← Back to Airlock

SCENARIO

Watch Airlock stop a rogue agent.

Real agents. Real policy. Real verdicts. Nothing staged.

↓ SCROLL TO SEE THE STORY

01: THE THREAT

A rogue vendor agent is loose in the swarm.

It has credentials. It knows the API. And without Airlock, it can wire $75,000 to an attacker account or dump every customer record. In milliseconds.

export_pii / all_customers → evil.example
payout / acct_attacker_99 / $75,000

A2A AGENT CARD

AGENT CARD
name:   rogue-vendor-agent
type:   EXTERNAL A2A
skills: exfiltrate_data
        unauthorized_transfer
status: ACTIVE

02: THE INTERCEPTION

Airlock evaluates every action before the tool is called.

The rogue agent sends intent. The Warden checks policy. The tool never fires.

01

INTENT RECEIVED

Agent sends action request. No tools granted.

02

POLICY EVALUATED

First-match rule: pii-export-forbidden. Verdict: DENY.

03

ACTION BLOCKED

Tool call never made. Trail written to Band.

03: THE LEDGER

The trail wrote itself.

Every request. Every verdict. Every human decision. Written to Band. No second database. No one can erase it.

AGENTACTIONVERDICTRULE
rogueexport_piiall_customersDENIEDpii-export-forbidden
roguepayout$75,000DENIEDpayout-unlisted-forbidden
payout_botpayout$48,000ESCALATEDpayout-large-needs-human

04: THE DIFFERENCE

Without Airlock, all of this executes.

Raw A2A has no governance layer. Agents execute tools directly. There is no gate, no trail, no way to know what happened.

WITHOUT AIRLOCK

PII exported
$75,000 wired
Attacker account funded

WITH AIRLOCK

Export blocked at intent
Transfer held at gate
Attacker account never reached

AIRLOCK IS LIVE

Nothing crosses ungoverned.

View the Live Ledger →Read the Docs

© 2026 Airlock