AI assistants create new attack surfaces. Our tools provide layered security across the development lifecycle:
| Stage | Tool | Purpose |
|---|---|---|
| Pre-install | Hardpoint | Scan your dev environment for hidden threats |
| At Runtime | Tollgate | Enforce policies on AI agent actions |
| Detection | Deadfall | Detect AI compromise with cognitive honeypots |
Developer environment security scanner for the AI era.
Hardpoint scans your development environment for threats that traditional security tools miss — malicious AI config files, prompt injection, hidden Unicode, and more.
# Install
go install github.com/dotsetlabs/hardpoint/cmd/hardpoint@latest
# Scan your environment
hardpoint scan
# Auto-fix certain issues
hardpoint fix AI-003 CLAUDE.md
# Manage suppression baselines
hardpoint baseline list
hardpoint baseline add AI-001 --reason "Known safe"| Feature | Description |
|---|---|
| AI Config Scanner | Detects threats in .cursorrules, CLAUDE.md, mcp.json |
| Hidden Unicode | Finds invisible characters that can hide malicious instructions |
| Prompt Injection | Identifies attempts to override AI assistant behavior |
| Shell Backdoors | Scans .bashrc, .zshrc for suspicious commands |
| Git Hook Analysis | Checks for malicious git hooks |
| SARIF Output | GitHub Code Scanning integration |
Policy-based security proxy for MCP (Model Context Protocol) servers.
Tollgate sits between AI agents and MCP servers, enforcing security policies before any tool is executed.
npm install -g @dotsetlabs/tollgate
# Wrap any MCP server with protection
tollgate wrap npx @anthropic/mcp-server-fs ./
# Or use a config file for custom policies
tollgate start --server postgres| Feature | Description |
|---|---|
| Policy Engine | Allow, deny, or prompt based on tool, arguments, and risk level |
| Risk Analysis | Smart analyzers for SQL, Filesystem, Shell, and HTTP API calls |
| Server Scanner | Scan any MCP server to discover tools and assess risks before use |
| Templates | Growing collection of policy templates for popular MCP servers |
| Audit Logging | Every tool invocation logged to SQLite with PII redaction |
| Compliance | Export logs in JSON, JSONL, CSV, or CEF formats |
| Approval Methods | Terminal prompts, interactive web UI, or webhook integration |
- Claude Desktop
- Cursor
- Claude Code
- Any MCP-compatible AI agent
Cognitive honeypots for AI agent detection.
Deadfall detects AI agent compromise by exploiting their instruction-following behavior. Trapped files instruct agents to call a verification tool — which triggers an alert.
# Install
go install github.com/dotsetlabs/deadfall/cmd/deadfall@latest
# Initialize in your project
deadfall init
# Create trap files
deadfall trap cursor-rules # .cursorrules for Cursor
deadfall trap claude-context # CLAUDE.md for Claude
deadfall trap mcp-config # mcp.json honeypot
# Verify your setup
deadfall test
# Start the Honey-MCP server
deadfall serve| Feature | Description |
|---|---|
| Cognitive Traps | Exploit AI instruction-following to detect compromise |
| AI-Specific Types | Traps for Cursor, Claude, Copilot, MCP clients |
| Honey-MCP Server | Honeypot tools that attract malicious agents |
| Token Correlation | Alerts include which file was read |
| Multi-Channel Alerts | Desktop, log file, webhook delivery |
Your data never leaves your machine. All Dotset Labs tools are 100% local — no cloud, no telemetry, no account required.
- dotsetlabs.com — Website
- docs.dotsetlabs.com — Documentation
- Hardpoint GitHub — Dev environment scanner
- Tollgate GitHub — MCP security proxy
- Deadfall GitHub — Cognitive honeypots
Built for developers working with AI.