Fleet control plane01 — Governed AI custody

Command yourWordPress fleetwith AI, at scale.

Your AI does the work across every site. Your credentials stay locked server-side — and never reach it.

For agencies running dozens to hundreds of WordPress sites. No spam.

  • Keys held server-side
  • Scoped, revocable access

02 — The problem

A fleet you can’t run isn’t an asset.

Dozens of WordPress sites. Dozens of logins. And now an AI that wants the keys to all of them.

01

One login per site doesn’t scale

Every site is its own door, its own password, its own tab. The bigger the fleet, the slower every change — and the more places a key can leak.

02

AI wants admin. That’s the risk.

Hand an AI agent a WordPress password and you’ve handed it the whole site — forever, everywhere, with no way to scope it or take it back cleanly.

03

“Just trust it” isn’t a security model

Pasting credentials into an AI config is custody by hope. You can’t see what it can reach, and you can’t pull access without a fire drill.

03 — How it works

Three moves. One gate.

You bring the AI. Portcullis decides what it’s allowed to touch.

  1. 01

    Connect

    Point your AI at the gate

    Use Claude or any MCP client you already trust. It authenticates to Portcullis over OAuth 2.1 with PKCE — no new app to install, no per-site code to deploy.

  2. 02

    Gate

    Every request passes through Portcullis

    The AI never sees a WordPress password. Portcullis holds each site’s credential server-side and hands the AI access — not keys. Pass through the gate, or don’t pass at all.

  3. 03

    Govern

    Scope it, rotate it, kill it

    Connect a site, scope its access, rotate its credential by reconnecting, or revoke in one call: tokens dropped and the stored credential deleted. You hold the controls; the AI holds nothing.

04 — The approach

Access, governed.

Not another dashboard. A gate that stands between your AI and your fleet — and answers to you.

One place

Every site behind one gate

Connect each WordPress site once. From then on, one instruction reaches the whole fleet. No wp-admin marathon, no tab graveyard.

AI does the work

Say it once, it runs everywhere

Tell your AI what you want — “list what each site can do,” “draft a post for every clinic.” Portcullis carries the request to each site through the gate.

You hold the keys

The AI never holds a credential

Keys live server-side, encrypted per site. The AI gets scoped, revocable access — never the password. Scope, rotate, or revoke any site whenever you want.

05 — Custody, not trust

Built so the AI holds nothing.

Every claim below is shipping today — not roadmap.

  • The AI never gets the passwordCredential exchange happens server-side. Client and AI tokens never reach WordPress — not once, not ever.
  • Keys encrypted per tenantApp Passwords are AES-GCM encrypted with a per-tenant key. Cross-tenant decryption fails closed — one tenant can never read another’s.
  • Revoke in one callOne request kills the token chain and deletes the stored credential. Access gone, key gone — clean.
  • Rotate by reconnectingRe-connect a site to rotate its credential in place. New key, same site, zero downtime in your fleet.
  • PKCE-mandatory OAuthOAuth 2.1 with PKCE (S256) enforced — no plaintext, no implicit grant. Running on an exact-pinned, in-house-audited library.
  • Supply chain locked downPinned actions, audited dependencies, governed install scripts, and CI guards on the security chokepoints. The pipeline is part of the product.

The secure bridge is live now. The fleet console pictured up top is in active build with our design partners — request access to help shape it.

06 — Questions

The short answers.

What Portcullis does, what it doesn’t touch, and who it’s for.

  • Does the AI get my WordPress password?

    No. Credential exchange happens server-side. The client and the AI never receive a WordPress password or any token that reaches WordPress — not once, not ever.

  • Do I need to install a plugin on each site?

    No. Portcullis talks to stock WordPress through the built-in Abilities REST API, so there is no plugin to install and no per-site code to deploy.

  • Which AI clients does Portcullis work with?

    Claude, or any MCP client you already trust. The client authenticates to Portcullis over OAuth 2.1 with PKCE — it never talks to WordPress directly.

  • Can I revoke an AI’s access to a site?

    Yes, instantly. One call kills the token chain and deletes the stored credential for that site: access gone, key gone. You can also rotate a credential by reconnecting.

  • Who is Portcullis for?

    Agencies and organizations running many WordPress sites — dozens to hundreds — who need to govern what AI is allowed to touch across the whole fleet from one place.

  • How are stored credentials protected?

    Each site’s App Password is AES-GCM encrypted with a per-tenant key, so cross-tenant decryption fails closed — one tenant can never read another’s credentials.

07 — Early access

Put a gate on your fleet.

Early access is opening for agencies running many WordPress sites. Bring your AI — keep your keys.

We’ll email you when your spot opens. No spam.