AI Pulse
← Business Ideas · Project: Agent PII Sentinel

A drop-in PII firewall for Python web agents that blocks sensitive data exfiltration before it leaves the machine

Customer: Solo developer or two-person team building browser-automation products (job-apply bots, AI assistants that book appointments, RPA tools) who have paying users and are starting to worry about liability if the agent leaks a user’s SSN or credit card to a phishing-style redirect

Problem: When an autonomous Playwright/Selenium agent fills forms or follows multi-step instructions, a malicious or misconfigured site can prompt it to POST the user’s real credentials, address, or payment data to an attacker-controlled endpoint — and the developer has no visibility or control layer between the agent and the network

Pricing: saas-mrr — $800 MRR in 4 months (16 teams × $49/mo solo tier)

Why now

New empirical research (2025-2026) quantifies PII extraction rates in agentic pipelines and is being widely shared in the indie AI/security community. Founders shipping agent products are suddenly aware of the risk and actively Googling for a solution — but no drop-in OSS tool exists yet. The window before a well-funded startup claims this space is ~6 months.

Go-to-market

  1. Publish a free open-core version on PyPI (‘pip install pii-sentinel’) with spaCy redaction and mitmproxy integration — write one honest benchmark post on Hacker News showing real PII extraction rates on 10 popular sites with and without the proxy
  2. Post a 4-minute Loom in r/LocalLLaMA, r/MachineLearning, and the Playwright Discord showing the proxy intercepting a simulated social-engineering attack mid-session — link to the GitHub repo and a $49/mo hosted dashboard waitlist
  3. DM the top 30 GitHub repos tagged ‘browser-agent’ or ‘web-automation’ on GitHub (sorted by recent commits) with a personal note offering free early access in exchange for feedback and a testimonial
  4. Gate the hosted cloud dashboard (audit logs, per-field redaction rules, team seats) behind the paid tier — keep the core proxy MIT-licensed so security-conscious devs trust it enough to put it in their critical path

Moat (or lack thereof)

No real moat. The core spaCy + mitmproxy combination can be replicated in a weekend. The only defensibility is (a) being first to own the PyPI namespace and the HN mindshare, (b) accumulating a curated regex/NER ruleset tuned specifically for agentic traffic patterns that improves over time, and (c) switching cost once teams bake the proxy into their CI. Assume a better-funded competitor ships something similar within 12 months — the goal is to reach $2-3k MRR and sell or fold into a larger agent-infra product before that happens.