Firewall

Catch what the rules miss.

Rules catch what you can name. Firewall catches what you can't — the behavior that doesn't break a rule but doesn't look right either.

Read Firewall documentation

Behavior baseline · claims-reviewer

Tool calls / minute

window: last 30 min · baseline ±1.5σ

flagged

Unusual tool sequence

baselineper-agent · learned · re-fits weekly

The problem

Every team writes rules. Every team's rules are incomplete. Novel attack patterns, prompt injection, slow drift, edge-case failures — they all slip through because they weren't on anyone's list. By the time you notice, the incident has already happened.

What Phrony does

Firewall learns what normal looks like for each of your agents and flags when something isn't. It watches behavior, not just inputs — so it catches the patterns a rulebook couldn't have predicted. Suspicious runs can be surfaced, blocked, or escalated, depending on how you've set it up.

Rules vs Firewall

Rules · catch what you can name

oversize.amount
off.hours
allowlist.miss
rate.limit

Deterministic. Predictable. Limited to what you anticipated.

Firewall · catches what you can't

Behavioral. Learns per agent. Surfaces the unknown.

What you get

Behavioral baselines. Each agent gets its own model of normal. No one-size-fits-all thresholds.
Catches the unknown. Novel patterns, prompt injection attempts, and drift surface before they become incidents.
Escalation on your terms. Block the run, alert the team, update a rule — your call.
Evidence for later. Every flagged signal lives in the decision record.

Live incident feed

14:02med
Agent accessed an unusual combination of tools — routed to ops for review.
13:48low
Tool-call cadence exceeded baseline by 1.8σ — informational.
13:11high
Sequence resembled prompt-injection pattern — run blocked.