AegisAI: Project Story

💡 Inspiration

The inspiration for AegisAI came from a critical gap in the modern enterprise: the "Accidental Leak."

While LLMs have revolutionized productivity, they have created a massive hole in the corporate data perimeter. We realized that employees aren't leaking data maliciously they are doing it habitually, by pasting sensitive client info into public prompts.

We built AegisAI to be the invisible guardrail that lets teams use AI without the risk of a multimillion-dollar compliance fine.

🔐 What It Does

AegisAI is a high-performance security proxy that sits between users and Large Language Models. It acts as a digital "Air-Gap" for sensitive data.

🛡️ PII Firewall: Automatically redacts emails, phone numbers, and credit cards in real-time.
💉 Injection Guard: Neutralizes "Jailbreak" attempts and instruction overrides before they reach the model.
📊 Security Dashboard:Provides a centralized command center for security teams to monitor threats and audit interaction logs.

🔧 How We Built It

We engineered a high-performance security proxy using Node.js and TypeScript. The core engine is a deterministic PII scrubber that uses optimized regular expressions to catch sensitive data with a target latency of:

$$\text{Latency} = T_{\text{scan}} + T_{\text{proxy}} < 10\text{ms}$$

We paired this with a React 19 dashboard that provides real-time visibility into intercepted threats using a "Secure Envelope" mental model ensuring the AI only ever sees tokenized data, never the real thing.

🚧 Challenges We Ran Into

The biggest technical hurdle was Path Alias Resolution and State Synchronization.

We had to ensure that our security library could be shared between the frontend and the backend without version drift. Solving the tsconfig and baseUrl deprecation issues in a modern Vite environment was a steep learning curve — but it resulted in a significantly more stable and maintainable build.

🏅 Accomplishments We're Proud Of

We are particularly proud of our sub-10ms processing speed.

In cybersecurity, if a tool is slow, users will bypass it.

We successfully built a scanner that adds virtually zero latency to the user experience. We are also proud of our dashboard's "Optimistic UI", which updates metrics the instant a threat is intercepted giving security teams live awareness without any polling delay.

📚 What We Learned

We learned that in cybersecurity, deterministic logic beats generative logic.

We initially considered using an AI to scan for PII but we realized that an AI can be "hallucinated" into ignoring a credit card number. By sticking to rigid, regex-based firewalls, we created a system that is:

⚡ Faster: sub-10ms vs. LLM inference latency
💰 Cheaper: no token costs for scanning
🔒 Fundamentally more secure: zero risk of being social-engineered

🚀 What's Next for AegisAI

The next step for AegisAI is Contextual Re-identification expanding the proxy logic to automatically "swap" real data back into the LLM's response before the user sees it, completing the full secure loop.

We are also exploring:

Vector-based PII detection to identify sensitive company secrets that don't follow standard patterns (e.g., internal project codenames, proprietary formulas).
Policy-as-code configuration so enterprise teams can define custom redaction rules without touching source code.
SOC 2 audit export to generate compliance-ready reports directly from the Security Dashboard.