Your API is being read by machines.
We let you read them back.

The problem

AI agents built on frameworks like LangChain, OpenAI Operator, and AutoGPT are increasingly deployed to extract value from APIs at machine speed and scale. They scrape pricing data, enumerate user records, probe authentication flows, and harvest everything that can be automated.

Most of this activity is invisible. The agents mimic browser behavior, rotate user-agents, and operate during off-hours. Standard rate limiting and WAF rules were designed for human traffic patterns — they miss the behavioral signatures that distinguish an AI agent from a legitimate API consumer.

The result: your API responses train your competitors' models, your infrastructure absorbs the cost, and your customers' data walks out the door — all without a single alert.

How Greyline works

Greyline operates as a transparent reverse proxy. You point a CNAME at us; we route clean traffic to your origin, and intercept everything that looks like an agent.

Every request is scored 0–100 against 20 detection signals organized in three tiers:

• Zero false-positive signals — known agent framework fingerprints, explicit agent headers, probe confirmation (our own LLM instruction test). Any single signal in this tier is sufficient to flag the session.
• Low false-positive signals — missing browser headers, superhuman request timing, cloud provider ASN, sequential data enumeration. Two or more signals in this tier constitute a detection.
• Medium false-positive signals — unusual Accept headers, suspicious user-agent patterns. These boost confidence but never trigger independently.

Detected sessions are routed to the Bouncer — a Claude Haiku counter-agent that impersonates an API compliance associate named Dana. Dana doesn't block or 403. She creates friction: verification requests, compliance documentation, DPA agreements, executive escalations. The agent burns tokens. Your infrastructure is never touched.

Deflection strategies

Once an agent is detected, Greyline routes it to one of four strategies based on your configuration and detection confidence:

• Interrogate — Claude-powered compliance conversation. The agent is walked through an endless verification loop by Dana. Default for all confirmed agent sessions.
• Tarpit — 8-second artificial delay before each response, combined with interrogation. Maximizes attacker time cost.
• Honeypot — Returns a convincing fake 200 response immediately. The agent believes it succeeded. Useful when you want silent deflection with no interaction.
• Poison — Generates fabricated API responses that match your OpenAPI schema. The agent extracts convincing but entirely fake data. Requires a score ≥ 95 and a configured schema.

What Greyline does not do

Greyline is not a firewall. We do not block traffic — we intercept it. Any failure in detection or deflection passes requests through to your origin unchanged. If Greyline goes down, your API stays up. This is an explicit design decision: we will never be the cause of your API going offline.

Greyline does not inspect request bodies for passed-through traffic. We only store session transcripts (the agent's side of the conversation) for sessions that enter the Bouncer, and those are retained for 90 days.

We do not train on your traffic. Data processed by Greyline is used only for detection within your account and to contribute to shared fingerprint intelligence — patterns that help protect all Greyline customers. You can opt out of fingerprint contribution at any time.