project_lobster_v0.4.0

A Layer 7 Security Sidecar that blocks malicious logic, not just bad packets.

Comment

Inspiration

As we transition from the "Information Age" to the "Agentic Age," the internet is evolving. We are no longer just building chatbots that talk; we are building Autonomous Agents that act—they execute code, manage infrastructure, and spend money.

Standard security tools (Firewalls, WAFs) operate at Layer 3 & 4 of the OSI model. They check IP addresses and ports. But an AI Agent doesn't get hacked via a bad port; it gets "jailbroken" via Natural Language Logic. I realized that as soon as an agent is given the power to execute tools (RCE), it becomes a massive liability. I wanted to build a "Layer 7 Security Sidecar"—a dedicated immune system that sits alongside the agent, filtering "thoughts" (prompts) and "actions" (tool calls) before they become dangerous.

What it does

Project Lobster is a real-time, context-aware security gateway for AI Agents. It intercepts traffic between the User and the Agent, analyzing it for malicious intent, logic bombs, and jailbreaks.

Unlike a standard firewall, Lobster is stateful. It remembers the conversation history. This allows it to detect "Context Traps"—multi-step attacks where a malicious actor splits a dangerous payload across multiple seemingly innocent messages to bypass simple filters.

How I built it

Using Google's Antigravity, I engineered a Hybrid-Tiered Defense Architecture to solve the two biggest problems in AI security: Latency and Cost.

If you send every packet to a large LLM, your system becomes slow (~2s latency) and expensive ($$$). To solve this, I treated AI as an escalation tier, not a default handler:

  • Tier 0: The Iron Dome (O(1)): A local, zero-latency Regex layer that instantly blocks known threats (e.g., rm -rf, SYSTEM_PROMPT) and approves safe patterns.
  • Tier 1: The Vault (Memory): A local vector/hash cache of previously analyzed threats. If a threat is seen once, it is blocked forever without an API call.
  • Tier 2: The Sentinel (Gemini 3.0): The "Brain." Only when a packet is novel and complex do we send it to Google Gemini 3.0 Flash Preview. This architecture allows Lobster to process 80% of traffic locally while reserving the deep reasoning capabilities of Gemini 3.0 for the 20% of threats that actually require it.

Challenges I ran into

The hardest technical challenge was the "Context Trap."

Initially, I treated every packet in isolation. But I realized that an attacker could set a variable in Packet A (secret = os.environ['KEY']) and exfiltrate it in Packet B (print(secret)).

  • To a stateless regex, print(secret) looks harmless.
  • To a stateless LLM call, it also looks harmless.

The Solution: I had to implement a sliding Context Window that forwards the history of the conversation to Gemini 3.0. This allows the model to reason: "Wait, in the previous turn, the user defined 'secret' as an API key. Therefore, printing it now is a data leak."

Accomplishments that I'm proud of

  • The Efficiency Dashboard: Building a TUI (Terminal User Interface) with rich that visualizes the Local vs. API cost savings in real-time. It proves that enterprise-grade AI security is economically viable.
  • The "Context Trap" Demo: Successfully demonstrating a live attack that bypasses standard filters but gets caught by Lobster's memory.
  • Architecture-Agnostic Design: By using a standardized JSON schema, Lobster can protect any agent—whether it's a Python script, a ROS 2 robot, or a CI/CD pipeline.

What I learned

I learned that Architecture > Algorithms. Anyone can call an API. The real engineering lies in knowing when to call it. By building the "Iron Dome" and "Vault" layers, I learned how to balance the raw power of Large Language Models with the constraints of real-world production systems.

What's next for Project Lobster

Project Lobster v0.4.0 is just the beginning.

The roadmap includes:

  • The "Universal Sidecar" Container: Packaging Lobster as a Docker container that can be dropped into any Kubernetes pod to instantly protect the agent inside.
  • Community Threat Vault: A shared, decentralized database of "logic signatures" so that if one Lobster node detects a new jailbreak, all nodes are immunized instantly.
  • ROS 2 Integration: Bringing Layer 7 security to physical robotics to prevent "kinetic hallucinations."

Built With

Share this project:

Updates