We build things
the right way
HardenLabs is an independent security engineering lab that builds focused tools for protecting modern software systems. Small team. Hard problems. Security infrastructure that actually works.
Products
What we're building
Our current products focus on security infrastructure for APIs and AI. This is where we started — it's not where we'll stop.
HardenAPI
API Security
Out-of-path ephemeral key rotation for API authentication. Never sits in your request path, never sees your data. Rotating TOTP, HMAC, and RSA keys keep your service-to-service communication locked down — even if credentials leak, they expire in seconds.
- Ephemeral keys rotate every 30 seconds
- Privacy-by-design — zero access to your traffic
- TOTP + HMAC + RSA signing in a single SDK
HardenMCP
AI Security
Secure the Model Context Protocol. As AI agents call external tools, HardenMCP prevents tool-poisoning attacks, verifies tool integrity with signed tool definitions, and ensures your AI workflows can't be hijacked by malicious tool servers.
- Tool-poisoning detection (TDS)
- Signed and verified tool calls
- Drop-in middleware for MCP servers
We're always working on what's next. These are our first products — not our last.
Principles
How we build
Every product we ship reflects these principles. They're non-negotiable.
We don't ship what we wouldn't use
If we wouldn't put it in front of our own infrastructure, it doesn't go out.
Respect people's data by default
Privacy isn't a feature toggle. We architect our systems so that collecting unnecessary data isn't just against policy — it's structurally impossible. If we don't need it, we don't touch it. That's a design constraint, not a marketing claim.
Disappear into the workflow
The best tools are the ones you forget are there. We obsess over the developer and user experience so our products integrate cleanly, stay out of your way, and just work. No friction, no ceremony, no twelve-step configuration wizards.
Values
What we value
These aren't aspirations. They're how we make decisions every day.
Correctness Over Speed
We don't ship something we know is wrong just to hit a date. Getting it right the first time is faster than fixing it three times later. We choose the correct approach, even when the easy one is right there.
Privacy by Default
We build products that respect the people who use them. Not "we promise we won't look at your data" — we architect systems so we structurally can't. Privacy is a design constraint, not a policy document.
Craft and Attention
Details matter. Error messages should be helpful. Defaults should be sensible. Edge cases should be handled. We sweat the small things because the small things are what people actually experience.
Developer Empathy
We build tools for people like us. That means we know when an API is annoying, when docs are insufficient, and when a config file has one too many options. If it's painful to use, we fix it — no matter how clever the implementation.
No Bloat
Every feature has a maintenance cost. We say no to most things so we can say yes to the right things. Our products do what they do well, and nothing more. No feature creep, no settings panels with 47 toggles.
Long-Term Thinking
We're not optimizing for the next quarter. We build software we plan to run for years. That means choosing boring technology where it matters, writing tests that actually catch regressions, and never taking on debt we wouldn't want to service.
Interested in what we're building?
Explore our products, read about how we think, or get in touch. We're a small team that actually reads every message.