Announcing an early preview release of LeakSignal on Fastly!

Announcing an early preview release of LeakSignal on Fastly!

  1. Tell us who you are and what you’ve built!

We’re LeakSignal and we’ve built a rust-based L4-7 traffic analysis module (LeakSignal on Fastly) that deploys as WASM on Fastly compute (or natively to Envoy and nginx). This module classifies sensitive data both on the inbound request and outbound response, allowing organizations to govern how much and what type of sensitive data is flowing out of their production services and APIs.

  1. What problem are you solving?

Today, organizations have little to no visibility into the sensitive data that is being accessed and handled by production services. LeakSignal brings I/O engineering to microservices (and now Fastly’s edge) allowing for complete data flow visibility, governance and mitigation of sensitive data leakage. I/O engineering has recently emerged as a way to protect LLMs but can be applied to any production service for other needs around rate limiting based on data access, etc.

  1. Who are the ideal users for this product?

Any regulated organization or those concerned with sensitive data as it flows through Fastly. Gaining visibility is the first step, rules for redaction and mitigation can be enabled afterwards. We make all of this simple and easy.

  1. How are you using Fastly within the product?

We deploy to Fastly’s WASM compute environment to enable data flow monitoring and data leak mitigation.

  1. How can people get started right now, and what’s a good “hello world” example?

Signup here: LeakSignal

Reach out to someone at LeakSignal or reply to this thread and we’ll help you get started.

  1. Where can people learn more?

LeakSignal docs

  1. Do you have any screenshots, gifs, or videos?

(LeakFastly demo)

  1. Anything else?

Everything’s free. We’re proudly an early-stage startup, and we’re excited to be pioneering a new approach to data security. We believe that data in-transit classification and WASM are the way forward and we’re getting an early jump on leveraging Fastly’s WASM compute environment to solve complex data security problems.
When processing traffic, our first pass of inline matchers utlize regex and native computations that limit performance impact. Matchers operate at the microsecond level and multiple can be applied while keeping total performance impact < 1ms.
The second pass on traffic (with LeakSignal’s commercial product) is more advanced and reduces false positives to near zero.


Hey @Wesley this is super cool, and thanks for sharing! I love the approach that you’re taking as a way to monitor data flowing out of a core system – it pairs really well with the tooling around stoping questionable activity form getting in.