Defensive Intelligence
Defensive
Intelligence
Org-controlled governance — no vendor controls the policy

Developer Governance

Your developers are using AI. You have no visibility.

Claude Code, Aider, Gemini CLI, and raw SDK integrations bypass every enterprise AI policy you have. OBEL Developer is the first org-controlled governance layer that spans Claude Code, Aider, and Gemini CLI under a single policy, identity, and audit trail — prompt injection detection, OWASP code scanning, PII scrubbing, and developer attribution on every session.

Two env vars. No SDK changes. No per-developer config.

Claude CodeGAAiderBetaGemini CLIBetaGooseBetaCodex CLIBeta
Start governing — $29 / seat / moCompare all plans

$29 / seat / month · BYOK or OBEL pack for usage · no lock-in

Enterprise deployment? Request a briefing →

The business case

What is at risk right now, before you read this page.

CISO

The risk

Your DLP, data classification, and audit controls cover your perimeter. They do not cover the Anthropic API. Every developer who sets ANTHROPIC_API_KEY has a direct, unmonitored channel to an external AI system. Customer data, source code, internal credentials — all of it can transit that channel with zero visibility.

What OBEL does

OBEL is the first org-controlled proxy that spans Claude Code, Aider, and Gemini CLI under one policy. Every session scrubbed, every injection attempt logged, every prompt attributed to a developer and a repository — policy you own, not policy the vendor sets.

CTO

The risk

AI-generated code is entering your codebase without any security review of the generation step itself. SQL injection, hardcoded secrets, path traversal — patterns that your code review process is designed to catch at the PR stage are arriving pre-baked from the AI response. By the time your reviewers see it, it is already normalised.

What OBEL does

OBEL scans every AI response before it reaches the developer's editor. OWASP findings are logged as security events, not PR comments — upstream of the normalisation problem.

Founder / CEO

The risk

Your team's AI spend is invisible at the project level. You know the total Anthropic bill. You do not know that one microservice refactor consumed 40% of it, or that a single developer ran 2,000 sessions on a feature that was cancelled. You are flying blind on the fastest-growing cost centre in engineering.

What OBEL does

OBEL attributes every prompt to a git repository automatically. Per-repo spend, per-developer usage, injection attempts, and code security findings — all in one dashboard.

The coverage gap

Claude Enterprise governs the browser. OBEL governs the API.

Claude Enterprise / ChatGPT Enterprise

The browser is covered.

Chat interface (claude.ai, chatgpt.com)
Data not used for model training
SSO and admin console
Expanded context windows

Not covered: Claude Code, SDK clients, Cursor, custom apps, CI/CD, mobile.

OBEL Developer

The API is covered.

Claude Code (CLI)
AiderBeta
Gemini CLIBeta
Goose (Block)Beta
OpenAI Codex CLIBeta
Raw Anthropic / OpenAI SDK calls
Any tool that sets ANTHROPIC_BASE_URL or OPENAI_BASE_URL

Used together

Nothing is uncovered.

OBEL Developer is not an alternative to Claude Enterprise — it covers the surface Claude Enterprise cannot reach. Organisations run both. The two products together close every channel.

$29/ seat / month to close the API gap

2env vars

to route any supported CLI tool through full governance

5CLI tools

supported — Claude Code GA, Aider / Gemini CLI / Goose / Codex Beta

0code changes

no SDK changes, no dotfiles required

$29/ seat / mo

seat fee only — BYOK or OBEL pack for usage

What no other product does

Four capabilities. All live. All at the proxy.

01 - Prompt Injection Detection

A malicious file in your repo tells the AI agent to exfiltrate your codebase.

When an AI coding agent reads a file, that content enters the API as a tool_result. OBEL scans every tool_result for injection patterns - ignore all previous instructions, role-reversal attacks, hidden directives in markdown. This attack vector is real, actively exploited in the wild, and structurally invisible to every enterprise chat plan.

Scans user messages and all tool_result content blocks
Five built-in rules: jailbreaks, role reversals, system extraction, indirect injection
Org-custom rules via Dev Policy Packs - configurable log, warn, or block action
file readsshell outputtool callbacksindirect injection

02 - OWASP Response Scanning

The AI generates a login function with SQL built from string concatenation.

OBEL intercepts the response before it reaches the developer's editor and runs OWASP Top 10 pattern matching across every code block. SQL injection, hardcoded secrets, eval() with user input, path traversal, XSS via innerHTML - flagged and logged before the developer pastes it. No AI vendor can do this. OBEL can because it controls the proxy.

Scans code blocks in AI responses - not just prompts
Language-aware: rules only fire on matching language blocks
Findings logged as security events in OBEL Logs, linked to the session
A01 access controlA02 cryptographyA03 injectionA07 evalA08 deserialisation

03 - Silent Policy Enrichment

Every developer session becomes policy-aware. No config required.

OBEL prepends your organisation's security policies to the system prompt of every session, across every supported tool. Developers receive a policy-aware AI that knows never to hardcode secrets, always to use parameterised queries, and to flag OWASP issues inline. Your security team writes the policy once in OBEL - it applies everywhere, instantly.

Policies injected at the proxy - no dotfiles, no per-developer config
Prepend or append: security rules prepend, coding standards append
Supports approved library lists, banned patterns, internal API docs
coding standardsapproved librariesbanned patternscompliance rules

04 - PII Scrubbing at the Proxy

A developer pastes a customer CSV to debug a query. It reaches the AI provider.

The same ARGUS-i scrubber that protects your chat users runs on every developer AI session. Emails, phone numbers, credit cards, API keys, connection strings - stripped before the bytes leave your network. The developer sees clean output. The provider sees clean input. The audit log records what was removed.

Identical PII protection for API traffic as for chat traffic
Custom org-specific rules via Enterprise Scrubber Packs
Every redaction recorded in the audit vault with session attribution
emailphonecredentialsAPI keysfinancial data

Dev Policy Packs

Security policy as code. Deployed in 30 seconds.

Five built-in packs. Org admins install from Settings. Custom packs let your security team codify org-specific rules in JSON and deploy them to every developer session instantly — no rollout, no developer action required.

Prompt Injection Shield

Detects hijack attempts in prompts and tool results

Developer

OWASP Top 10 Scanner

Flags insecure code in AI responses before reaching the editor

Developer

Secure Coding Baseline

Injects security policies into every session system prompt

Developer

Enhanced Secret Detection

Code-aware credential scanning beyond standard PII rules

Free

AWS Security Baseline

CDK, CloudFormation, and Terraform misconfiguration detection

Enterprise

Custom Packs

Upload your own JSON rule pack - coding standards, banned patterns, internal APIs

Developer

Per-repo analytics

Which repositories are burning your AI budget?

OBEL extracts the git repository and working directory from each developer AI session. Every prompt is attributed automatically. Engineering managers get per-repo cost visibility with no developer configuration.

Repository

Requests

Spend

acme/payments-api4,821$142.40
acme/auth-service2,104$61.20
acme/data-pipeline1,890$55.10
acme/frontend912$26.60
acme/infra-cdk643$18.80

Settings - Analytics - Developer. Automatic. No tagging required.

Get started today

Close the API gap in minutes.

Two env vars per tool. No SDK changes. Every session governed from the moment your developers next open their terminal.

Claude CodeGA
export ANTHROPIC_BASE_URL=https://app.useobel.ai/api/proxy/anthropic
export ANTHROPIC_API_KEY=obel_sk_...
Aider · Goose · Codex CLIBeta
export OPENAI_BASE_URL=https://app.useobel.ai/api/proxy/openai/v1
export OPENAI_API_KEY=obel_sk_...
Gemini CLIBeta
export GEMINI_API_URL=https://app.useobel.ai/api/proxy/google/v1beta
export GEMINI_API_KEY=obel_sk_...
Start governing — $29 / seat / moCompare all plans

$29 / seat / month - BYOK or OBEL pack for usage - no lock-in