1
Connect your coding tools
Install the Rye agent on developer machines. It sits between your AI coding tools and LLM providers, capturing every prompt and completion without changing your workflow.
Security for AI coding tools
Secure every AI prompt across your engineering team.
Rye sits between your developers' AI coding tools (Cursor, Windsurf, Claude Code) and LLM providers. Review every prompt, block secrets from leaking, enforce policies, and keep audit trails for compliance.
rye — acme-engzsh
~/acme $ rye status --workspace acme-eng
12 devs active · 3,841 prompts today
secret-scanning2 blocked
model-allowlistenforced
device-auth1 unregistered
tools: cursor (8) · claude-code (3) · windsurf (1)
~/acme $
⚡
<4ms
Policy eval latency
●
99.9%
Enforcement uptime
✗
14K+
Threats blocked last 30d
Architecture
One control plane between your AI tools and LLM providers
Rye proxies every request. Prompts are scanned, secrets are stripped, policies are enforced — then clean requests are forwarded to the model.
Cursor
AI-first code editor
Windsurf
Agentic IDE by Codeium
Claude Code
Anthropic's CLI coding agent
GitHub Copilot
AI pair programmer
rye.ai
Secret scanningPolicy engineThreat detectionDevice authAudit log
OpenAI
GPT-4o, o1
Anthropic
Claude 4, Haiku
Google AI
Gemini 2.5
Outputs
Alerts
Audit log
SIEM export
Webhooks
Live enforcement feedacme-eng workspace
Features
Security and visibility for AI-assisted development
See what your developers are prompting, stop sensitive code from reaching LLM providers, and maintain the audit trail your compliance team needs.
Prompt visibility
See every prompt your developers send
Full-text search across all AI coding interactions. Filter by developer, tool, model, repository, or risk score.
aws_secret
all toolslast 24h
●jchencursor → claude-42.3s
●mrodriguezclaude-code → claude-4SECRET
"…here's my config: AWS_SECRET_ACCESS_KEY=wJalr..."
●sleecursor → gpt-40.8s
Policy engine
Stop secrets and proprietary code from leaking
Block API keys, credentials, and sensitive source files from reaching LLM providers. Enforce model allow-lists and scope what each team can access.
prompt context — interceptedBLOCKED
1const client = new S3Client({
2 accessKeyId: "AKIA3EX...7QF"
3 secretKey: "wJalrXU...c8F"
4});
2 credentials redactedbefore forwarding to provider
Device authorization
Only approved machines talk to LLM providers
Register developer laptops and CI runners that can access AI coding tools. Revoke access instantly when someone leaves.
$ rye auth check
✓macbook-eng-042· cursorAUTHORIZED
✓macbook-eng-118· claude-codeAUTHORIZED
✗desktop-contract-017· windsurfREVOKED
Connection refused — desktop-contract-017 is not a registered device.
IP 203.0.113.42 · last seen Jan 15 · status: REVOKED
Audit trail
Compliance-ready logs, zero extra work
Every AI interaction logged with developer identity, device, tool, model, policy evaluation, and full prompt/response. Export to your SIEM or pull via API.
audit.log — real-time
SOC 2ISO 27001
14:03:22 ALLOW jchen cursor → claude-4
14:03:24 ALERT secret detected in prompt
└─ AWS_SECRET_ACCESS_KEY in context (line 42)
14:03:25 BLOCK policy:no_proprietary_code
└─ /src/core/billing.ts matched rule
14:03:27 ALLOW akim windsurf → gpt-4
How it works
Deployed in minutes. No workflow changes.
2
Set security policies
Define what developers can send to LLMs. Block secrets, credentials, and proprietary code from leaving your network. Set model allow-lists and token budgets per team.
3
Monitor, investigate, comply
See what every developer is prompting in real time. Trace code suggestions back to the original prompt. Export audit trails for SOC 2, ISO 27001, or incident response.
Your devs are already using AI. Now secure it.
Free for up to 1,000 requests per month. No credit card required. Installs in under five minutes.