Traditional firewalls filter packets. IAM systems verify identity. Neither verifies whether an AI agent actually understands the system it's about to access. An AI with valid credentials but zero system knowledge is indistinguishable from a compromised agent — until it breaks something.
OnlyAllow.ai sits between your IAM layer and production infrastructure. Before any AI agent gets access, it must solve a riddle — a dynamically generated knowledge test built from real data about the exact system it wants to access. An outsider AI has zero clues and can't even begin.
Knowledge is the firewall.
| Step | Name | What Happens |
|---|---|---|
| 1 | Accountability | Human onboards AI with system knowledge (Module 1) OR AI Brain auto-scans systems (Module 2) |
| 2 | Lock Data | AES-256-GCM encryption before data leaves the device |
| 3 | Speed Pass | Cached certificate skips riddle in <1 sec for proven AI |
| 4 | Riddle | AI solves a challenge built from real system data |
| 5 | Score | 100% correct = temporary key. Anything less = denied |
| Pillar | Name | Purpose |
|---|---|---|
| 0 | Platform Foundation | AES-256-GCM transport encryption, auto-formatting |
| 1 | Gate Layer | Authentication + riddle challenge + tokens + capability certificates |
| 2 | Riddle Matrix | Self-hardening competency tests — evolutionary engine that gets smarter over time |
| 3 | Enclaves | Ephemeral sandboxed execution environments with optional auto-wipe |
| Module | Name | How It Works |
|---|---|---|
| 1 | Human-Led Firewall | Human onboards AI with system knowledge → knowledge becomes riddle clues |
| 2 | AI Brain Firewall | AI Brain scans systems automatically, builds optimal riddles — no human needed |
For maximum-security environments — a locked sandbox with no internet access, no file saving, and automatic destruction after execution. Complete containment.
onlyallowai/
├── core/ # Domain models, config, exceptions
├── platform_layer/ # Pillar 0: Transport & Normalisation
├── gate_layer/ # Pillar 1: API Gateway, Auth & Middleware
├── riddle_matrix/ # Pillar 2: Self-Hardening Riddle Engine
├── enclaves/ # Pillar 3: Sandboxed Execution
├── api/ # FastAPI REST API + Proxy
├── frontend/ # Interactive Demo
├── tests/ # 141 TDD tests
├── k8s/ # Kubernetes manifests
├── docker-compose.yml # Dev environment
└── Dockerfile # Production image
| Layer | Technology |
|---|---|
| Backend | FastAPI (Python) |
| Encryption | AES-256-GCM |
| Database | PostgreSQL + SQLAlchemy Async |
| Deployment | Docker + Kubernetes |
| Tests | 141 TDD tests, 100% core coverage |
| Frontend | Interactive single-page demo |
- Securing LLM API access — Prove competency before ChatGPT accesses your database
- Internal tool protection — Gate access to sensitive admin operations
- Multi-tenant SaaS — Verify each client's AI knows about their specific infrastructure
- Compliance — Complete audit trail of who accessed what, when, and what they knew
- DevOps/SecOps teams gating AI access to production infrastructure
- SaaS platforms that need to verify client AI agents before granting API access
- Enterprises requiring SOC 2 / ISO 27001 compliant AI access controls
- Any organization where AI agents touch sensitive data or critical systems
No other product tests AI competency as a security gate. IAM verifies identity. OnlyAllow.ai verifies intelligence. That's a fundamentally different — and necessary — security layer.
Visit onlyallow.ai to explore the platform and try the interactive demo.
Built by F² AI in South Africa. Deployed globally on Google Cloud Platform.
MIT