Bulwark FAQs

Question 1

What kind of policies can Bulwark enforce for AI agents?

Accepted Answer

Bulwark enforces robust policies using YAML-based rules. These policies can control which external tools agents can use, allow or deny specific actions (e.g., 'read_*', 'delete_*'), and can include glob patterns, scope-based precedence, and hot-reload capabilities for dynamic governance.

Question 2

Does Bulwark work with different types of AI agents and tools?

Accepted Answer

Yes, Bulwark is designed to be versatile. It supports various AI agents like Claude Code, Codex, and OpenClaw through MCP Gateway (stdio/HTTP) mode. For non-MCP agents, it can operate as an HTTP forward proxy, ensuring governance across a wide range of AI workflows and external APIs.

Question 3

How does Bulwark provide accountability and transparency for AI agent actions?

Accepted Answer

Bulwark ensures accountability through tamper-evident audit logging. Every agent action is recorded in a SQLite database with blake3 hash chains, providing a verifiable and unalterable record. This allows for detailed audit forensics, session timeline reconstruction, and policy testing against historical data.

Question 4

What is Bulwark and what problem does it solve for AI agents?

Accepted Answer

Bulwark is an open-source governance layer that sits between AI agents and external tools. It solves the problem of ungoverned AI agents by enforcing policies, securely managing credentials, inspecting content for risks, and maintaining a complete, tamper-evident audit trail of all actions.

Question 5

How does Bulwark secure sensitive information handled by AI agents?

Accepted Answer

Bulwark secures sensitive information in multiple ways: it injects credentials at the last mile, encrypted at rest, so agents never see real secrets. It also performs content inspection, scanning requests and responses for secrets, PII, and prompt injection, with options to block or redact content automatically.

Bulwark

Bulwark

Key Features

Use Cases

Key Features

Use Cases