The Problem (Pain Level: 8/10)
“The AI agent sent emails, deleted files, and processed payments automatically… without any confirmation” - A new nightmare for companies adopting AI agents.
Current pain points:
- Loss of control: AI agents executing critical operations without approval
- No audit trail: Can’t trace which tools an agent called and why
- No rollback: Can’t undo dangerous operations already executed
- Compliance violations: Automation without human review causes regulatory issues
- Trust barrier: Psychological reluctance to deploy agents in critical workflows
Target Market
Primary Target: Companies adopting AI agents, SaaS startups, enterprise IT teams
Market Size:
- AI orchestration market: $30B+ by 2027 (CAGR 65%)
- 35% of enterprises allocating $5M+ budget for AI agents in 2026
- MCP SDK monthly downloads at 97M - steep technical adoption curve
- 25% of AI agent evaluators expected to move into higher-value roles by 2028
Pain Frequency: Control needs increase as agent automation grows
What is Preloop?
A Human-in-the-Loop proxy gateway positioned between AI agents and external tools.
Core Concept:
# Preloop policy configuration example
policies:
- name: "Email Sending Approval"
trigger:
tool: "send_email"
conditions:
- recipients: "external"
- contains_pii: true
action: "require_approval"
timeout: "30m"
- name: "Payment Processing Block"
trigger:
tool: "process_payment"
conditions:
- amount: ">$100"
action: "block_with_review"
- name: "File Deletion Alert"
trigger:
tool: "delete_file"
action: "notify_and_log"
Differentiation:
- MCP Native: Full Model Context Protocol standard support
- Policy-Based Control: Define approval conditions with declarative rules
- Real-Time Dashboard: Pending approvals, executed operations, blocked requests at a glance
- Audit Logging: Automatic recording and search of all agent activities
- Slack/Teams Integration: Approve/reject directly from messenger
Competitive Analysis
| Competitor | Features | Weakness |
|---|---|---|
| Peta Desk | Human approval workflows | Early stage, limited features |
| In-house | Full customization | Development cost, maintenance burden |
| None | Execute without approval | Security/compliance risks |
Opportunity: Absence of dedicated gateway solution based on MCP standard
Competition Intensity: LOW - Blue ocean market, first-mover opportunity
MVP Development
Timeline: 6-8 weeks
Tech Stack:
- Language: TypeScript/Node.js
- Framework: Fastify (high-performance proxy)
- MCP Integration: @anthropic/mcp-sdk
- Auth: OAuth 2.0 + RBAC
- Notifications: Slack/Teams Webhook
MVP Features:
- MCP proxy server (intercept tool calls)
- Policy engine (YAML-based rule definition)
- Approval queue and web dashboard
- Slack notifications and quick approval
- Basic audit logging
Future Features:
- ML-based anomaly detection
- Auto-approval learning
- Multi-agent session management
- SOC 2 / GDPR compliance reports
Revenue Model
Model: Subscription (B2B SaaS)
Pricing Structure:
- Starter ($49/mo): 5 agents, 1,000 requests/month, email notifications
- Pro ($149/mo): 25 agents, 10,000 requests/month, Slack integration, team approvals
- Enterprise (Custom): Unlimited, SSO, audit reports, SLA
Revenue Projections:
- 6 months: $5K-15K MRR (with early adopter traction)
- 12 months: $20K-50K MRR (with enterprise contracts)
Risk Analysis
| Risk | Level | Mitigation |
|---|---|---|
| Technical | LOW | MCP standard stabilized, well documented |
| Market | MEDIUM | Demand varies with agent adoption speed |
| Execution | MEDIUM | Security product requires reliability focus |
Key Risks: Major platforms (Anthropic, OpenAI) might provide this feature natively
Who Should Build This
- Developers with security/DevOps background
- Those with AI agent project experience who felt the need for control
- Experience in B2B SaaS sales and customer success
- Familiar with proxy/gateway architecture
- Domain knowledge in compliance and regulations
If you’re building this idea or have thoughts to share, drop a comment below!