AgentGuard: The Semantic Firewall for the Agentic Web

The SSL for AI Agents. A Semantic Firewall that uses Gemini 3.0 to distinguish helpful shoppers from malicious scrapers in real-time.

Comment 4

Inspiration

The web is breaking.

We are witnessing a "Cold War" between platforms and AI agents. Major retailers (like Amazon) are blocking AI crawlers (like Perplexity) because they cannot distinguish between a helpful shopping assistant and a malicious scraper. Both look like automated bots; both trigger standard WAFs (Web Application Firewalls).

Merchants are forced to "Block All" to stay safe, which is quietly killing the promise of Agentic Commerce before it begins.

We realized that the industry doesn't need better IP blocking—it needs a way to verify Intent. We built AgentGuard to be the "SSL Layer" for the Agentic Web, restoring trust so merchants can open their doors to the AI economy.

Problem

What it does

AgentGuard is a "Layer 4 Semantic Firewall" or a AI Agent Passport that sits between a merchant's storefront and the incoming web traffic. Unlike traditional firewalls that check who you are (IP reputation, Headers), AgentGuard uses Gemini 3.0 to analyze what you are doing (Behavioral Intent).

It analyzes complex signal vectors in real-time to distinguish between:

  • Legitimate Shoppers: Agents using valid protocols (like Google's AP2 or ACP) with human-like browsing patterns.
  • Malicious Scrapers: Bots that may spoof valid tokens but exhibit aggressive scraping behavior (high error rates, linear traversal).

If an agent is flagged, AgentGuard provides a "Reasoning Trace"—a transparent, natural-language explanation generated by Gemini 3.0 explaining exactly why the traffic was blocked:

"Valid Token presented, but velocity exceeds human threshold."

Solution

How we built it

We adopted a "Defense in Depth" architecture to balance AI reasoning with sub-millisecond latency requirements:

  1. The Semantic Core (Gemini 3.0 Flash): This is the brain. We use gemini-3-flash-preview for its sub-300ms latency and superior reasoning capabilities. The Edge Gateway performs real-time feature extraction on raw traffic, converting noisy logs into structured telemetry signals (Velocity, Headers, Interaction Patterns). We feed this concentrated context into Gemini 3.0 Flash to get a verdict with a reasoning trace.
  2. Backend (FastAPI): A high-performance Python asynchronous server that handles traffic ingestion and routes "novel" anomalies to the Gemini API.
  3. Smart Caching Layer: To solve the cost/latency problem, we implemented an edge caching system. Once Gemini validates a specific behavioral pattern (e.g., "AmazonBot v2 browsing shoes"), we cache that verdict with a dynamic TTL. This means 99% of traffic is handled with zero AI cost and zero latency, while Gemini focuses only on novel threats.
  4. Frontend (React + Vite): A "Command Center" style dashboard that visualizes live traffic, showing real-time "Allowed/Blocked/Restricted" decisions and letting security teams audit the AI's reasoning.
  5. Traffic Simulation: To demonstrate the system's reasoning capabilities without needing live DNS propagation, we built a Python-based telemetry generator. This script acts as the "Edge Gateway," constructing the JSON signal payloads (Headers, Rates, Interaction Patterns) and sending them directly to the Semantic Brain API for analysis.

Flow

Challenges we ran into

  1. The "Latency vs. Security" Dilemma: Placing an LLM in the critical path of e-commerce traffic is risky. If the API takes 2 seconds, the customer leaves. We solved this by switching to Gemini 3.0 Flash (which is incredibly fast) and building the "Optimistic Smart Cache" system to handle repeat traffic instantly.
  2. Hallucinations in Security: We couldn't afford for the AI to "guess" about security. We spent significant time on System Prompt Engineering, creating a strict rule set (e.g., "Token + Bad Behavior = BLOCK") and forcing structured JSON outputs to ensure deterministic behavior.
  3. Defining "Malicious": It is hard to define what a "scraper" looks like mathematically. We used Gemini's few-shot learning capabilities to teach it the difference between "aggressive crawling" and "enthusiastic shopping."

Accomplishments that we're proud of

  1. Sub-300ms Reasoning: We achieved a real-time semantic analysis loop that feels instant to the end-user.
  2. The "Reasoning Trace": We didn't just build a black box. Our dashboard shows why a decision was made. Seeing Gemini explain "Blocked because retry rate > 50/min despite valid AP2 token" feels like magic.
  3. Production-Ready UI: We moved beyond a "hackathon script" to build a full SaaS-quality dashboard with dark mode, live graphs, and an audit simulator.
  4. Universal Protocol Support: We successfully modeled the logic for Google's new Agent Payments Protocol (AP2), positioning AgentGuard as a future-proof partner for the Universal Commerce Protocol ecosystem.

What we learned

  • LLMs are Infrastructure: We learned that with the right architecture (Caching + Flash models), LLMs aren't just for chatbots—they can be reliable, decision-making components in high-speed network infrastructure.
  • Context is King: A raw IP address tells you nothing. But an IP address + a Token + a Traversal Pattern tells a story. Gemini excels at reading that story.
  • Security needs Explainability: Security teams don't trust "magic AI." They trust verified logs. By forcing Gemini to output its reasoning, we turned a "Black Box" into a "Glass Box."

What's next for AgentGuard

  1. The Wedge (Shopify App): We are launching first as a one-click Shopify plugin. This allows us to democratize access for millions of SMB merchants immediately and gather critical training data on agent behaviors.
  2. The Scale (Enterprise SDK): Our long-term goal is to serve large infrastructure companies. We are packaging the AgentGuard core as a language-agnostic SDK (Middleware) and Docker Sidecar. This will allow enterprise platforms (banking, healthcare, custom retail) to integrate "Agentic Firewalling" directly into their existing AWS/GCP pipelines with just a few lines of code.
  3. Edge Deployment: Moving the "Smart Cache" logic to Cloudflare Workers to block scrapers at the network edge, reducing cloud costs for high-volume clients.
  4. Universal Protocol Standard: As UCP matures, we aim to establish AgentGuard as the official "Compliance & Security" verification layer for the entire autonomous commerce ecosystem.

Testing Instructions

Critical Note: This project consists of two parts: an Edge Gateway (Backend Infrastructure) and a Dashboard (Frontend). Simplified Google AI Studio code is available in devpost branch where as prod code is available on main branch.

Step 1: Access the Dashboard. We have deployed a live "Command Center" for judges to visualize the Gemini 3.0 reasoning engine.

Same dashboard app can be accessed using AI Studio link as well and it connects to the same database.

Step 2: Test the "Auditor" Tool

To see the Gemini 3.0 reasoning engine in action without generating live network traffic, use our Auditor Simulator:

  • Navigate to the "Auditor" tab in the top menu.
  • Locate the "Demo Access Key" input field.
  • Enter the following Judge Key to unlock the simulation: BASEID-2026
  • To limit usage, each user session is allowed to submit maximum 15 requests.

Paste the sample User-Agent provided in the UI (or write your own) and click "Audit". Watch as Gemini generates a real-time security recommendation and reasoning trace.

Auditor Tool for demo:

Testing

Built With

Share this project:

Updates