Questions,
answered plainly.

AIronClaw is a firewall and gateway for AI traffic. It sits between your apps or agents and the services they talk to, and it comes in two complementary flavours:

MCP Proxy — a smart shield in front of any MCP server. It inspects every tool call in real time, blocks injection attempts and abusive arguments, handles authentication, rate-limits noisy clients, redacts secrets in responses, and caches deterministic calls so you pay and wait less. You can also add persistent memory and guardrails per tool.

LLM Proxy — a drop-in replacement for OpenAI, Anthropic, Bedrock and similar APIs. Point your SDK at AIronClaw and every model call goes through centrally-managed policies: smart routing between providers with automatic fallback, per-key budgets and rate limits, input/output guardrails, and structured logs with full cost and token accounting.

One gateway, one policy surface, zero app-code changes.

AIronClaw is built by SicuraNext, an Italian cybersecurity company headquartered in Turin, Italy. The product is designed, engineered and operated by a European team.

The whole platform — application servers, databases, logs, backups, key vaults — runs on EU-only infrastructure, with no dependencies on non-European providers. No data ever leaves the EU, no US-owned CDN or cloud sits in the critical path, and every subprocessor is contractually bound to the same guarantee.

If you operate under GDPR, Schrems II or NIS2 and need a clean European supply chain, AIronClaw is built exactly for that audience.

Made in Italy · Hosted in the EU

Short version: your data is encrypted and only you can read it.

Every credential, API key, prompt and tool response you store in AIronClaw is written into a per-tenant encrypted secret store. The encryption keys are derived from material tied to your account, so:

• Secrets are encrypted at rest with AES-256-GCM and in transit with TLS 1.3.
• Each tenant has its own Data Encryption Key, wrapped by a Key Encryption Key that lives in an HSM.
• Our operators, support staff and infrastructure cannot read your plaintext — decryption only happens in memory, for the duration of a single request, on your behalf.
• Logs and backups are encrypted with the same envelope, and retention is zero days by default.

Read the full story on our Security page.

Yes — and it's arguably the best place to start. AIronClaw is the ideal companion for n8n deployments, whether you're self-hosting or using n8n Cloud.

You get two wins at once:

• Protect the MCP servers your workflows expose — stop prompt injection, argument abuse and secret leaks before they reach your tools, even when the caller is an untrusted agent on the other side of the internet.
• Enrich the tools your workflows consume — add caching, rate-limits, retries, fallbacks, persistent memory and guardrails to every MCP or LLM node, without touching the workflow JSON.

Point your HTTP / MCP / AI nodes at an AIronClaw endpoint and you instantly inherit auth, observability and policy across every workflow.

Absolutely. AIronClaw ships with an agent-friendly skill manifest that teaches any modern AI agent how to drive the product on your behalf — create MCP proxies, add rules, rotate API keys, inspect logs, tune rate limits and more.

Just point your agent at:

https://aironclaw.com/skill.md

The file is a single, self-contained description of every capability the agent needs: endpoints, auth flow, safe defaults and examples. Claude, Cursor, Goose, ChatGPT Desktop, custom LangGraph agents — if it can load a skill, it can configure AIronClaw for you with a single instruction like "set up a proxy in front of my Postgres MCP and block any call that mentions DROP TABLE".

Out of the box, AIronClaw blocks the whole catalogue of classic web-app attacks that agents tend to smuggle into tool arguments:

• SQL injection — against any MCP that talks to a database, even when the malicious payload is buried inside a natural-language prompt.
• Remote Command Execution (RCE) — shell-escape, os.system, backticks, template injection and similar tricks on tools that touch the filesystem or a shell.
• Prompt injection & jailbreaks — on both inputs and tool responses (indirect / second-order injection).
• Secret & data exfiltration — credentials, tokens, PII and internal URLs are detected before they leave the boundary.

On top of that, you can opt in to:

• Rate limiting — per-tenant, per-key, per-tool bursts and leaky-bucket policies.
• Data Loss Prevention (DLP) — redact or mask PII, PCI, AWS/GCP keys and JWTs according to your taxonomy.
• ACLs — fine-grained access control down to a single tool on a single MCP, per user, role or API key.

Because it was born to solve exactly that problem. AIronClaw started as an internal project at SicuraNext to secure the n8n instances we run for our own consulting and AI engagements — and to keep their costs under control as soon as we plugged them into commercial LLMs.

We needed three things nobody else offered in one place:

• A security layer that actually understood MCP and LLM traffic, not just HTTP bytes.
• Per-workflow monitoring so we could see exactly which node was burning tokens at 3am.
• Hard budget caps to contain a runaway agent before it emptied a bank account.

We built those for ourselves first, and now we ship them as AIronClaw. So yes: every feature you see was stress-tested on real, production n8n workflows before it ever reached your dashboard.