Active2025

CortexShield

Enterprise LLM Safeguards & Telemetry

LLM SafetyPrompt InjectionSybil DetectionAgentic SecurityAdversarial MLNLP

Code Availability

CortexShield is an open research project. The platform and policy sandbox are available at cortexshield.pages.dev.

Request Access

Overview

CortexShield is a research-driven enterprise LLM safety platform that addresses the critical blind spots in current AI guardrail systems. Traditional safety classifiers are stateless, English-centric, and blind to coordinated multi-account attacks. CortexShield introduces four novel research methodologies — dynamic language confidence scaling, stateful session escalation tracking, agglomerative TF-IDF Sybil campaign clustering, and agentic state transition validation — to create a comprehensive defense layer for production LLM deployments.

The platform operates as a telemetric pipeline: intercepting LLM interactions at the API gateway, running parallel enrichment scoring, and enforcing policy decisions in real-time without adding latency to the model serving path.

The Low-Resource Language & Code-Switching Blind Spot

Traditional safety classifiers are trained almost exclusively on English and high-resource languages. Adversarial prompts translated into low-resource languages (Hindi, Arabic, Swahili) or mixed via code-switching routinely bypass safety checkpoints. CortexShield introduces a dynamic language_confidence coefficient that dampens the safety classifier's confidence score when code-switching or low-resource language signatures are detected, automatically forcing the system into strict enforcement mode.

Stateful Multi-Turn Session Escalation

Single-turn safety checks are stateless. Adversaries exploit this by constructing multi-turn interactions — beginning with benign queries to establish context, then incrementally adjusting or escalating their prompts until the model complies. CortexShield tracks state across conversational turns, logging repeat attempts, query reformulations, and conversational transitions. The evaluation engine integrates a session context penalty that dynamically amplifies the threat score based on escalation aggressiveness.

Coordinated Sybil Campaign Clustering

Large-scale bad actors execute coordinated campaigns using hundreds of unique accounts to conduct distributed red-teaming. Traditional rate-limiters are blind to this because each user generates low-volume traffic. CortexShield's analytics engine groups prompt semantic vectors in real-time using TF-IDF vectorization and agglomerative clustering algorithms. When the volume of a semantic cluster spikes (measured by z-score anomaly detection), the system flags it as a coordinated campaign and raises alerts.

Agentic State Transition Safeguards

As LLMs are integrated as autonomous agents with tool-calling capabilities, they become vulnerable to indirect prompt injections embedded in external data. CortexShield inspects agentic tool plans before dispatch, constructing a dynamic state transition graph and checking for dangerous transitions — for example, if an agent attempts to read sensitive user context (emails) and transition directly to an outbound mutation (Slack post, HTTP call), the scoring engine intercepts and flags an injection risk.

Project Details

Status
Active
Timeline
2025
Focus Areas
6 domains

Key Components

The architecture is built around these core systems, each designed for specific responsibilities in the agentic workflow.

Enrichment Scoring Pipeline

Parallel analysis against deterministic rules, heuristics, and semantic embeddings for real-time threat classification.

Sybil Campaign Detector

TF-IDF vectorization with agglomerative clustering and z-score anomaly detection for distributed attack identification.

Agentic Plan Validator

Dynamic state transition graph analysis intercepting dangerous tool-call sequences before external dispatch.

Language Confidence Engine

Dynamic confidence coefficient scaling for low-resource language and code-switching evasion defense.

Session Escalation Tracker

Stateful multi-turn tracking with context penalty amplification for progressive steerage attacks.

Policy Sandbox

Interactive testing environment for custom enforcement rules and threshold tuning against adversarial scenarios.

Back toAll Research