Agents blocked (30d)
—
score ≥ 61
Interrogated (30d)
—
score 31–60
Total sessions (30d)
—
all scored requests
Avg agent score
—
0 = human, 100 = agent
Attacker budget drained (30d)
—
est. Claude API cost burned
Bouncer turns (this month)
—
of monthly allocation
| Framework | Confidence | Seen By | Your Hits | Last Seen |
|---|---|---|---|---|
| langchain | 87% | 12 deployments | 3 | today |
| openai-operator | 72% | 8 deployments | 0 | 2d ago |
| autogpt | 61% | 5 deployments | 1 | 5d ago |
| Framework | Confidence | Seen By | Your Hits | Last Seen |
|---|---|---|---|---|
| Loading threat intelligence… | ||||
| Session ID | Score | Status | Strategy | Framework | Turns | First seen |
|---|---|---|---|---|---|---|
| Loading sessions… | ||||||
| Framework | Sessions | % of total |
|---|---|---|
| Loading… | ||
| Date | Total sessions | Blocked | Block rate |
|---|---|---|---|
| Loading… | |||
| Framework | Confidence | Confirmed by | Last seen |
|---|---|---|---|
| Loading… | |||
| Name | Status | Registered | |
|---|---|---|---|
| Loading… | |||
Add this CNAME record in your DNS provider to route traffic through Greyline. TLS is auto-provisioned — usually takes under 2 minutes after the record propagates.
| Type | Name | Value | TTL |
|---|---|---|---|
| CNAME | — | proxy.greyline.themeridianlab.com | 300 |
Your API key
—
Detection strategy
OpenAPI schema (YAML or JSON)
Paste your OpenAPI spec. Greyline will generate plausible fake responses that match your schema structure.
ASN allowlist
Suppress the cloud-provider-asn signal for specific ASN numbers. Useful if your legitimate traffic routes through AWS, GCP, or Azure infrastructure. Enter one ASN per line.
Webhook
Greyline will POST a signed JSON payload to this URL whenever an agent is detected above your score threshold. Leave blank to disable.
Signing secret — copy now, not shown again
Verify payloads by computing HMAC-SHA256(secret, body) and comparing to the X-Greyline-Signature header.
Trusted automation
IP addresses, CIDR ranges, or User-Agent prefixes that bypass all scoring. Use this to prevent false positives from your own CI/CD pipelines, monitoring agents, or internal tooling.
Your API key
Current plan
—
Sessions this month: —
Cancel, change payment method, or download invoices via Stripe.
Email address
Your API key authenticates your CNAME proxy and dashboard. Keep it secret.
—
New key generated — update your CNAME proxy and copy it above.
Regenerating immediately invalidates your current key. Update your DNS/proxy before regenerating.
Choose which emails you receive from Greyline. Cap warnings are always sent and cannot be disabled.
All emails also contain an unsubscribe link. Manage via email link →
Deleting your account immediately removes all sessions, signals, and configuration. This cannot be undone. Any active Stripe subscription will be cancelled.
Register operators that should pass through Greyline without scoring. They sign each request with an Ed25519 key you verify here.
Register a new operator
Fast-pass operators are reviewed before approval. Status: pending → approved → revoked. Once approved, the operator's signed requests bypass all scoring.
Add a CNAME record in your DNS provider pointing a subdomain at Greyline. All traffic to that subdomain will be proxied, scored, and forwarded to your real origin.
DNS record
| Type | Name | Target |
|---|---|---|
| CNAME | api | proxy.greyline.themeridianlab.com |
After adding the record, set your API origin in . Test with:
curl -A "python-requests/2.31.0" https://api.yourdomain.com
A bot-like User-Agent triggers the bouncer. Check Sessions to confirm the request was scored.
Pass
Score is low — request forwarded to your origin with no friction. No agent signal detected.
Interrogate
Score is moderate. Greyline engages the caller with "Dana" — a conversational bouncer persona. The agent must respond to multi-turn challenges. Real APIs don't talk back; agents do. Each turn burns the agent's tokens and time.
Tarpit
Score is high. Responses are deliberately slow and evasive — draining the attacker's compute budget without triggering errors they'd retry on. The request never reaches your origin.
Block
Score exceeds your threshold. Request is rejected immediately with a 403. Configure your threshold in Settings — default is 80.
Configure your strategy thresholds in . Confirmed agents are fingerprinted and shared across all Greyline deployments.
Your API key is used in two places:
1. Dashboard login
Paste your key on the login screen to access this dashboard. It is stored in your browser's localStorage.
2. Proxy authentication
The CNAME proxy uses your key to identify your account and apply your settings. It is configured automatically when you set up your CNAME.
Find and manage your key in . Regenerating your key immediately invalidates the old one — update your proxy before rotating.
Stuck on setup? Seeing unexpected results? Send us a message and we'll help you get sorted.
Or email us directly: support@themeridianlab.com