Shlumi detects and blocks AI agents across browsers, MCP servers, and API edges — scoring every request, enforcing agent policies, and feeding your SIEM in real time.
No credit card required · 1,000 sessions free every month
AI agents don't just hit browsers. They connect via MCP, call your APIs directly, and run at the edge. Shlumi covers all three.
Embed a single script tag. Detects Claude, GPT-Operator, Playwright, Puppeteer, Selenium, and 30+ automation signals before the page loads.
Register your MCP server and call /api/mcp/detect from your middleware. Analyzes JSON-RPC patterns, tool call frequency, and agent identity headers.
Deploy as a Cloudflare Worker, Vercel Edge function, Express middleware, or Nginx module. Blocks agents before requests reach your origin server.
From detection to enforcement to governance — Shlumi is the complete platform for organizations deploying or defending against AI agents.
Detect navigator.webdriver, CDP leaks, Playwright globals, Claude extension signals, and 30+ browser automation markers in real time.
Detect AI agents connecting to your Model Context Protocol servers. Analyze JSON-RPC patterns, tool call frequency, and agent headers.
Deploy detection logic as a Cloudflare Worker, Vercel Edge function, or Express middleware — blocking agents before they reach your origin.
Register internal AI agents with signed tokens. Set Allow, Throttle, or Monitor policies per agent — so your own automation is never blocked.
Apply per-agent-type, per-verdict, or per-IP rate limits. Throttle unverified agents to 10 req/min while allowing verified agents unlimited access.
Pre-built connectors for Splunk, Datadog, PagerDuty, and Slack. Feed detection events into your existing security workflows in real time.
Define custom rules to block, challenge, flag, or throttle sessions based on score thresholds, specific signals, or verdict types.
Every session is enriched with country, ASN, and datacenter/VPN/Tor flags automatically — no extra configuration required.
Create organizations, invite teammates, and manage per-project access control. Every project's data is fully isolated — no cross-tenant leakage.
Three steps from integration to real-time enforcement — works the same whether you're protecting a browser, an MCP server, or an API edge.
Embed a JS snippet on your website, register an MCP server endpoint, or deploy the Cloudflare Worker — all three paths converge at the same detection engine.
<!-- Browser protection -->
<script src="https://www.shlumi.com/agentshield.js"
data-key="as_live_your_api_key">
</script>
// MCP server protection
POST https://www.shlumi.com/api/mcp/detect
{ "mcpServerKey": "mcp_your_key", "toolName": "read_file", ... }Each request is analyzed against 30+ detection signals, checked against your Agent Policy allow-list, and evaluated against your rate limit rules.
// Detection response
{
"action": "block",
"verdict": "bot",
"score": 94,
"agentType": "claude",
"verified": false,
"rateLimitHit": false,
"signals": ["webdriver", "cdp_leak", "claude_extension"]
}Your middleware enforces the verdict. Simultaneously, Shlumi fires your configured SIEM connectors — Splunk, Datadog, PagerDuty, or Slack — with the full event payload.
// Server-side enforcement
const { action, verdict, score } = await res.json();
if (action === 'block') return res.status(403).end();
if (action === 'throttle') applyRateLimit(req);
// Automatic SIEM delivery
→ Slack: "Bot blocked: claude (score 94)"
→ Datadog: event tagged agent:claude, verdict:botRegister your internal AI agents with cryptographic tokens. Set per-agent policies — Allow, Throttle, or Monitor — so your own Claude instance, internal automation, or partner integrations are never accidentally blocked.
Pre-built connectors for the tools your security team already uses. No custom webhook formatting required.
Create an organization, invite teammates, and manage per-project access control. Every project's data is fully isolated — no cross-tenant leakage, ever.
Start free. Scale as you grow.
For personal projects and experimentation.
For production websites and growing teams.
For high-traffic sites and security teams.
Join security teams using Shlumi to detect and govern AI agents across browsers, MCP servers, and API edges — before they scrape your content, abuse your APIs, or bypass your paywalls.
No credit card required · 1,000 sessions free every month