macOS · Endpoint Security Framework

Guard your AI tools
from unauthorized callers

GuardDog intercepts every exec call at the OS level and blocks any app you haven't explicitly trusted from running your AI CLI tools.

Request Early Access See how it works
macOS 13+ · Apple Silicon & Intel
GuardDog — Activity Log
Protected Tools
🤖 claude
openai
🔮 gemini
Settings
⚙️ Policies
📋 Events
Recent Events — /usr/local/bin/claude LIVE
✓ allow claude Terminal.app just now
✓ allow claude Cursor.app 12s ago
✗ block claude com.unknown.agent 34s ago
✗ block claude sh (via cron) 1m ago
✓ allow claude VS Code.app 3m ago
The problem

Any process on your Mac can call
your AI CLI tools — by default

Once claude or any other AI CLI is installed, nothing stops a rogue script, a malicious package, or an automated agent from calling it on your behalf — silently, without your knowledge.

🕵️

Supply-chain scripts

A compromised npm package or shell script can exec your AI CLI and exfiltrate context, query sensitive APIs, or drain API quota without triggering obvious alerts.

🤖

Runaway agents

Agentic workflows can loop, branch, or escape their sandbox. Without execution controls, one badly-scoped agent can spawn thousands of unintended AI calls.

🔓

No OS-level enforcement

Prompt-level instructions and API keys are weak gates. They sit outside the operating system and can be bypassed by any process that can see your $PATH.

How it works

OS-level interception, zero latency

GuardDog uses Apple's Endpoint Security framework to sit inline on every exec syscall — before the process ever runs.

01

You define a policy

Add a CLI binary to GuardDog (e.g. /usr/local/bin/claude) and specify exactly which apps are allowed to call it — by bundle ID and code-signing identity.

02

Any exec attempt is intercepted

GuardDog's Endpoint Security extension receives an AUTH_EXEC event before the process starts. The kernel waits for GuardDog's verdict.

03

Identity is verified

The policy engine resolves the caller's bundle ID and Team ID from its code-signing certificate — not just its path or name, which can be spoofed.

04

Allow or block — instantly

Callers on your allowlist proceed normally. Everything else is denied before a single byte of the CLI runs. The decision is logged with full context.

Features

Everything you need to lock down
AI tool execution

🛡️

Kernel-level enforcement

Blocks execute at the macOS kernel boundary using the Endpoint Security framework — the same layer used by leading EDR products.

🔏

Code-signing identity matching

Allowlist entries are matched on Team ID and bundle ID from the caller's code signature — not spoofable process names or paths.

📋

Real-time activity log

Every exec attempt is logged with the target CLI, caller identity, verdict, and matched rule. Spot anomalies before they become incidents.

Zero-overhead allowpath

Trusted callers are evaluated in microseconds. GuardDog adds no measurable latency to your normal Terminal or IDE workflow.

🎛️

Native SwiftUI interface

Manage protected tools and allowlists through a clean, native macOS app — no configuration files, no CLI administration required.

🔌

Protect any CLI binary

GuardDog works with any executable — claude, openai, gemini, or custom internal tools. No code changes needed in the protected binary.

Security model

Block by default. Allow explicitly.

Caller Identity Verdict
Terminal.app com.apple.Terminal ✓ allow
Cursor.app com.todesktop.cursor ✓ allow
python3 (no bundle ID) ✗ block
unknown-agent unrecognized Team ID ✗ block
curl (via cron) not on allowlist ✗ block
🚫

Default deny

Once a CLI is protected, every caller not explicitly listed is blocked. You opt in to trust, not out of it.

🔑

Signing-identity verification

Matching on code-signing identity means an attacker can't bypass your allowlist by renaming a binary or faking a bundle ID at runtime.

🏠

Fully local — no cloud required

Policies are stored on-device. GuardDog never sends your rules, exec events, or identities to any external server.

🍎

Built on Apple's security stack

GuardDog runs as an Apple-notarized system extension with the Endpoint Security entitlement — the same mechanism used by leading security vendors.

Ready to guard your AI tools?

GuardDog is in early access for macOS. Join the waitlist to be notified when it's ready to install.

Join the waitlist View on GitHub