-
-
architecture LLMshield
Inspiration
We were inspired to treat LLMs like first-class production systems, combining AI observability, security monitoring, and cost intelligence into a single, actionable platform for AI engineers and SecOps teams.
What it does
LLM-SHIELD is an end-to-end observability and security monitoring platform for LLM applications built on Google Vertex AI / Gemini. It: Streams LLM runtime, cost, and security telemetry into Datadog Detects prompt injection, jailbreaks, hallucination risks, latency spikes, and cost anomalies Visualizes LLM health through a unified Datadog dashboard Automatically raises alerts, incidents, and security signals with full context for engineers to act on
How we built it
Frontend: React-based chat UI Backend: Python + FastAPI hosted on Google Cloud Run LLM: Google Vertex AI / Gemini Observability: Datadog APM, Logs, Metrics, Security Monitoring We instrumented the LLM pipeline to emit: Prompt/response metadata and token usage Latency and error traces Cost metrics per request Security signals for prompt injection, jailbreak attempts, and PII exposure All telemetry is streamed into Datadog, where detection rules trigger alerts and incidents in real time.
Challenges we ran into
Designing meaningful LLM-specific metrics beyond traditional infra telemetry Correlating prompts, responses, traces, and security events into a single request flow Balancing observability depth with cost efficiency Making security detections explainable and actionable within a 3-minute demo window
Accomplishments that we're proud of
Built a working, production-style LLM application with real observability Implemented LLM security detections using Datadog—not simulated logs Created a judge-friendly dashboard showing health, cost, and security at a glance Delivered a closed-loop system where detections automatically generate incidents with context
What we learned
LLMs require new observability paradigms beyond traditional APM Security must be embedded directly into the LLM runtime, not bolted on later Datadog’s unified platform is powerful for correlating AI, security, and performance signals Clear dashboards and actionable incidents matter more than raw metrics
What's next for LLM-SHIELD | LLM Observability & Security
LLM-SHIELD is designed as a foundation for production-grade AI operations. Our roadmap focuses on deeper intelligence, broader coverage, and automated protection. a) Advanced LLM Security Controls Real-time auto-blocking of malicious sessions after repeated prompt injection or jailbreak attempts Policy-based guardrails per model, user, or application Fine-grained PII classification and redaction before responses are returned b) Intelligent Risk Scoring ML-driven risk scoring across prompts, sessions, and users Correlating behavior over time to detect slow-burn abuse pattern Predictive alerts for hallucination and cost overruns before impact c) Multi-Model & Multi-Cloud Support Support for additional models (OpenAI, Anthropic, open-source LLMs) Unified observability across multi-cloud and hybrid AI deployments Standardized telemetry schema for any LLM runtime d) Automated Remediation & Response Automated Datadog workflows to throttle requests, rotate models, or reduce temperature Integration with ticketing, SOAR, and CI/CD pipelines Self-healing actions triggered directly from Datadog incidents e) Executive & Compliance Reporting Cost and risk reports for leadership and FinOps teams Compliance dashboards aligned to AI governance and emerging regulations Historical analysis for audits and incident reviews d) AI-Assisted Operations LLM-powered explanations of incidents and security alerts Natural-language queries over observability data Recommendations for tuning prompts, models, and guardrails
Log in or sign up for Devpost to join the conversation.