← Back to projects

Watchtower

Watchtower scans your AI application for security vulnerabilities, tracks API spending across providers, and alerts you before costs spiral. Built for developers who ship AI features fast and need guardrails.

TypeScriptNode.jsClaude APIMCP
0 starsGitHub →

The Problem

AI applications have unique security and cost risks that traditional monitoring tools don't cover:

  • Prompt injection — malicious inputs that hijack your AI's behavior
  • Secret leakage — API keys and credentials exposed in prompts or responses
  • Cost explosions — a single runaway loop can burn through your monthly budget in hours
  • Header vulnerabilities — misconfigured security headers on AI-facing endpoints

What Watchtower Does

Security Scanning

  • Scans for hardcoded secrets and API keys
  • Audits HTTP security headers
  • Checks Supabase RLS policies
  • Reviews git history for accidentally committed credentials

Cost Monitoring

  • Tracks spending across AI providers (Anthropic, OpenAI, etc.)
  • Sets budget alerts and hard limits
  • Logs token usage per request with request IDs
  • Generates spending reports by time period

Integration

Watchtower runs as an MCP server, integrating directly into your development workflow. No separate dashboard to check — the alerts come to you.