Aegis-RS: Intelligent AI-WAF

A high-performance WAF built in Rust that uses Google Gemini to detect and block semantic cyberattacks like SQLi and Prompt Injection.

Comment

Inspiration

I noticed a massive shift in the current tech landscape: everything is becoming a web application. Generative AI has democratized coding, enabling a wave of creators to build and launch projects faster than ever before. However, this speed often comes at a dangerous cost: security is being overlooked.

Every day, countless new apps are deployed with vulnerable database connections, insecure authentication flows (login/password), and exposed payment gateways. Hackers are aggressively exploiting these weak points to steal sensitive client data, causing nightmares for developers and massive risks for users.

This reality was my wake-up call. I realized that static firewalls aren't enough to protect these rapidly evolving apps. I was inspired to combine the cognitive intelligence of AI with the raw power and safety of Rust. I built Aegis-RS to fight back against these modern hackers. My mission is to provide an intelligent shield that secures databases and sensitive user info, giving developers the peace of mind to focus on building, without the constant headache of security breaches.

What it does

Aegis-RS is an intelligent reverse proxy that sits between the internet and your web application. It acts as a shield, intercepting traffic before it reaches your server.

  1. Intercepts Traffic: Every incoming HTTP request is paused for inspection.
  2. Semantic Analysis: It sends the request payload to Google Gemini 3 Flash. The AI acts as a Senior Security Analyst, evaluating if the request contains malicious intent (SQL Injection, XSS, or Prompt Injection).
  3. Instant Blocking: If Gemini 3 flags it as malicious, Aegis blocks it immediately and logs the reasoning (e.g., "Tautology detected" or "Jailbreak attempt").
  4. Smart Caching: To ensure production-grade speed, valid requests and known attacks are hashed and cached. Subsequent similar traffic is processed in microseconds, bypassing the AI entirely.

How I built it

I prioritized Safety, Concurrency, and Speed, choosing a modern tech stack:

  • The Core (Rust): I built the proxy engine 100% in Rust using Axum and Tokio. Rust provides memory safety without the performance penalty of a Garbage Collector, essential for a high-throughput firewall.
  • The Brain (Google Gemini 3): I integrated the Google Gemini 3 Flash model via the REST API. I chose Gemini 3 for its superior reasoning capability and ultra-low latency, which is critical for real-time security decisions.
  • The Memory (Blake3): I implemented a custom caching mechanism using the Blake3 cryptographic hash function.
  • Deployment: The application is containerized with a multi-stage Docker build (resulting in a tiny ~30MB image) and deployed on Render (cloud).

The Math Behind the Speed

One of the biggest concerns with AI firewalls is latency. I solved this with my caching algorithm. The total request time ($$T_{req}$$) is defined as:

$$T_{req} = T_{net} + (1 - P_{hit}) \times T_{AI} + P_{hit} \times T_{cache}$$

Where:

  • $$P_{hit}$$ is the probability of a cache hit (0 to 1).
  • $$T_{AI}$$ is the AI inference time.
  • $$T_{cache}$$ is the cache lookup time (~0.01ms).

As traffic increases, $$P_{hit}$$ approaches 1, effectively driving the AI latency cost to zero.

Challenges I ran into

  1. The Latency Trade-off: Calling an LLM for every network request is traditionally too slow for a firewall. I overcame this by architecting the 'Smart Cache' layer described above.
  2. Deployment & Versioning: I faced significant compatibility issues (GLIBC errors and lockfile versions) when moving from local development (Rust Latest) to the cloud environment. I solved this by optimizing my Dockerfile to use a multi-stage build, compiling on the latest Rust image but running on a lightweight Debian distroless image.
  3. Handling Quotas: Managing the Gemini API rate limits (HTTP 429) required robust error handling to ensure the firewall fails securely without crashing the service.

Accomplishments that I'm proud of

  • Rust + AI Integration: Successfully building a high-performance async Rust application that seamlessly talks to Google's newest Gemini 3 model.
  • The Dashboard: Creating a visual interface that doesn't just show what was blocked, but uses Gemini to explain why. Seeing the AI output "Detected intent to bypass authentication" feels like having a forensic expert on the team.
  • Efficiency: Achieving a final Docker image size of under 30MB, proving that AI security tools can be lightweight and deployable anywhere.

What's next for Aegis-RS

  • Automated IP Banning: Integrate a system to automatically ban IPs that generate frequent AI-flagged alerts.
  • Response Inspection (DLP): Analyze outgoing traffic to prevent Data Exfiltration (e.g., preventing an LLM from leaking credit card numbers).
  • Fine-tuning: Train a specialized Gemini model solely on HTTP attack vectors to improve speed and reduce dependency on general-purpose models. ## How we built it

Built With

Share this project:

Updates