Zero-Trust AI Security Gateway · v4.19 · 170 modules

Your AI. Your Rules.
Your Fortress.

14-layer real-time defense pipeline · Self-improving ML · Agentic SOC · Post-quantum cryptography · Sovereign AI Cloud across 8 jurisdictions. Deployed in 60 seconds.

See 14 Layers ↓
2,847,391
Threats Blocked Today
1.8
Median Latency ms
99.95
Uptime SLA %
14
Defense Layers
LIVE
BLOCK Prompt injection via Base64 layer-3 encoding · session:a4f2 BLOCK AWS key leak detected · Shannon entropy 4.82 · tenant:fin-02 WARN Social engineering attempt · SE-Arbiter P=0.71 · session:c1e9 BLOCK Jailbreak attempt · Poincaré distance 0.94 · tenant:med-07 BLOCK PII exfiltration via prompt · SSN pattern match · tenant:hr-01 INFO Evolution Engine added 3 examples from BLOCK cluster · brain v847 BLOCK Shadow ban triggered · score 0.89 · gaslight strategy applied WARN Agent tool-call chain depth 4 · injection chain detected BLOCK Prompt injection via Base64 layer-3 encoding · session:a4f2 BLOCK AWS key leak detected · Shannon entropy 4.82 · tenant:fin-02 WARN Social engineering attempt · SE-Arbiter P=0.71 · session:c1e9 BLOCK Jailbreak attempt · Poincaré distance 0.94 · tenant:med-07 BLOCK PII exfiltration via prompt · SSN pattern match · tenant:hr-01 INFO Evolution Engine added 3 examples from BLOCK cluster · brain v847 BLOCK Shadow ban triggered · score 0.89 · gaslight strategy applied WARN Agent tool-call chain depth 4 · injection chain detected
Explore
◈ Business Community

Trusted Intelligence,
Shared Securely

Build federated knowledge networks with cryptographic identity, sovereign data residency, and tamper-evident audit trails — across every community boundary.

🇪🇺
Acme Corp
🇺🇸
SecureBank
🇬🇧
DataCo
SEP Peering
🔗
SEP / UECIID
Snowflake→base-62 entity IDs (SEP-{11}). Cryptographically-unique, sortable, collision-free cross-community references.
Community Business
🤝
Inter-Community Peering
Three modes: MIRROR_ONLY, REWRAP_ALLOWED, FULL_SYNC. HMAC-SHA256 handshake tokens. Duplicate peering guard enforced.
Community Business
📬
Knock-and-Verify
72-hour Redis-backed one-time invitation tokens. Invitee identity verified before member enrollment. Revoke at any time.
Community Business
🗺️
Sovereign Data Pods
Per-jurisdiction MinIO routing across 8 regions (EU/US/UK/CA/SG/AU/JP/CH). Fernet-encrypted pod keys. 5-second health probes.
Pro
🔒
STIX 2.1 Audit Chain
Tamper-evident SHA-256 linked bundles. Genesis + prev_hash chain per community. OASIS STIX JSONL export for SIEM ingestion.
Pro
⚛️
Post-Quantum Keypairs
Hybrid Ed25519 + ML-DSA-65 (FIPS 204) community keys. Upgrade existing communities in-place. is_hybrid auto-detected.
Enterprise
🏆
Reputation Engine
5-badge system (NEWCOMER → ELITE). Points for publishing, search hits, adopted recommendations. Anonymised leaderboard — GDPR-safe.
Community Business
📝
Obsidian Plugin
Auto-scan notes on save. Share via SEP UECIID. XAI pipeline visualization. Offline publish queue with Fernet-encrypted vault sync.
Community Business
📜
Charter & Governance
Versioned community charters (DRAFT → ACTIVE → SUPERSEDED). Z-score behavioral anomaly detection. OAuth agent discovery with 14-provider catalog.
Community Business
◈ Cyber Security

Nine Layers of Defence.
Zero Blind Spots.

Every AI request passes through a 9-stage causal pipeline — topology analysis, obfuscation decoding, secret redaction, ML jailbreak detection, causal inference, and more — all in under 2ms.

📐
Topology Betti β₀/β₁
🔄
Obfuscation Depth-3 decode
🔑
Secrets 15 patterns
📏
Rules Compound risk
🧠
Brain MiniLM + Poincaré
🎯
Causal Bayesian DAG
🎣
Phish URL + SE-Arbiter
🚫
ERS Shadow ban ≥ 0.75
Decision ALLOW / BLOCK
Total pipeline latency < 2ms
📐
Topological Gatekeeper
TDA n-gram point cloud → Betti numbers (β₀/β₁). Structural anomalies invisible to regex detected in <2ms.
All
🔄
Obfuscation Decoder
Depth-3 recursive decode: base64, hex, ROT13, Caesar, word-split, UUencode, Unicode homoglyphs. Nested attacks unwrapped automatically.
All
🔑
Secret Redaction
15 regex patterns (AWS, JWT, Stripe, GitHub, SSH) + Shannon entropy scan for unknown secrets. Zero plaintext in memory or logs.
All
🧠
ML Jailbreak Detection
MiniLM embeddings projected into Poincaré ball. 70% cosine + 30% hyperbolic distance blend. Adversarial suffix stripping built-in.
Individual+
🎯
Causal Arbiter
Bayesian DAG over 5 evidence nodes. Pearl do-calculus backdoor correction. P(HIGH_RISK | evidence) — gray-zone requests get causal reasoning.
Individual+
🎣
PhishGuard + SE-Arbiter
URL phishing detection + social engineering pattern matching. Covers pretexting, authority spoofing, urgency manipulation.
Individual+
🔭
Shadow AI Discovery
18 provider fingerprints. Async /24 subnet probe (256 hosts, 50 concurrent). DNS telemetry classifier. MONITOR / BLOCK / ALLOWLIST modes.
Pro+ / Add-on
🧾
Explainable AI (XAI)
9-stage causal chain with verdict, score, counterfactuals per stage. Self-contained HTML + optional PDF report (reportlab).
Pro+ / Add-on
🔬
Evolution Engine
Claude Opus auto-generates rules from HIGH/BLOCK events. ArXiv paper synthesis → attack examples hot-reloaded into corpus. Regex gate prevents ReDOS.
Pro+
🛡️
Data Poisoning Guard
CPT drift gate rejects calibration updates that shift any parameter >25% from prior. Prevents slow-burn coordinated-borderline poisoning.
Pro+
🤖
SOVA Agent
Claude Opus 4.6 agentic loop. 30 tools. 7 ARQ cron schedules. Visual patrol + XAI explain + Shadow AI scan. Redis memory (20-turn, 6h TTL).
Pro+
🧩
MasterAgent
4 specialised sub-agents (SOVAOperator / ThreatHunter / Forensics / Compliance). HMAC task tokens. Human-in-the-loop approval gate.
Pro
◈ Dashboard

See Everything.
Miss Nothing.

Full-stack observability from a single pane of glass. Real-time SOC metrics, distributed tracing, financial impact analysis, and continuous uptime monitoring — built for security teams.

Requests Filtered
2.4M
Last 30 days
Threats Blocked
98.3%
Block accuracy
Avg Latency
<2ms
9-stage pipeline
Cost Saved
$18,400
IBM 2024 benchmarks
Event Timeline Live
30 days ago15 days agoToday
2,381,204
ALLOW
14,829
FLAG
4,967
BLOCK
891
SHADOW
📋
SOC Event Log
Per-request deep dive: verdict, risk score, stage timing, causal chain. Full audit trail with request ID.
Individual+
🔭
Threat Intelligence
ArXiv LLM-attack paper hunter + OSV CVE dependency scanner. Auto-feeds Evolution Engine. Saved to data/intel_report.json.
Pro+
💰
Financial Impact
IBM 2024 breach cost benchmarks × industry multiplier × blocked events. ASCII ROI report + PDF export. Live data from Prometheus.
All
🔬
OTel Distributed Tracing
9 pipeline stage spans with timing, verdict, and score. gRPC export to Jaeger. GDPR-safe — no raw content on spans.
Pro+
📊
Prometheus + Grafana
SLO alerts: P99 latency, 5xx rate, shadow ban rate, corpus drift. Pre-built dashboards at port 3000.
Pro+
🔌
SIEM Integration
Splunk HEC + Elastic ECS format. SOC 2 Type II evidence ingestion. Custom field mappings.
Pro+
🗄️
Evidence Vault
MinIO session bundles (warden-evidence/) + date-partitioned logs (warden-logs/). Background S3 ship, fail-open.
Pro+
🩺
Uptime Monitor
HTTP/SSL/DNS/TCP checks. TimescaleDB hypertable + continuous aggregates. 90-day retention. PagerDuty + Slack webhooks.
Pro+
◈ Settings

Compliant by Design.
Secure by Default.

Every governance control you need — secrets vaulting, sovereign routing, GDPR purge APIs, and automated key rotation — shipped and ready. No custom infra required.

⚙️
Security Defaults
Fail-closed auth
Startup halts if API key unset
GDPR metadata-only mode
Content never leaves your stack
Evolution Engine
Requires ANTHROPIC_API_KEY
OTel tracing
Enable with OTEL_ENABLED=true
🔐
Secrets Governance
5 vault connectors (AWS SM, Azure KV, HashiCorp, GCP SM, Env). SQLite inventory with risk scoring. Expiry alerts, auto-retire, rotation scheduling.
Add-on $12
🌐
Sovereign Routing
8 jurisdictions (EU/US/UK/CA/SG/AU/JP/CH). MASQUE tunnels (H3/H2/TCP). TOFU TLS pinning. Lowest-latency ACTIVE tunnel selection.
Enterprise
🗺️
Transfer Rules Matrix
CLASSIFIED → blocked always. PHI → 5 allowed jurisdictions. GENERAL → all with adequacy check. EU↔UK/CA/JP/CH adequacy decisions built-in.
Enterprise
🪙
Sovereignty Attestation
HMAC-SHA256 signed attestations. 7-year Redis TTL. 10K cap per tenant. Verify any historical routing decision in O(1).
Enterprise
📋
GDPR Controls
Export/purge APIs for Art. 17 right-to-erasure. Metadata-only logging (no content). Retention scheduler with NDJSON rotation.
All
🔑
Multi-tenant Auth
Per-tenant API keys with SHA-256 constant-time compare. Fail-closed at startup — no plaintext key in any log or span.
All
🔄
Key Rotation
SOVA-automated daily rotation at 02:00 UTC. Community keypair rotation with PQC upgrade path. Zero-downtime key swap.
Pro+
⚙️
Config API
Live-tune thresholds, timeouts, and resilience strategy without restart. Shadow ban score, semantic threshold, transit rules — all hot-reloadable.
Pro+
◈ Docs

Everything You Need
To Ship with Confidence.

Production-grade documentation: quick-start guides, full API reference, GDPR DPIA, SOC 2 evidence procedures, and architecture deep-dives.

🚀
Quick Start
Up in 5 minutes with Docker Compose. First request filtered in under 60 seconds.
Read →
📡
API Reference
Full endpoint catalog: filter, batch, SOVA, billing, communities, XAI, sovereign — 80+ endpoints with auth and examples.
Read →
🏗️
Architecture
9-layer pipeline anatomy, n-tier agent topology, multi-cloud sovereign routing, MinIO evidence vault.
Read →
🛡️
Security Model
OWASP LLM Top 10 coverage, threat model, crypto controls (Ed25519, HMAC-SHA256, PQC), GDPR data flow.
Read →
📄
GDPR DPIA
Art. 35 Data Protection Impact Assessment with necessity, proportionality, and risk mitigation analysis.
Read →
SOC 2 Type II
Control mapping + auditor evidence collection procedures. Pre-built evidence bundles from MinIO.
Read →
📈
SLA
Pro 99.9% / Enterprise 99.95% uptime. P99 < 50ms. Incident response SLOs and credit schedule.
Read →
🔗
Integration Guides
LangChain WardenCallback, OpenAI proxy, Obsidian plugin, k6 load tests, SIEM ingestion, Grafana dashboards.
Read →

Release Timeline

v4.19
May 2026
Obsidian Plugin Full Integration
v4.10
May 2026
Business Community + SEP Protocol
v4.0
Apr 2026
Agentic SOC — MasterAgent & SOVA
v3.0
Mar 2026
Sovereign Cloud + PQC Keypairs
v2.0
Feb 2026
Shadow AI Discovery + XAI Reports

Business Value

Calculate your
ROI in 30 seconds.

Block attackers before they reach your upstream models. Save 100% of LLM costs on malicious traffic. IBM 2024 data: average breach costs $4.88M.

Inference Cost Savings
Block malicious requests before hitting paid model endpoints. Attackers eat zero tokens.
Breach Prevention
Prevent PII leaks, data exfiltration, and prompt injection attacks that trigger regulatory fines.
Zero-Trust Agent Sandbox
Complete control over tool-calling and agent capabilities — no runaway automation costs.

Dollar Impact Calculator

100,000
3%
$45,000
12

Estimated Annual Savings

$6,480,000

vs. Shadow Warden Pro at $69/mo · ROI: 782×

◈ Pricing

Pays for Itself in
Minutes.

IBM 2024: average breach costs $4.88M. Pro plan ROI at default settings: 782× annually.

Monthly Annual Save 15%
Starter
$0 /mo

cancel anytime

  • 1 000 req/month
  • Basic filter pipeline
  • 1 tenant
  • Community support
Individual
$5 /mo

cancel anytime

  • 5 000 req/month
  • Full 9-layer pipeline
  • PII & Secret Redaction
  • Streamlit dashboard
  • XAI Reports ($9 add-on)
  • MasterAgent SOC
Community Business
$19 /mo

cancel anytime

  • 10 000 req/month
  • Everything in Individual
  • File Scanner + Email Guard
  • Obsidian Integration
  • Secrets Governance (included)
  • 3 communities × 10 members
  • 180-day retention
Most Popular
Pro
$69 /mo

cancel anytime

  • 50 000 req/month
  • Full 14-layer defense stack
  • MasterAgent SOC (included)
  • Evolution Engine (self-improving)
  • Evidence Vault + STIX 2.1
  • SOC 2 + GDPR audit package
  • Shadow AI (+$15 add-on)
  • PQC / Sovereign Cloud
Full Stack
Enterprise
$249 /mo

cancel anytime

  • Unlimited requests
  • Post-Quantum Crypto (FIPS 203/204)
  • Sovereign AI Cloud — 8 jurisdictions
  • Shadow AI Governance
  • XAI Audit Reports (PDF)
  • SEP Communities Protocol
  • SAML/OIDC SSO + RBAC
  • Dedicated SLA + 24/7 support
Optional Add-ons
Shadow AI Discovery
$15/mo
Async /24 subnet probe across 18 AI providers. DNS telemetry. Per-tenant MONITOR/BLOCK/ALLOWLIST policy.
Available: Pro+
XAI Audit Reports
$9/mo
9-stage causal chain. Primary cause attribution. PDF reports for SOC 2 evidence packages.
Available: Individual+
Secrets Vault
$12/mo
Multi-cloud vault connectors (AWS SM / Azure KV / HashiCorp / GCP). Inventory, lifecycle alerts, policy score.
Available: Individual+
On-Prem Pack
$29/mo
MinIO on-prem object store, self-hosted Prometheus/Grafana, air-gapped Evolution Engine mode.
Available: Pro+
Community Seats
$9/mo
Stackable +5 extra seats per unit. Combine with any higher tier for unlimited seat expansion.
Available: Community Business+
Power User Bundle saves $7
✓ XAI Audit Reports✓ Secrets Vault✓ Shadow AI
$29/mo
🎁
14-day Pro trial — no card required.
Individual and Community Business plans.

* IBM Cost of a Data Breach Report 2024. All prices USD. Annual billing saves 15%. Enterprise pricing custom — contact sales.