The secure runtime for
AI agents in production.

Your agent runs in an isolated sandbox where every external action must pass through a capability proxy — which means unauthorized actions aren't just blocked, they're structurally impossible.

Deploy your first agent read the docs
8,000+
AI-related data breaches in H1 2025
Adversa AI
80%
of IT pros have seen agents act unexpectedly
SailPoint 2025
6%
of enterprises have an AI agent security strategy
Akto 2025
The problem

Your agent has the keys to everything.

Most AI agents run with unrestricted access — network, filesystem, shell, and every API credential. One prompt injection, one edge case, and there's nothing between the agent and your production systems.

Without Hull0
✕ Full network access
✕ Writable filesystem
✕ Shell execution
✕ Unrestricted API calls
✕ No action-level controls
✕ No data boundaries
Agent compromise = full system compromise
With Hull0
✓ Zero network by default
✓ No filesystem
✓ No shell, no SSH
✓ Proxy-enforced API calls
✓ Per-action enforcement
✓ Data taint tracking
Agent compromise = no impact
How it works

Six security layers, enforced by the runtime.

Get started

Deploy a secured agent in one command.

~/agents $ h0 deploy --marketplace openclaw/openclaw
Pulling openclaw/openclaw from marketplace
Provisioning hardened sandbox
Capability proxy started — 5 actions declared
Network isolated — zero external routes
Runtime attestation generated
Agent https://app.hull0.dev/a/openclaw-a7f3
Dashboard https://app.hull0.dev/a/openclaw-a7f3/settings
Use cases

Built for agents that touch the real world.

🏥

Healthcare

EHR access with data boundaries. PII never leaves the trust boundary.

🏦

Financial Services

Spending caps, rate limits, and mandatory human approval gates.

🛒

E-Commerce

Support agents that cannot leak PII or issue unauthorized refunds.

⚖️

Legal

Privileged document review with cross-matter leakage prevention.

🏛️

Government

CUI/classified data handling with immutable audit trails.

📦

Procurement

PO approval with spending ceilings and human-in-the-loop.

Marketplace

Open-source agents, hardened by default. COMING SOON

Every marketplace agent ships with a verified capability manifest. Deploy with one command.

featured
🐚
openclaw openclaw/openclaw
Personal AI assistant — email, calendar, shell, browser. Sandboxed.
152k+ starshardened
coming soon
🛠️
swe-agent princeton-nlp
Autonomous software engineering. Fixes GitHub issues in a sandbox.
13k+ starshardened
coming soon
🤖
auto-gpt significant-gravitas
Autonomous task agent. Web, files, API calls — all proxy-mediated.
167k+ starshardened
coming soon
Browse all agents →
Why now

The OpenClaw wake-up call.

February 2026

openclaw hit 152k GitHub stars in days. Then researchers found 1,900 exposed dashboards. SSH keys were extracted via prompt injection in under five minutes.

The root cause wasn't a bug — it was architecture. The agent had full access to the host with no limits on what a compromised agent could do. On Hull0, every one of those attacks is structurally impossible.

Pricing

Simple, transparent pricing.

All tiers include the full security runtime. No features gated behind paywalls.

Free

$0
forever
  • 1 agent
  • 256 MiB memory
  • Container sandbox
  • 60 req/min
  • 7-day audit logs
Get started free
popular

Personal

$19
per month
  • 3 agents
  • 1 GiB memory
  • MicroVM isolation
  • 300 req/min
  • 30-day audit logs
  • Approval workflows
Start Personal

Pro

$59
per month
  • 10 agents
  • 2 GiB memory
  • MicroVM isolation
  • 1,000 req/min
  • 90-day audit logs
  • 5 collaborators
Start Pro

Enterprise

Custom
contact us
  • Unlimited agents
  • Custom resources
  • Dedicated bare-metal
  • Custom rate limits
  • 365-day audit logs
  • SSO / SAML
Contact sales

Your agents should be secure by design,
not by luck.

Free tier. No credit card required.

Get started read the docs