Watch a prompt injection unfold
And see how D2 stops it cold.
User asks something innocent
Hidden poison in the data
LLM is tricked, calls malicious tool
D2 intercepts at execution time
Or block dangerous sequences entirely
Even if the domain was allowed, D2 can block emails after sensitive data is accessed.
The LLM was compromised. The tool call was blocked.
D2 doesn't try to fix the prompt. It controls what actually executes.
"We gave the agent database access. It was supposed to run reports.
It ran DELETE FROM users instead."
— Actual incident. Production database. Friday 5pm.
These aren't hypotheticals. AI agents with tool access are already causing damage. Prompt engineering can't stop it.
This is not another prompt library.
D2 isn't guardrails theater. It's execution-time control that actually stops tool calls.
Prompt-level "guardrails"
- ×Hope the LLM follows instructions
- ×Easily bypassed by prompt injection
- ×No enforcement at runtime
- ×Security checks scattered in code
D2 execution control
- ✓Blocks tool calls before they run
- ✓Immune to prompt injection
- ✓Deterministic policy enforcement
- ✓One guardrail point, consistent control
One decorator. Policy decides.
Stop scattering security checks. Wrap tools once. D2 enforces policy at runtime.
Without D2
Scattered checks, easy to miss
With D2
One decorator, policy enforced
Simple, Transparent Pricing
Start free with local mode. Scale to cloud for production with enterprise features.
Essentials
Per month
Pro
Per month
Enterprise
For large organizations
All plans include:
Your Control Center
View telemetry, edit policies, download events, and more.
Event Monitoring
Track every authorization decision in real-time
Analytics & Insights
Visualize patterns and performance metrics
Visual Policy Editor
Create and edit authorization policies easily
API Token Management
Manage tokens and authentication securely
Ready to Secure Your AI Agents?
Tell us about your use case and we'll help you get started.