Security Model
Microsoft, Cisco, CrowdStrike, and Gartner all agree: AI agents open new attack surfaces. Pinchy is the layer that closes them — without sacrificing what makes agents useful.
The Reality
Typical agent engines grant shell access, file system access, and network access out of the box. No permission layer. Every agent can do everything the host user can do.
API keys, SSH keys, cloud credentials — all accessible to agents running on the host. One prompt injection away from exfiltration. Microsoft's Security Blog calls this a critical risk.
What did the agent do? When? Why? Without cryptographic logging, you can't answer these questions. Gartner describes AI agents as "insecure by default."
"AI agents expand the attack surface in ways most organizations aren't prepared for."
— Cisco Security Blog
"Agent-based AI introduces new classes of vulnerabilities including tool misuse, privilege escalation, and data exfiltration."
— CrowdStrike
How Pinchy Solves This
Pinchy sits between your users and OpenClaw. Every request goes through authentication, permission checks, and audit logging before OpenClaw ever sees it.
Security Features
The agent engine runs inside a Docker container with no exposed ports. It's only reachable through Pinchy's authenticated WebSocket bridge. Agents never communicate directly with the outside world — every request passes through Pinchy's permission layer first.
Works todayAll API provider keys (Anthropic, OpenAI, Google) are encrypted at rest with AES-256-GCM. Keys are decrypted only when needed for model requests, never stored in plaintext.
Works todayAgents start with zero tools. Admins explicitly enable each tool — an allow-list, not a deny-list. A marketing agent gets "Post to Slack." It doesn't get shell access. Shell exists as a tool but must be deliberately enabled by an admin who accepts that responsibility.
Works todayEvery user gets their own conversation sessions per agent. No cross-user access to conversations. WebSocket connections are authenticated via cookie-based session validation on every upgrade.
Works todayOrganize users into groups (Engineering, HR, Legal) and restrict each agent to the groups that should see it. Enterprise feature in v0.4.0 — combine with Agent Permissions for two layers of defense.
Works today (v0.4.0)Every tool call, every message, every action — logged with a per-row HMAC-SHA256 signature. Append-only via PostgreSQL triggers. Export to CSV. One-click verifier flags any row whose signature no longer matches. Your compliance team will love this.
Works todayUnlike raw agent engines that give everything away, Pinchy agents start with nothing. No shell, no file access, no network tools. Every capability must be explicitly granted by an admin. The shell tool exists for power users who need it — but it's a conscious decision, not a default.
Works todayThe agent gateway is only reachable internally. The gateway token is auto-generated at startup and stored in a separate, scoped file. No manual credential management, no exposure risk.
Works todayOur Position
Agent engines are powerful, flexible, and open source — but they're built for individual developers, not enterprise teams. Pinchy doesn't dilute that power. It wraps it in the security layer regulated industries require, so your AI agents can be deployed the same way you'd deploy any other production workload.
Book a call and we'll walk through the security architecture with your team.
Book a Security Review →Or email us: info@heypinchy.com