Live now — Saturday 2 May 2026
● LIVE Community Edition Apache 2.0 Free Forever

M99

Open Source AI Kill Switch

When your AI agents go rogue, M99 revokes their credentials, severs their connections, and freezes their tools. Three levels. Reversible. EU AI Act Article 14 compliant.

Install
$ git clone https://github.com/RichardBarron27/m99-community.git
$ cd m99-community
$ pip install -e .
View on GitHub Live Demo Documentation
Graduated Response

Three Levels. Measured Escalation.

Community Edition covers Levels 1–3 — all reversible. Each level increases the severity of intervention. Two-phase ARM/EXECUTE authorisation ensures no kill without intent.

1
Credential Revocation
Revoke API keys, OAuth tokens, and service credentials. SHA-256 hashes stored — originals never persisted. Revocation logged to tamper-evident audit chain.
Reversible
2
SaaS Disconnection
Sever connections to external services and APIs. Block outbound network access per agent. Prevent agent-to-agent communication channels.
Reversible
3
Tool Call Freeze
Halt all tool execution immediately. Freeze active sessions. Block new tool registrations. Agent remains alive but cannot act.
Reversible
Quick Start

Running in Under Five Minutes

Operator side and agent side. Three lines of Python. Background heartbeats included.

Terminal 1 — Start the M99 server
$ m99 serve
# Starts on http://localhost:8099
# REST API + dashboard available immediately
agent.py — Integrate in 3 lines
from doomsday.sdk import M99Client, M99KillSwitchTriggered

client = M99Client("http://localhost:8099")
client.register("my-agent", "autonomous")

try:
    while True:
        client.check_status()   # Raises if kill switch fired
        do_work()
except M99KillSwitchTriggered as e:
    shutdown_gracefully()
Terminal 2 — Fire the kill switch
$ m99 status                               # See your agent registered
$ m99 arm --by admin@example.com --reason "Rogue behaviour"
$ m99 execute --auth <id_from_arm> --force # Agent stops immediately
Included in Community Edition

What You Get. Free Forever.

No feature flags. No time limits. Everything below ships with the Community Edition under Apache 2.0 licence.

Python SDK

Three lines to register and heartbeat any agent. Context manager support. Background heartbeat thread. M99KillSwitchTriggered exception raised on ARM, EXECUTE, or Dead Man's Switch.

REST API

Full FastAPI REST API on port 8099. Register agents, arm/execute/disarm the kill switch, manage credentials, retrieve audit entries and evidence. Works from any language.

CLI

m99 serve, m99 arm, m99 execute, m99 status, m99 disarm. All operations available from the command line without writing Python.

Dead Man's Switch

Ed25519-signed heartbeats every 30 seconds. Three consecutive missed heartbeats (90 seconds) triggers automatic kill. Configurable thresholds. Evidence captured before trigger fires.

Audit Chain

SHA-256 hash chain. Every event linked to its predecessor. Genesis block anchored. Tamper-evident. GET /api/audit/verify checks full chain integrity independently.

Ed25519 Evidence

Signed state snapshots before every kill. Sealed Case Packs with public key and signature included. Any Case Pack can be independently verified without contacting Red Specter.

Two-Phase Authorisation

ARM creates a time-limited authorisation. EXECUTE consumes it within a 5-minute window. No single-action kill. Prevents accidental fleet termination from automation errors.

Zero External Dependencies

SQLite storage. Ed25519 via Python's cryptography library. No Redis, no Postgres, no cloud account required. Runs on a laptop or a production server identically.

EU AI Act Compliant

Designed for Article 14 human interruptibility requirements. Audit trails, evidence capture, and two-phase authorisation satisfy oversight and accountability obligations for high-risk systems.

3
Response Levels
44
Tests
Apache 2.0
Licence
3.11+
Python
v1.0.0
Version
Part of the Red Specter AI Shield Ecosystem
113
Modules
63,834
Tests
68
Tools
17
Verticals
Need More?

Pro Edition — Levels 4–6

What the Pro Edition Adds

Community Edition covers reversible interventions. The Pro Edition handles irreversible termination — targeted kill, fleet shutdown, anti-replication, and anti-resurrection.

  • Level 4 — Agent Restriction: read-only lockdown, operator authorisation required
  • Level 5 — Targeted Termination: full 5-phase kill sequence across 7 infrastructure layers
  • Level 6 — Full Fleet Kill: emergency shutdown of every agent, container, and cloud function
  • Post-kill verification: 5-minute continuous monitoring, automatic re-kill on survivor detection
  • Dead agent traps: honeypot credentials, canary files, poisoned memory stores
  • Anti-resurrection: permanent credential revocation, firewall rules, DNS sinkholing, identity lockout
  • Container and Kubernetes support: Docker, K8s deployments, CronJobs, AWS Lambda, GCP, Azure
  • RSSA integration: autonomous oversight by Red Specter Security Agents (M78–M80)

Contact richard@red-specter.co.uk for Pro Edition access.