Agentlock

What is Agentlock?

Agentlock is a security gateway for AI agents that helps organizations connect agents without directly sharing their API keys. Instead of giving agents secrets, Agentlock routes agent requests through a “Request-Approve-Execute” workflow where the exact action details are reviewed and approved by a human before execution.

The core purpose is to add zero-trust controls, real-time oversight, and a reversible audit trail for agent activity—so sensitive operations (such as write actions or financial actions) can be gated by policy rather than performed automatically.

Key Features

• Request–Approve–Execute workflow: Agents send cryptographically signed requests; humans review the specific action details and approve or deny them (via mobile) before the action is executed.
• Zero-secret architecture: Agents are positioned so they never see API keys; a secure backend runner performs the approved execution.
• Encrypted agent communication and private browsing: The product describes encrypted internet traffic and secure/private browsing to help protect the communication path involved in agent execution.
• Complete control over actions via policy: Configurable rules can differentiate read, write, and financial actions so nothing happens unnoticed.
• Risk-based policy engine: A smart policy engine supports workspace-level risk rules, automatically allowing safe read-only tasks while requiring explicit approval for write or financial operations.
• Real-time push alerts with mobile approval: The workflow includes real-time push alerts and approvals from a mobile device.
• Multi-user approvals for high-risk actions: High-risk operations can require multiple team members to sign off (a “four-eyes principle”) using custom roles.
• Immutable audit trail and monitoring: An end-to-end encrypted timeline records requests and approvals so teams can monitor actions without exposing sensitive payloads.
• Universal undo layer: Supported agent actions can be rolled back, with an “instant undo” capability and a timeline similar to a bank statement.

How to Use Agentlock

1. Connect your AI agent(s) to Agentlock instead of providing them with API keys directly.
2. Configure policy rules for your workspace (for example, allowing read-only actions by default while gating write and financial actions for approval).
3. Enable the approval flow so signed agent requests are presented with the exact action details for human review.
4. Use mobile approvals and push alerts to approve or deny actions promptly.
5. Review the encrypted audit timeline after requests execute (and use undo for supported actions when you need to revert).

Use Cases

• Gated agent access to internal systems: An organization can allow agents to perform low-risk reads automatically while requiring approval for write operations to prevent unintended changes.
• Human approval for payments or financial transactions: Teams can enforce policies that require explicit human sign-off before any financial actions are executed by an agent.
• Multi-person review for sensitive workflows: For high-risk tasks, teams can require multiple users to approve the same request using custom roles and a four-eyes principle.
• Incident response and reversal of agent actions: If an agent takes an action that needs correction, teams can use the universal undo layer to revert supported actions and rely on the audit timeline for visibility.
• Teams monitoring agent behavior without exposing secrets: Because agents do not see API keys and an encrypted audit trail records approvals and requests, teams can monitor activity while reducing exposure of sensitive payloads.

FAQ

How does Agentlock prevent agents from accessing API keys?

Agentlock’s zero-secret approach routes agent requests through the gateway so agents do not see API keys; execution is performed by a secure backend runner after approval.

What happens when an agent wants to perform an action?

Agents send cryptographically signed requests with action details. A human reviews the request and approves or denies it from a mobile device before execution occurs.

Can teams require more than one approval for sensitive actions?

Yes. Agentlock supports multi-user approvals where high-risk actions can require multiple team members to sign off using custom roles and a four-eyes principle.

Is there a record of what agents did?

Agentlock includes an end-to-end encrypted, immutable audit trail presented as a timeline of actions and approvals, designed to allow monitoring without exposing sensitive payloads.

Can approved agent actions be undone?

Agentlock describes a universal undo layer and “instant undo” for supported actions, allowing teams to roll back changes after execution.

Alternatives

• Direct agent execution with human-in-the-loop checks (no gateway): Teams can implement approval in their own orchestration layer, but without a dedicated zero-secret gateway and centralized audit/undo workflow described by Agentlock.
• API management with authentication and rate limiting: An API gateway can control access to endpoints, but it typically doesn’t provide the same request-level human approval workflow for agent action details or the reversible audit trail/undo layer described here.
• Custom policy enforcement in an agent runtime: You can build policy checks into the agent or its controller, but you may need to separately handle secret isolation, approval UX, and an immutable audit timeline.
• SIEM/logging-only approach: Monitoring-only solutions help with visibility, but they don’t inherently prevent unauthorized actions at execution time or provide the approval-and-undo workflow Agentlock describes.