🛡️ AIFenders

Runtime AI security

One guardrail layer between any agent and the LLM.

AIFenders is a drop-in, OpenAI-compatible proxy. Five rails — input, dialog, retrieval, execution, output — enforce declarative safety policy across the whole agent lifecycle. Swap one base_url and every call is firewalled: prompt injection, PII, unsafe tool calls, and egress leaks. Zero code change.

Maps to OWASP LLM Top 10 · MITRE ATLAS · NIST AI RMF · EU AI Act · ISO 42001 · DPDP · GDPR

0 threats blocked · 0 passed
malicious — blocked clean — passed
99.4%
Enforcement
2,200 adversarial cases
<1ms
p95 latency
deterministic fast path
0%
False positives
benign traffic passed
5
Rails · one policy
declarative JSON, no DSL

One line to adopt

Point your base_url at AIFenders.

Keep your model, your SDK, your code. Swap the base URL and every request is firewalled through all five rails — with guardrail telemetry on every response.

python · drop-in/v1/chat/completions
# point any OpenAI SDK at AIFenders — nothing else changes
from openai import OpenAI

client = OpenAI(
    base_url="https://aifenders.com/v1",
    api_key=AIFENDERS_KEY,
)
# every call now firewalled: injection, PII, tool-policy, egress
resp = client.chat.completions.create(
    model="aifenders-gateway",
    messages=[{"role":"user","content":"Summarize this contract…"}],
)
print(resp.aifenders)  # guardrail telemetry rides along

The problem

LLMs and agents fail in production in ways a chatbot never did.

The moment a model can retrieve documents, call tools, and act autonomously, its attack surface explodes — and a single bad output becomes a breach, a leak, or a destructive action.

Prompt injection

Users and poisoned documents override your instructions to exfiltrate data or jailbreak the model.

PII & secret leakage

Cards, Aadhaar, API keys and tokens flow into prompts and back out in responses — often mid-stream.

Unsafe tool calls

Agents delete records, move money, and email data off-domain with no human in the loop.

Poisoned RAG

A single weaponized chunk retrieved into context hijacks the agent — the top real-world attack.

The solution

Five rails, one declarative policy.

Each rail is a guard stage in the request lifecycle. All behavior lives in a single policy.json — no Colang DSL to learn. Tumeryk / NeMo-class coverage, developer-native.

1

Input

Prompt-injection scoring + PII/secret masking before the model sees the text.

2

Dialog

Topic & SOP control — allowlist a scope or block off-limits subjects.

3

Retrieval

Scores every RAG chunk for indirect injection and masks PII in context.

4

Execution

Risk-scores every tool call; destructive ops route to human approval.

5

Output

Streaming egress verifier catches leaked secrets and echoed PII — mid-token.

Explore the architecture →

Proven, not promised

Published benchmarks. Auditor-ready mapping.

99.4% enforcement across 2,200 adversarial cases — with the over-defense rate and latency most vendors won't publish. Every rail decision carries the framework IDs your buyers' security teams already require.

OWASP LLM Top 10 · 2025MITRE ATLAS NIST AI RMFEU AI Act ISO/IEC 42001India DPDPGDPR

Firewall your agents in one line.

Create a free account, get an API key, and point your base_url at AIFenders. Every call firewalled — no code change.