Inspiration
Enterprise AI is rapidly shifting from static chatbots to autonomous, multi-step AI agents. Standard LLM firewalls can scan simple chat prompts, but they fail to secure autonomous agents that pull live data from external APIs, emails, or databases. A single prompt injection hidden inside a customer email can hijack an agent's tool-execution logic, causing it to leak corporate databases or execute unauthorized API calls. We built CortexGuard to bridge this gap: an intent-aware security guardrail designed specifically to protect agentic workflows — not just their chat interface, but the state and tool calls running underneath.
What it does
CortexGuard is a specialized security middleware layer that sits natively within agent execution loops, not just at the chat input/output boundary.
State & Intent Inspection: Analyzes tool payloads — not just user-facing text — to intercept malicious structural overrides and multi-step prompt injections before the agent executes them. Unlike input/output filters built for single-turn chat, CortexGuard inspects the actual state and tool calls inside a running agent loop, closing the gap where injected instructions hijack tool execution rather than the visible chat text. Granular PII Masking: Dual-stage validation — regex/Named Entity Recognition paired with semantic context evaluation — dynamically redacts API credentials, cryptographic keys, and user data before agent variables cross network boundaries. Observability Hub: A real-time security dashboard giving engineering teams live payload tracing, active threat vectors, and policy violation logs. Measured performance: ~50ms latency for the synchronous regex/NER pass, ~400ms for the async semantic classification step. In our own test suite of 10 known injection patterns, CortexGuard correctly flagged 9 of them, with 0 false positives.
How we built it
Security Core: A lightweight FastAPI asynchronous pipeline handling payload inspection with minimal latency overhead. Semantic Analysis: Structured JSON schema enforcement via the Google Gemini API acts as a consistent, schema-constrained classification engine for adversarial intent — trading the brittleness of open-ended conversational parsing for structured, auditable outputs. Frontend telemetry: Next.js 15, Tailwind CSS, and shadcn/ui map live system health and telemetry directly from backend logs.
Challenges we ran into
Balancing security depth with execution speed was our biggest hurdle — agentic loops are highly latency-sensitive. To avoid bottlenecking the system, we split the pipeline: lightweight string matching and regex masking run synchronously, while complex semantic classification runs asynchronously. Building this under time pressure also pushed us to be disciplined early about environment separation and secrets management — which, fittingly, ended up validating the same boundary-protection principles CortexGuard itself is built to enforce.
Accomplishments that we're proud of
Structured, schema-constrained classification: Achieving consistent adversarial-intent detection using structured LLM outputs rather than brittle, open-ended conversational logic. End-to-end visual telemetry: Successfully mapping an active simulated injection attack from a raw terminal request all the way to a live visual warning badge on our Next.js UI. Empirical Validation: Caught 9 out of 10 known injection techniques in our validation test suite while protecting core data privacy boundaries.
What we learned
Guarding autonomous agents requires securing the state of the application, not just the text input. We pushed Next.js Server Components and FastAPI's async loops to their limits, and came away convinced that the next major challenge in AI security isn't making models smarter — it's making their integration boundaries bulletproof.
What's next for CortexGuard
CortexGuard is the foundational real-time execution layer of our broader long-term vision, Aetheric. CortexGuard is the inline operational firewall for today's submission; it's architected to feed its security telemetry into Aetheric's future end-to-end multi-agent governance and compliance ecosystem.
Built With
- fastapi
- git
- google-gemini-api
- next.js-15
- powershell
- python
- react
- shadcn/ui
- tailwind-css
- typescript
- uvicorn
Log in or sign up for Devpost to join the conversation.