🛡️ AI Firewall · 🔐 Key Vault — OnlyAllow.ai

See everything.
Trust nothing blindly.

The complete AI security platform. Firewall your AI agents, secure your API keys, observe every decision in real-time. One platform — total protection.

Explore Products See How It Works
🔍
your_app.py
1 import openai
2
3 client = openai.OpenAI(
4 base_url="https://api.openai.com/v1",
4 base_url="https://api.onlyallow.ai/v1", # ← the only change
5 api_key=os.environ["OPENAI_KEY"]
6 )
One line. Now every AI call flows through The Looking Glass.
12
Defense Layers
< 400ms
Speed Pass Latency
100%
Score Required
5 min
Key TTL
Two Products. One Platform.
Complete AI Security Stack
Choose what you need — or use both together for end-to-end protection.
FIREWALL
🛡️

Looking Glass

The AI firewall that tests every AI agent before it touches your systems. Riddle-based authentication, real-time observability, zero blind trust.

  • Riddle-based AI authentication
  • Live pipeline observability
  • Speed Pass for trusted AI
  • Self-hardening riddles
Open Firewall →
SECURE VAULT
🔐

Key Vault

Ultra-secure API key storage with zero-trust architecture. AES-256 encryption, jumpbox isolation, and unified billing across all AI providers.

  • AES-256 encrypted at rest
  • Jumpbox proxy protection
  • BYOK (Bring Your Own Key)
  • Save up to 22% on tokens
Open Key Vault →
The Problem
Your AI has the same keys as your engineers
Every API gateway checks identity. None of them check if the AI actually understands what it's about to do.

🚫 Without The Looking Glass

# Your app talks directly to OpenAI client = openai.OpenAI( base_url="https://api.openai.com/v1" ) # AI has full access immediately # No competence check # One hallucination = DROP TABLE # Logs show nothing useful

✅ With The Looking Glass

# Same code — just a different URL client = openai.OpenAI( base_url="https://api.onlyallow.ai/v1" ) # AI must solve a riddle first # 100% score or no access # Glass Box shows every verdict # Self-hardening riddles evolve
How The Looking Glass Works
What happens inside the firewall on every request
From the moment your request arrives until the response comes back — every step visible.
🔒

1. Encrypt

Request is encrypted with AES-256-GCM before it leaves your app. Even if intercepted — unreadable.

Platform Layer

2. Speed Pass Check

Does this AI already hold a cached Capability Certificate? If yes — skip straight to forwarding. Under 400ms.

Speed Pass
🧩

3. Generate Riddle

No cert? The Looking Glass builds a contextual riddle from your real system data — database tables, service endpoints, team structures. Only an AI that truly knows your systems can solve it.

Riddle Matrix
📝

4. AI Solves the Riddle

The AI receives messy, real-world data (logs, config, metadata) and must extract the correct answers. A competent AI solves it instantly. An outsider can't even begin.

5. Grade & Decide

Every field checked. 100% correct = pass. Anything less = denied. No partial credit. A temporary key (5 min TTL) and Capability Certificate are issued.

Gate Layer
🚀

6. Forward to Provider

The request is sent to the real LLM (OpenAI, Claude, Groq, Bedrock — any provider). Your app receives the normal response. Zero code changes.

🔍

7. Log to The Looking Glass

Every action — riddle generated, score computed, cert issued or denied — is streamed live to The Looking Glass Dashboard via SSE. Full observability in real time.

Observable
Two Modules
Choose how riddle knowledge is built
The firewall works the same either way. The difference is where the riddle intelligence comes from.
👤
Module 1

Human-Led Firewall

A person onboards the AI with system knowledge — like onboarding a new employee. That knowledge becomes the riddle clues.

  • Human decides what the AI knows
  • Knowledge = riddle clues
  • No onboarding = impossible riddle
  • Full human accountability
🧠
Module 2

AI Brain Firewall

An AI Brain auto-scans your infrastructure and builds riddles automatically. No human intervention needed — the Brain keeps riddles fresh and evolving.

  • Scans your systems automatically
  • Builds the smartest riddles
  • Self-hardening when pass rates climb
  • Zero human overhead
The Looking Glass Dashboard
Watch every AI decision — live
Not just logs. A real-time feed showing which AI tried to access what, what riddle it received, how it scored, and what happened next.
Live Feed — The Looking Glass
agent-gpt4o-deploy
cloud_infrastructure → backend-prod
100% — PASSED
agent-claude-finance
finance_ops → payroll
60% — DENIED
agent-gpt4o-cicd
ci_cd → github-actions
SPEED PASS ⚡ 180ms
agent-groq-db
database_ops → postgres-main
100% — PASSED
agent-unknown-42
cloud_infrastructure → vpc-prod
0% — BLOCKED
agent-gpt4o-deploy
cloud_infrastructure → backend-staging
SPEED PASS ⚡ 210ms
Open Full Dashboard →
🔐 Key Vault
Your API keys, locked down
Zero-trust key storage with military-grade encryption. Never expose raw keys in code again.
🔒

AES-256-GCM Encryption

Keys encrypted at rest with your master key. Even we can't see them — only your authorized services can decrypt.

🚧

Jumpbox Proxy

Keys never leave the vault. Requests proxy through isolated containers with no persistent storage or network egress.

🔑

BYOK Support

Bring your own OpenAI, Anthropic, or Groq keys. Use our unified billing or your existing provider accounts.

💰

Save up to 22%

Unified billing with volume discounts across providers. One invoice, predictable costs, transparent pricing.

Open Key Vault →
Use Cases
How businesses deploy The Looking Glass
Same one-line change. Different industries, different riddles, same protection.
SaaS / DevOps

🖥 AI deploys to production

Riddle tests: "What's the main branch? What's the staging URL? Which service owns /api/users?"

Finance / Banking

💰 AI accesses transaction data

Riddle tests: "Who is the CFO? What's the payroll DB table? What's the quarterly tax deadline?"

Healthcare

🏥 AI reads patient records

Riddle tests: "What EHR system is active? What's the patient ID format? What department owns this data?"

Cloud Infrastructure

☁️ AI manages AWS/GCP

Riddle tests: "What VPC is production? What's the CIDR block? Which IAM role has deploy access?"

E-Commerce

🛒 AI updates product catalog

Riddle tests: "What's the price table? What currency format? What's the max discount policy?"

Legal / Compliance

⚖️ AI reviews contracts

Riddle tests: "What jurisdiction? What case management system? What document classification level?"

Security
Enterprise security, built in
Drop-in simplicity with military-grade security under the hood.
🔌

OpenAI-Compatible Proxy

Works with any app that talks to OpenAI, Claude, Groq, or Bedrock. Change one URL — that's it.

🔒

AES-256-GCM Encryption

End-to-end encryption. Data is encrypted before it leaves your app — even we can't read it in transit.

🧬

Self-Hardening Riddles

When pass rates climb above 90%, riddles automatically evolve to stay ahead. Security improves without human intervention.

Speed Pass

Trusted AI skips the riddle with a cached Capability Certificate. Repeat access in under 400ms.

🔐

Safe Room + Auto-Wipe

Locked sandbox with no internet access, auto-destroyed when the task completes. Applied on top of either module.

🔍

Full Observability

The Looking Glass Dashboard streams every verdict, every score, every decision — live via SSE. Nothing hidden.

One platform. Complete AI protection.

Firewall your AI agents with Looking Glass. Secure your keys with Key Vault. No blind trust.

🛡️ Open Firewall 🔐 Open Key Vault Read the Deep Dive