Security Stack

Security Triad

Paranoia by Design. Three-layer security for autonomous AI agents: Firewall, Sandbox, and Audit Trail.

The Problem with AI Security Today

As we delegate more decisions to multi-agent systems, the attack surface grows exponentially. 2020 security rules don't work for 2026 threats. We need architectural containment.

🛡️ Sentinel: Dependency Firewall

Real-time supply-chain protection before AI writes code

The Problem

LLMs hallucinate package names. Attackers monitor these hallucinations, register fake packages on npm/PyPI, and upload malware. Traditional security scans happen after the commit—too late.

How Sentinel Works

MCP Integration

Runs as a local Model Context Protocol server. Your AI assistant (Cursor, Claude) calls validate_dependency before suggesting any import.

Similarity Detection

Jaro-Winkler algorithms catch typosquatting. If AI suggests "requsts" instead of "requests", Sentinel blocks it and suggests the correct alternative.

Multi-Ecosystem Validation

Real-time checks against PyPI, npm, crates.io, pkg.go.dev. Also queries OSV database for known vulnerabilities.

Zero-Trust Enforcement

AI can't proceed without validation. Policy enforcement at prompt-time, not scan-time.

Click to view in full size · Real-time typosquatting detection

Click to enlarge

🐒 Babuino: Universal Sandbox

KVM hardware isolation for AI-generated code execution

The Problem

Running AI-generated code directly on your host machine is Russian roulette. Docker containers share the kernel—one exploit and your system is compromised.

Why Not Docker?

Docker/K8s: Uses NameSpace (software isolation). Shared kernel. One exploit = game over.

Babuino: Uses KVM (hardware). Physical barrier. Impossible to escape.

Real-world: rm -rf / contained in micro-VM, host untouched.

How Babuino Works

Multi-Backend Routing

Intelligent orchestrator (Rust). Routes code to optimal backend: WebAssembly (<100ms boot), Docker (dependencies), gVisor (deep isolation).

Network Containment

All outbound connections blocked by default. AI must declare --network-allow api.github.com explicitly.

Resource Limits

Hard limits on CPU and RAM. Prevents infinite loops (DoS). Scripts auto-killed after timeout.

Ephemeral Filesystem

Code mounted read-only. Write operations restricted to temp directories, destroyed on exit.

# Execute AI-generated Python script
babuino run --sandbox kvm scrape.py

# Isolated execution
[Babuino] Starting micro-VM (KVM backend)
[Babuino] Filesystem: read-only mount
[Babuino] Network: blocked (whitelist empty)
[Babuino] Limits: 512MB RAM, 30s timeout

# Script runs in isolation
[scrape.py] Attempting to write /etc/passwd... ❌ DENIED
[scrape.py] Attempting HTTP to evil.com... ❌ BLOCKED
[scrape.py] Result: {...}

[Babuino] Execution complete. VM destroyed.

🔍 Cutufato: Cryptographic Audit Trail

Immutable traceability for AI decisions

The Problem

When RAG systems make critical decisions (medical diagnosis, financial audit), you must prove exactly what context was used. Black-box responses are unacceptable for GDPR/AI Act compliance.

How Cutufato Works

Cryptographic Fingerprints

Generates immutable hashes of every prompt sent to the LLM. Creates tamper-proof record of what was asked.

Source Attribution

Maps LLM response fragments to original context chunks. Mathematical proof: "This conclusion came from PDF page 7, line 42."

Hallucination Detection

Exposes when LLM invents information not in context. Visual diff between response and source material.

Compliance Export

Exports audit trails for SOC2, GDPR, AI Act. Forensic replay: "Show me the decision from 2026-04-25 14:30."

# Cutufato audit log
{
  "execution_id": "exec-a7f2b3",
  "timestamp": "2026-04-28T02:30:00Z",
  "prompt_hash": "sha256:7b9a...",
  "context_chunks": [
    { "doc_id": "contract_2024.pdf", "page": 7, "line": 42 },
    { "doc_id": "contract_2024.pdf", "page": 12, "line": 18 }
  ],
  "response": "The contract expires on 2025-12-31",
  "attribution_confidence": 0.98,
  "hallucination_detected": false,
  "signature": "ed25519:a4c9..."
}

# Auditor can verify:
cutufato verify exec-a7f2b3
✅ Signature valid
✅ All chunks exist in source documents
✅ Response fully attributed (98% confidence)

Enterprise Use Cases

🏦 Banking

Need: Air-gapped environments, SOC2 compliance

Solution: Babuino (KVM isolation) + Cutufato (audit trails)

Result: Autonomous trading bots with mathematical proof of every decision.

⚖️ Legal

Need: GDPR compliance, forensic audit trails

Solution: Cutufato (source attribution) + Sentinel (supply-chain)

Result: AI legal research with citation-level traceability.

👨‍💻 Dev Teams

Need: Don't break production with AI-generated code

Solution: Full stack (Sentinel + Babuino + Cutufato)

Result: AI coding assistants that can't commit CVEs or destroy databases.

Plans & Pricing

Security Stack is included in Professional and Enterprise plans. Check complete pricing.

See Full Pricing Request Demo

Ready for Zero-Trust AI?

Join teams building autonomous AI systems with architectural containment, not wishful thinking.

Join Beta Join Waitlist Read Docs