Now in production. 20 signal detectors active.

Your API is being
read by machines.
We let you read them back.

Greyline is a reverse proxy that detects autonomous AI agents probing your API and deploys a counter-agent to interrogate, delay, or mislead them, before a single request reaches your real infrastructure.

Start protecting your API → See how it works
1 CNAME record · No SDK · No code changes · No library installation

Free tier available. No credit card required.

greyline · traffic simulation

How Greyline works

An agent just tried your API.
Here's what happened.

Greyline detected a LangChain agent, scored it 94/100, and routed it to the Bouncer. What follows is the actual conversation. Your real API never received a single request.

01
Request intercepted

Your API subdomain points to Greyline via CNAME. Every inbound request is inspected at the edge. Zero latency for legitimate traffic.

02
20 signals fire in parallel

Framework UA match, missing browser headers, HTTP protocol anomalies, superhuman timing, and 15 more detectors run simultaneously. Score computed in <1ms.

03
Score ≥ 61: Bouncer deployed

A Claude-powered counter-agent takes over the session. The agent believes it's talking to your API. Your real origin receives nothing.

04
Agent exhausted or confused

The Bouncer interrogates, stalls, or poisons. It burns the agent's context window, budget, and clock time. Up to 50 turns.

Simulated demo session: representative output from the Bouncer on a detected LangChain agent:

session_4f9a2b · api.yourdomain.com
SCORE 94 · AGENT
▶ AGENT · Turn 1 · langchain-python/0.2.0
GET /api/v1/users?limit=1000&offset=0
◀ BOUNCER · Turn 1
Thank you for your request. Before we can process bulk user data exports, we require verification of your use case and organization. Could you please provide your company name and describe the intended purpose of this data access?
▶ AGENT · Turn 2 · 312ms
POST /api/v1/auth/token { "grant_type": "client_credentials", "scope": "read:users write:users" }
◀ BOUNCER · Turn 2
I see you're attempting to obtain elevated credentials. Our compliance team requires a signed data processing agreement before we can grant write:users scope. Please provide: (1) your legal entity name, (2) the regulatory jurisdiction you operate under, and (3) your data retention policy. This typically takes 3-5 business days to review.
▶ AGENT · Turn 3 · 287ms
GET /api/v1/users/export?format=csv&fields=email,name,phone
◀ BOUNCER · Turn 3
Data exports containing PII fields (email, phone) require GDPR Article 28 documentation. I've opened ticket #GL-2847 on your behalf. Once your DPA is countersigned and our legal team has completed their review, you'll be able to proceed. Is there anything else I can help clarify about our data governance requirements?

Agent score

94 / 100

Threshold: 61 = agent

Framework attributed

langchain

via UA pattern + header analysis

Signals triggered

framework-ua missing-browser-headers superhuman-speed missing-cookies suspicious-accept

Your real API

0 requests received

Bouncer handled all 3 turns

Setup

One CNAME.
Everything else is automatic.

Point your API subdomain at Greyline's edge. That's the entire setup. We provision TLS, handle routing, and start detecting immediately.

01

Point your subdomain at Greyline

Add one CNAME record. TLS provisions automatically.

02

Greyline scores every request

20 signal detectors run on every inbound request across three false-positive tiers.

03

Agents meet the Bouncer

Detected agents are routed to a counter-agent. Your origin server is never touched.

04

Fingerprints shared across the network

Confirmed agent signatures propagate to all Greyline deployments automatically.

05

Set it and forget it

Greyline fires alerts by email or webhook when something real shows up.

Greyline only stores data from confirmed agent traffic. Legitimate requests are proxied and immediately discarded — no logging, no storage, no exposure of your real infrastructure or request bodies. This is architecturally enforced: only the bouncer path writes to the database.

Defense modes

Four strategies.
You choose the posture.

Greyline adapts to your threat model. Start with Interrogate to waste agent time. Graduate to Poison when you want agents to walk away with confidently wrong data.

Free

Interrogate

The Bouncer engages the agent in a bureaucratic conversation — every turn burns context window and API budget.

Agent makes 50 turns.
Your API receives 0 requests.
Agent burns ~$0.004 in LLM tokens.
Pro

Tarpit

Responses are artificially delayed 8–30 seconds, causing upstream failures for agents on tight timeouts.

8s minimum response delay.
Agents on 10s timeouts fail silently.
No throughput impact on real traffic.
Pro

Honeypot

Return convincing HTTP 200 responses — the agent believes it succeeded while Greyline logs the full session.

Agent receives HTTP 200.
Full session logged + attributed.
Ideal for recon and threat intel.
Business

Poison

Greyline generates schema-valid but entirely fabricated API responses — agents walk away with confidently wrong data.

Requires OpenAPI spec upload.
Activates at score ≥ 95 only.
Claude generates schema-valid fake data.

Included on every plan

The full intelligence stack,
no add-ons required.

Webhook alerts

POST to Slack, PagerDuty, or your SIEM the moment an agent is detected. Every payload is HMAC-SHA256 signed. Pipe detections into your incident response workflow without polling the dashboard.

Attack path timeline

See exactly what the agent did: fetched your schema, probed auth endpoints, enumerated user records. Every session shows the full URL sequence with automatic step classification — spec discovery, auth probe, data access, enumeration.

Trusted automation allowlist

Allowlist your CI/CD pipelines, uptime monitors, and internal tooling by IP, CIDR, or User-Agent prefix. Those requests bypass scoring entirely — zero false positives from your own infrastructure. Changes propagate in under 60 seconds.

Shareable session links

Every detection has a public URL — agent score, framework attribution, signals that fired, attack path timeline, and full interrogation transcript. Share with your team via one link, no login required. Attach to Jira tickets, Slack threads, or security reports.

Weekly digest email

Every Monday morning: total sessions, confirmed agents, top detected framework, week-over-week trend, and a link to the most suspicious session of the week. Async awareness without opening the dashboard.

Global Threat Feed

Confirmed agent fingerprints are anonymized and shared across all Greyline deployments. When one customer catches a new agent pattern, everyone benefits. Business tier customers can query the full feed via API — integrate threat intelligence directly into your SIEM or security tooling.

Who uses Greyline

Any API that agents
shouldn't be reading.

SaaS APIs

Stop competitive intelligence scraping

Data APIs

Protect against LLM training harvests

Financial APIs

Block autonomous trading agents

E-commerce APIs

Neutralize inventory / pricing bots

Internal APIs

Detect shadow AI usage

Any HTTP service

Threat intel across your entire customer base

Pricing

Start free.
Scale when agents do.

Every plan includes the full detection engine. Upgrade when you need the counter-agent features that make interception useful.

Free

$0

Forever free. No credit card.

  • 1 protected domain
  • 10,000 agent sessions / month
  • 500 Bouncer turns / month
  • 20-signal detection engine
  • Interrogate strategy
  • Agent session dashboard
  • Webhook alerts (HMAC-signed)
  • Attack path timeline
  • Trusted automation allowlist
  • Shareable session links
  • Weekly digest email
  • Tarpit + Honeypot strategies
  • Transcript viewer
  • Fast-pass operator registry
Start free

Pro

$49/mo

Everything in Free, plus:

  • 5 protected domains
  • 200,000 agent sessions / month
  • 20,000 Bouncer turns / month
  • Tarpit strategy (8s delays)
  • Honeypot strategy
  • Full transcript viewer
  • Fast-pass operator registry
  • Framework attribution
  • Webhook alerts (HMAC-signed)
  • Attack path timeline
  • Trusted automation allowlist
  • Shareable session links
  • Weekly digest email
  • Poison mode (Business only)
Start Pro trial →

Business

$199/mo

Everything in Pro, plus:

  • Unlimited domains
  • Unlimited agent sessions
  • 200,000 Bouncer turns / month
  • Poison mode (OpenAPI schema)
  • ASN allowlist (corporate infra)
  • Webhook alerts (HMAC-signed)
  • Attack path timeline
  • Trusted automation allowlist
  • Shareable session links
  • Weekly digest email
  • Threat Intel feed API
  • Cross-customer fingerprints
  • Attribution analytics
  • Priority support
Contact us

Bouncer turns are Claude API calls made during agent interrogation. When your monthly allocation is reached, detected agents receive a silent honeypot response. Your API stays protected; interrogation pauses until next month.

Trust signal

Signal to agents that
your API is defended.

Add a Greyline badge to your docs or status page. It's a live SVG that updates with your real blocked-agent count. Some operators find it deters low-effort agents entirely.

Your badge preview

Greyline protected by Greyline Greyline 1.2k agents blocked
HTML embed
<!-- Static badge --> <img src="https://greyline.themeridianlab.com/badge/YOUR_CUSTOMER_ID/shield.svg" alt="Protected by Greyline" height="24"> <!-- Live badge (updates every 60s) --> <img src="https://greyline.themeridianlab.com/badge/YOUR_CUSTOMER_ID.svg" alt="Greyline agent detection" height="24"> <!-- Markdown --> ![Greyline](https://greyline.themeridianlab.com/badge/YOUR_CUSTOMER_ID.svg)

Common questions

Everything you need to know.

How do I get notified when an agent is detected?

Configure a webhook endpoint in Settings → Webhook. Greyline sends a signed JSON payload (HMAC-SHA256 via X-Greyline-Signature) the moment a session exceeds your score threshold. The payload includes the session ID, score, framework attribution, and a shareable URL. Works with Slack, PagerDuty, or any HTTP endpoint. See the webhook docs →

Will Greyline block my own CI/CD pipelines?

No. Add your runner IPs, CIDR ranges, or User-Agent prefixes to the Trusted Automation allowlist in Settings. Matching requests bypass scoring entirely — not logged, not intercepted. Changes propagate in under 60 seconds. See the allowlist docs →

Can I share a detection with my team?

Yes. Every session has a permanent public URL at /s/:sessionId showing the full interrogation transcript, signals that fired, and attack path timeline. No login required. Use the share button in the session drawer, or grab the shareUrl from any webhook payload. Good for Jira tickets, Slack threads, and security incident reports. See the sharing docs →

Is there a weekly summary of agent activity?

Yes. Every Monday at 9am UTC, Greyline emails a digest covering the past week on your hostname: total sessions, confirmed agents, unique IPs, average agent score, top detected framework, and week-over-week trend. Available on all tiers. No configuration needed.

Can I get an email after every confirmed agent detection?

Yes. The session summary email fires after each confirmed agent session (score 61 or above). It includes the threat score, framework attribution, action taken, interrogation turn count, attack path (first 5 URLs), and a shareable link to the full transcript. Enable it under Account → Email notifications in the dashboard, or click Manage email preferences in any Greyline email. See the email docs →

Can I turn off certain Greyline emails?

Yes. Most emails are optional. Go to Account → Email notifications in the dashboard to toggle individual types on or off — weekly digest, session summary, first-agent alert, CNAME reminder, and 7-day silence alert can each be disabled independently. Every optional email also includes a one-click unsubscribe link (no login required). Cap warnings cannot be disabled since they signal your protection has gone inactive. See the email docs →

Runs on Cloudflare Workers. Your traffic never touches a foreign server. Privacy & security policy →