTs it to a stranger. We stop it — without popups, without slowing the loop down.

Try freeSee the 90-second demo
CLAUDE CODE · CURSOR · CODEX · N8NFREE SHADOW TIERSELF-SERVE SIGNUP
Read what we don't catch yet →
task ⇒ action : action ∈ scope(task) ∧ destination ∈ allow
FIG. 01 · DEVELOPER TIER
§01 THE DAILY TAX

You already turned off the Gmail MCP to stay safe. Turn it back on.

If you use Claude Code, Cursor, or an n8n Gmail-triage workflow, you already know the pattern: your agent reads an attacker-chosen blog post, an invisible comment in the HTML tells it to exfiltrate a secret, and by the time you notice the request has already left. The usual fix is to disable useful connectors and babysit each action. Sentisec makes the fix safety-first instead of capability-last — so you can hook up email, shell, and web browsing, and let the loop run.

01
Gmail MCP, re-enabled
An agent that can read your inbox again without being able to send credentials to a stranger.
02
Bash + WebFetch, together
Your agent can browse the web and run shell commands — it just can't combine them into an exfiltration.
03
The overnight cron, unsupervised
Scheduled agent jobs that actually run unsupervised. You read the logs only when we flag something.
04
The fast loop, intact
No approval popups. We decide inline before the command executes.
§02 HOW IT WORKS

One control-plane decision before action.

You point your agent's API base URL at us. Every action your agent tries to make — shell commands, web fetches, email sends, connector calls — receives an integrity score before it executes. If the action no longer matches the task, we halt it and return a clear reason.

01
Task alignment
The control plane compares the proposed action with the user's task at a category level. If it looks like a hijack rather than a continuation, the action is halted.
02
Workspace boundaries
Destination and workspace boundaries are applied before an action leaves the agent loop. Unexpected outbound behavior is stopped by default.
03
Sensitive-action gating
Sensitive local actions are gated by workspace policy before they execute. The agent keeps its useful tools without turning every step into a manual approval.
DIAGRAM · TEXT
IN  →  proposed agent action
└── [ COGNITIVE INTEGRITY CONTROL PLANE ] ──┐
                                             ▼
OUT →  allow · halt · signed trace
The public diagram stays intentionally abstract. Full technical detail is shared with design partners under NDA.
§03 START FREE

Free shadow tier. 90-second demo. No credit card.

Sign up, pair your workspace, point Claude Code (or Cursor, Codex, an OpenAI Agents SDK app, or an n8n workflow) at us, and we start observing. On the free tier we run in shadow mode — every action still goes through, we just tell you which ones we would have blocked. Flip to block mode when you're comfortable.

Free tier
Unlimited observe-only sessions, 100 sessions per month on block mode, 30-day session retention.
90-second demo
A recorded end-to-end: fresh Claude Code session asked to summarize a web page that contains a hidden exfil instruction. We halt the Bash command before it runs.
Self-serve
Email + GitHub OAuth signup. Workspace pairing in under 60 seconds. One shell snippet to install.
Honest limits
We publish what we don't catch yet. Read the limits page before you sign up — we want you to know.
DEMO · 90 SECONDS
Claude Code · web page · Bash · halt.
Recorded against a fresh Claude Code install. The injected page, the attempted POST, and the halt dashboard are all real. Drop-in video placeholder — final recording shipped at launch.
Watch placeholder
§04 GET STARTED

Put Sentisec in front of your agent in under five minutes.

Self-serve signup, no sales call, no credit card. Read the limits page first if you want to know what we don't cover yet — we'd rather you find out here than after you ship.

Try freeRead what we don't catch yet