Introduction

Sylo is a security gateway for AI agents running in sandboxes. It sits between your agents and the APIs they call — injecting credentials, enforcing policies, scanning for PII, and auditing every request.

The problem

When you run AI agents in sandboxes (E2B, Modal, Docker), they need API keys to call external services. But giving agents raw credentials is dangerous:

• Credential leakage — agents can log, exfiltrate, or accidentally expose keys
• Unauthorized access — agents can call APIs you didn’t intend
• No visibility — you can’t see what the agent is actually doing
• PII exposure — agents may send sensitive data to third-party APIs

How Sylo solves it

Sylo acts as a transparent proxy between the sandbox and the internet:

1. Your server creates a session with credentials and policies via the SDK
2. Sylo encrypts the credentials and stores them — they never enter the sandbox
3. The agent makes normal API calls (e.g., openai.ChatCompletion.create())
4. Sylo intercepts the request, replaces placeholder tokens with real credentials, checks policies, scans for PII, and forwards to the real API
5. Everything is logged — you can query the audit trail by tenant, user, domain, or policy decision

The agent never sees the real API keys. It doesn’t even know Sylo exists.

Key features

• Credential injection — AES-256-GCM encrypted at rest, injected per-request
• Policy enforcement — allow/deny by domain, method, path, with rate limiting
• PII scanning — detect and redact sensitive data before it leaves the sandbox
• Audit logging — every request logged with full context
• Two proxy modes — tunnel (bypass-proof) or HTTPS_PROXY (no iptables needed)
• Pass-through domains — skip interception for trusted APIs
• Shadow mode — test policies without enforcing them
• AWS SigV4 — sign AWS requests without exposing credentials
• Self-hosted — one docker compose up on your infrastructure

Next steps

• Quick Start — get up and running in 5 minutes
• How It Works — architecture and security model