Network-level control that restricts which external domains an AI agent can communicate with, preventing data exfiltration.
Egress filtering is a firewall for your AI agent. It controls outbound network traffic — which external services the agent can reach. Without it, a compromised agent could send your data to any server on the internet.
With egress filtering, you define an allowlist of approved domains. The agent can reach api.anthropic.com (for LLM calls), api.stripe.com (for payment lookups), and nothing else. Any attempt to reach an unapproved domain is blocked and logged.
Egress filtering prevents the worst-case scenario: data exfiltration. Even if an agent is compromised via prompt injection, it cannot send your data to an external server because the network blocks it.
Clawctl enforces domain-level egress filtering per agent. Default allowlist includes your LLM provider. Add domains as needed. Every blocked request is logged in the audit trail.
Try Clawctl — 60 Second DeployYour configured LLM provider (api.anthropic.com, api.openai.com, etc.) and any MCP server domains you connect.
The request is blocked and logged. The agent receives an error and cannot access the domain.
Yes. Add any domain to the allowlist through the Clawctl dashboard or CLI.
Data Exfiltration
The unauthorized transfer of data from an AI agent to an external destination, typically through prompt injection, malicious tool use, or compromised integrations.
Network Policy
Rules that define which network connections an AI agent can make — inbound and outbound — at the container or cluster level.
Agent Isolation
The separation of AI agents into isolated environments so that one compromised agent cannot affect others.
Prompt Injection
An attack where malicious input manipulates an AI agent into ignoring its instructions and performing unintended actions.