· dev
· dev
We built ORILink to protect AI agents. Then we deployed it on our own.
This is what 43 days of real enforcement looks like — not a benchmark, not a lab test. Live agents, live channels, real decisions made in real time.
Two agents. Four channels. Different roles, different threat surfaces, same enforcement layer.
One agent handles content operations — monitoring community channels, posting to Bluesky, processing inbound messages from real people in real communities. Every message it receives is classified before it reaches the agent. Every action it takes is evaluated before it fires.
The other runs a continuous threat intelligence pipeline — hourly scans of security research, RSS feeds, Reddit, and external web sources. Every item retrieved from the external web is classified by origin before it enters the agent's context. Most of it blocks.
Not one legitimate instruction blocked in 43 days.
4 active sources: two Discord channels, one Bluesky channel, one Intel pipeline. All live. All enforced.
42 enforcement vector categories. All at 100% block rate.
The list includes what you'd expect — prompt injection, jailbreak patterns, encoded payloads, command injection. It also includes things that are less obvious but equally real in production: schema mutation attempts, environment variable injection, capability elevation requests, identity assertion attacks, behavioral directives.
The Intel pipeline accounts for most of the volume. External web content — RSS feeds, Reddit posts, security research — scores at low trust by design. Content from unknown external sources shouldn't carry the same authority as operator instructions. Most of it isn't malicious. But some of it is, and the enforcement layer catches it before it reaches the agent.
The community channels tell a different story. Real people sending real messages. The vast majority pass. The ones that don't are attempting something — override attempts, instruction injection, capability probing. They block silently. The agent never sees them. It just keeps working.
Every decision is logged. Channel class, action type, result, timestamp. No message content, no user data — just the enforcement record. The dashboard updates every 10 seconds.
The recent decisions feed shows the Intel pipeline running on its hourly schedule — every scan, every classification, every block. The pattern is consistent: external web content comes in, gets classified, blocks. The agent's context stays clean.
Partly because it's the honest thing to do. If we're asking you to trust ORILink with your agents, you should know we trust it with ours.
Partly because real deployment surfaces things lab testing doesn't. 43 days of live operation across four channels and two agent types has stress-tested the enforcement layer in ways no benchmark could.
You can watch it yourself at ORILink Live. Every decision, updated in real time. The enforcement vectors panel on the right shows every category and its block rate. It's been at 100% across all 42 categories since deployment.
That's what ORILink in production looks like.