We build security tools that help developers work safely with AI assistants. From drift detection to config scanning to runtime firewalling, our products provide visibility and control over MCP-powered workflows.
| Layer | Tool | Purpose |
|---|---|---|
| DETECT | Bellwether | Structural drift detection for MCP servers |
| SCAN | Hardpoint | Rules File Backdoor detection in AI configs |
| CONTROL | Overwatch | AI Agent Firewall with tool shadowing detection |
Structural Drift Detection for MCP Servers
Detect when your MCP server's tools, schemas, or descriptions change. The check command provides zero-LLM structural validation that catches breaking changes before they reach production. The optional explore command adds LLM-powered multi-persona behavioral testing and AGENTS.md documentation.
# Initialize config and run structural drift detection
npx @dotsetlabs/bellwether init
bellwether check
# Save baseline and detect drift in CI/CD
bellwether baseline save
bellwether baseline compare --fail-on-drift
# Optional: LLM-powered behavioral exploration
bellwether explore| Feature | Description |
|---|---|
| Schema Validation | Zero-LLM detection of tool additions, removals, schema changes, and renames |
| Security Analysis | Detect SQL injection, XSS, path traversal, command injection, and SSRF vulnerabilities |
| Semantic Validation | Auto-infer and validate semantic types (dates, URLs, emails, IDs) |
| Performance Monitoring | Track response latency with confidence metrics and detect regressions |
| Multi-Persona Exploration | Optional LLM testing from 4 perspectives: Technical Writer, Security Tester, QA Engineer, Novice User |
| CI/CD Integration | Granular exit codes (0-5) for pipeline integration with --fail-on-drift |
| MCP Registry Search | Discover and test servers from the MCP Registry |
Core: check • explore • discover • watch • init • validate-config
Baseline: baseline save • baseline compare • baseline show • baseline diff • baseline accept
Advanced: golden save • golden compare • contract generate • contract validate • verify
Cloud: login • teams • link • projects • upload • history • diff • badge
Auth: auth add • auth remove • auth status • auth clear
- CONTRACT.md — Generated by
checkcommand with schema validation results - AGENTS.md — Generated by
explorecommand with behavioral documentation - JSON / JUnit XML / SARIF — For CI/CD and GitHub Code Scanning integration
The open-source CLI works standalone. The optional cloud platform adds:
- Baseline storage and version history
- Team collaboration with role-based access
- Webhook notifications
- Verification badges
The Rules File Backdoor Detector
Static security scanner for AI configuration files. Detects the Rules File Backdoor attack (24 CVEs in 2025) — where hidden malicious instructions lurk in .cursorrules, CLAUDE.md, and other AI config files.
# Install
go install github.com/dotsetlabs/hardpoint/cmd/hardpoint@latest
# Scan AI config files
hardpoint scan
# Trust verified configs with hash verification
hardpoint trust CLAUDE.md| Rule | Severity | Description |
|---|---|---|
| AI-008 | Critical | Semantic hijacking — hidden instructions in comments/structure |
| AI-005 | Critical | MCP command injection in server configurations |
| AI-004 | Medium | Base64 or otherwise encoded instructions |
| GIT-001–006 | Critical–Medium | Malicious hooks, credential exfiltration, suspicious remotes |
.cursorrules • CLAUDE.md • AGENTS.md • mcp.json • .github/copilot-instructions.md • .windsurfrules • .aider*
scan • trust • verify • hook
The AI Agent Firewall
Runtime security proxy for MCP. Protects AI development environments by detecting tool impersonation attacks (CVE-2025-6514) and enforcing policy-based access control.
# Install
npm install -g @dotsetlabs/overwatch
# Wrap any MCP server with security proxy
overwatch wrap npx @modelcontextprotocol/server-postgres
# Initialize configuration
overwatch init| Feature | Description |
|---|---|
| Tool Shadowing Detection | Cryptographic verification — schema hashing, collision detection, mutation monitoring |
| Policy Engine | Declarative YAML policies with allow/deny/prompt actions |
| Session Approvals | Time-limited grants: once, 5 minutes, or session-based |
| Path-Based Rules | Restrict filesystem access by glob patterns |
| Audit Logging | Complete trail with JSON, CEF export for SIEM integration |
wrap • start • init • doctor • logs • stats • sessions • policies
Claude Desktop • Cursor • Any MCP-compatible AI agent
Your data stays on your machine. Hardpoint and Overwatch are 100% local — no cloud, no telemetry, no account required. Bellwether's CLI works offline; the cloud platform is optional.
| Tool | Language | License | Cloud Required |
|---|---|---|---|
| Bellwether | TypeScript | MIT | Optional |
| Hardpoint | Go | MIT | No |
| Overwatch | TypeScript | MIT | No |
- dotsetlabs.com — Company Website
- bellwether.sh — Bellwether Product Site
- docs.bellwether.sh — Documentation
Built for developers working with AI.
Washington, D.C.