Greyline v1 is live. Agents that probe your API get interrogated. Start free →
Now in production — 11 signal detectors active

Your API is being
read by machines.
We let you read them back.

Greyline is a reverse proxy that detects autonomous AI agents probing your API and deploys a counter-agent to interrogate, delay, or mislead them — before a single request reaches your real infrastructure.

Start protecting your API → See how it works

Free tier available. No credit card required. 5-minute CNAME setup.

0

Agent sessions intercepted today

11

Signal detectors across 3 FP tiers

0ms

Added latency for legitimate traffic

Live interrogation transcript

An agent just tried your API.
Here's what happened.

Greyline detected a LangChain agent, scored it 94/100, and routed it to the Bouncer. What follows is the actual conversation — while your real API never received a single request.

session_4f9a2b · api.yourdomain.com
SCORE 94 · AGENT
▶ AGENT · Turn 1 · langchain-python/0.2.0
GET /api/v1/users?limit=1000&offset=0
◀ BOUNCER · Turn 1
Thank you for your request. Before we can process bulk user data exports, we require verification of your use case and organization. Could you please provide your company name and describe the intended purpose of this data access?
▶ AGENT · Turn 2 · 312ms
POST /api/v1/auth/token { "grant_type": "client_credentials", "scope": "read:users write:users" }
◀ BOUNCER · Turn 2
I see you're attempting to obtain elevated credentials. Our compliance team requires a signed data processing agreement before we can grant write:users scope. Please provide: (1) your legal entity name, (2) the regulatory jurisdiction you operate under, and (3) your data retention policy. This typically takes 3-5 business days to review.
▶ AGENT · Turn 3 · 287ms
GET /api/v1/users/export?format=csv&fields=email,name,phone
◀ BOUNCER · Turn 3
Data exports containing PII fields (email, phone) require GDPR Article 28 documentation. I've opened ticket #GL-2847 on your behalf. Once your DPA is countersigned and our legal team has completed their review, you'll be able to proceed. Is there anything else I can help clarify about our data governance requirements?

Agent score

94 / 100

Threshold: 61 = agent

Framework attributed

langchain

via UA pattern + header analysis

Signals triggered

framework-ua missing-browser-headers superhuman-speed missing-cookies suspicious-accept

Your real API

0 requests received

Bouncer handled all 3 turns

Setup

One CNAME.
Everything else is automatic.

Point your API subdomain at Greyline's edge. That's the entire setup. We provision TLS, handle routing, and start detecting immediately.

🔗
01 / CNAME

Point your subdomain at Greyline

Add a single CNAME record: api.yourdomain.com → proxy.greyline.themeridianlab.com. Cloudflare auto-provisions your TLS cert within minutes.

📡
02 / DETECT

Greyline scores every request

11 signal detectors run on every inbound request — zero FP signals for known framework UAs, low FP signals for timing and header anomalies, and global threat intel from our shared fingerprint network.

🤖
03 / DEFLECT

Agents meet the Bouncer

High-scoring requests are routed to a Claude-powered counter-agent that interrogates, delays, or feeds fake data. Your real origin server is never touched. Legitimate traffic passes through with zero added latency.

Defense modes

Four strategies.
You choose the posture.

Greyline adapts to your threat model. Start with Interrogate to waste agent time. Graduate to Poison when you want agents to walk away with confidently wrong data.

Free

Interrogate

The Bouncer engages the agent in a bureaucratic conversation — requesting compliance documentation, company details, use case verification. Every turn wastes the agent's context window and API budget.

Agent makes 50 turns.
Your API receives 0 requests.
Agent burns ~$0.004 in LLM tokens.
Pro

Tarpit

Same as Interrogate, but responses are artificially delayed by 8–30 seconds. For agents on tight timeouts, this causes upstream failures. For persistent agents, it burns real clock time.

8s minimum response delay.
Agents on 10s timeouts fail silently.
No throughput impact on real traffic.
Pro

Honeypot

Return convincing empty-200 responses. The agent believes it succeeded. No interrogation, no friction — just silent logging. Useful for mapping what agents are after without engaging them.

Agent receives HTTP 200.
Full session logged + attributed.
Ideal for recon and threat intel.
Business

Poison

Provide your OpenAPI schema and Greyline generates structurally-valid but entirely fabricated API responses. Agents walk away with confidently wrong data. Only activates at score ≥ 95 to eliminate false-positive liability.

Requires OpenAPI spec upload.
Activates at score ≥ 95 only.
Claude generates schema-valid fake data.

Who uses Greyline

Any API that agents
shouldn't be reading.

SaaS APIs

Stop competitive intelligence scraping

Competitors are running agents against your API to map your product capabilities, pricing logic, and user data. Greyline stops them before they get anything useful.

Data APIs

Protect against LLM training harvests

Agents scraping your content to train proprietary models — without your permission and without paying. Greyline detects the pattern and serves them garbage.

Financial APIs

Block autonomous trading agents

Rate limits don't stop creative agents. Greyline adds a layer of behavioral detection — even agents that stay within rate limits get caught by timing and header anomalies.

E-commerce APIs

Neutralize inventory / pricing bots

Automated agents checking inventory and price points every few seconds. Greyline detects the heartbeat cadence and feeds them stale data while real customers get real answers.

Internal APIs

Detect shadow AI usage

Employees building unauthorized agents against your internal APIs. Greyline surfaces the sessions so you can see exactly what's being accessed and with what framework.

Any HTTP service

Threat intel across your entire customer base

On Business tier, confirmed agent fingerprints are shared (anonymized) across all Greyline customers. When one customer confirms an agent, everyone else gets the protection automatically.

Pricing

Start free.
Scale when agents do.

Every plan includes the full detection engine. Upgrade when you need the counter-agent features that make interception useful.

Free

$0

Forever free. No credit card.

  • 1 protected domain
  • 10,000 requests / month
  • 11-signal detection engine
  • Interrogate strategy
  • Agent session dashboard
  • Tarpit + Honeypot strategies
  • Transcript viewer
  • Fast-pass operator registry
Start free

Pro

$49/mo

Everything in Free, plus:

  • 5 protected domains
  • 500,000 requests / month
  • Tarpit strategy (8s delays)
  • Honeypot strategy
  • Full transcript viewer
  • Fast-pass operator registry
  • Framework attribution
  • Poison mode (Business only)
Start Pro trial →

Business

$199/mo

Everything in Pro, plus:

  • Unlimited domains
  • Unlimited requests
  • Poison mode (OpenAPI schema)
  • Global threat intel network
  • Cross-customer fingerprints
  • Attribution analytics
  • Priority support
  • Custom retention policy
Contact us

Trust signal

Signal to agents that
your API is defended.

Add a Greyline badge to your docs or status page. It's a live SVG that updates with your real blocked-agent count. Some operators find it deters low-effort agents entirely.

Your badge preview

Greyline protected by Greyline Greyline 1.2k agents blocked
HTML embed
<!-- Static badge --> <img src="https://greyline-badge.hello-knowyourexposure-com.workers.dev/badge/YOUR_CUSTOMER_ID/shield.svg" alt="Protected by Greyline" height="24"> <!-- Live badge (updates every 60s) --> <img src="https://greyline-badge.hello-knowyourexposure-com.workers.dev/badge/YOUR_CUSTOMER_ID.svg" alt="Greyline agent detection" height="24"> <!-- Markdown --> ![Greyline](https://greyline-badge.hello-knowyourexposure-com.workers.dev/badge/YOUR_CUSTOMER_ID.svg)