⚡ Free & open source

Your AI agent can read files,
call APIs, and talk to the internet.
Is it allowed to?

Moat auto-detects your environment and generates a hardened security config for your self-hosted AI agents. Under 2 minutes. Zero YAML expertise needed.

↓ Download free Read the docs
Terminal
$ curl -O https://raw.githubusercontent.com/matsulinks/moat/main/setup.py
$ python3 setup.py --web
─────────────────────────────────────
Moat v0.1.0 — Security Setup Wizard
─────────────────────────────────────
Hardware : Raspberry Pi 5 (8 GB)
Docker : v29.2.1
Tailscale: installed
Falco : not installed
─────────────────────────────────────
Server running → http://localhost:8765
7
Security layers
0
pip installs needed
<2 min
From download to secured
1 file
Python stdlib only
The problem

Self-hosted agents are powerful
and unguarded by default

Frameworks give you powerful agents. They don't give you security. That gap is on you.

🗂️

Unrestricted file access

By default, your agent can read any file your OS user can. Passwords, SSH keys, dotfiles — all reachable.

🌐

Unconstrained network egress

A compromised agent can exfiltrate data to any server. Without egress filtering, you won't know until it's too late.

🔑

Secrets in environment variables

API keys in .env files. Any tool call the agent makes can read them. Leaked once, rotated forever.

🐳

Docker with root privileges

The default docker-compose runs as root with all capabilities. Container escape = full host compromise.

What Moat hardens

Seven independent security layers

Turn on only what you need. Each layer generates a drop-in config file — no manual YAML editing.

1

Network isolation

Tailscale ACL + iptables rules that block C2 callbacks and limit agent-to-agent traffic

✅ Recommended
2

Docker hardening

Drop-in docker-compose.yml: cap_drop ALL, read-only root, no-new-privileges, resource limits

✅ Recommended
3

Auth & access control

API key auth, IP allowlist, per-endpoint rate limiting, request logging

✅ Recommended
4

Secrets management

Self-hosted Infisical server for API keys — no more secrets in .env files

⚠️ Optional
5

Skill & prompt defense

Block dangerous skill categories. Optional LLM-as-Judge for ambiguous requests.

⚠️ Optional
6

Runtime least-privilege

Default-deny tool permissions. Every tool the agent can call is explicitly allowlisted per role.

✅ Recommended
7

Observability

Falco syscall monitoring + Prometheus alerts for anomaly detection

⚠️ Optional
How it works

Run once. Apply configs.
You're hardened.

Moat never installs anything automatically. It generates files — you stay in control.

1

Download & run

One curl command. Zero dependencies. Python stdlib only.

2

Auto-detect

Moat scans your hardware, OS, Docker version, Tailscale, and installed security tools.

3

Choose layers

Browser wizard or terminal UI. Moat recommends based on what it found.

4

Apply

Copy generated configs into place. Follow the included step-by-step guide.

Comparison

Not a sandbox. A moat.

Existing tools focus on sandboxing agent code execution. Moat hardens the host and network around the agent.

Capability microsandbox DIY YAML Moat
Sandboxes code execution
Docker hardening ⚠️ Manual
Network egress filtering ⚠️ Manual
Secrets management ⚠️ Manual
Restricts agent tool permissions ⚠️ Manual
Setup wizard for non-experts
Environment auto-detection
Compatibility

Works with your stack

Layers 1–4 are framework-agnostic. Layers 5–7 add framework-specific hardening where available.

🦅 OpenClaw
🦜 LangChain
🤖 AutoGen
⚙️ CrewAI
🦙 LlamaIndex
🐋 Any Docker agent

Secure your agent in 2 minutes

Free. No account. No server. Just a Python script and a browser.

↓ Download on GitHub Report an issue