Immunis: The Self-Healing AI

Inspiration

https://immunis-webhook-server-467175533623.us-central1.run.app/

Prompt injection attacks are the SQLi of the AI era. We saw Bing Chat get jailbroken, system prompts leak from production apps, and RAG systems execute hidden commands. Most LLM applications have zero input-layer protection. We built Immunis to fix that.

What it does

Immunis is a real-time defense layer for LLM applications. It analyzes every user input using Gemini, assigns a threat score (0-100), logs results to Datadog, and triggers automatic lockdown when attacks exceed threshold. It provides both a CLI for testing and a FastAPI webhook for integration.

How we built it

Gemini 2.5 Pro for prompt analysis and attack scoring
FastAPI for the webhook server
Datadog for real-time monitoring and alerting
Pydantic for schema validation
Rich for CLI visualization
Pytest with 150+ adversarial test cases

Challenges we ran into

Getting the LLM to return consistent JSON scores was tricky. Obfuscated attacks (leetspeak, unicode homoglyphs, multilingual injections) often slip past detection. Balancing false positive rates with true detection rate required extensive tuning.

Accomplishments that we're proud of

Built a working end-to-end security pipeline in under 24 hours. Created a comprehensive adversarial test suite covering 12 attack categories. Achieved real-time Datadog integration with conditional alerting.

What we learned

LLM security is an adversarial arms race. Attackers are creative with encoding, role-playing, and context manipulation. Defense requires layered approaches, not just keyword filtering.

What's next for Immunis: The Self-Healing AI

...

Built With

Updates

Saadman Rafat started this project — Dec 07, 2025 09:37 AM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.