ShieldFlow

ShieldFlow protects people and companies from unsafe AI by detecting prompt injection and data leaks in real time, enforcing trust-based controls, and surfacing risks instantly.

Comment

Inspiration

As AI systems become more powerful, they are increasingly exposed to real-world misuse—prompt injection attacks, accidental leakage of sensitive data, and unsafe model behavior. While building and observing LLM-powered apps, it became clear that most AI failures happen in real time, yet most security controls are reactive.

ShieldFlow was inspired by a simple question: What if AI systems had a live security and trust layer, just like networks do?
We wanted something that could protect people, organizations, and data without changing how developers already build agents.

What it does

ShieldFlow is a real-time security and observability layer for LLM applications and agents.

Every prompt and response is streamed through a Kafka pipeline and analyzed in Apache Flink to detect:

  • Prompt injection attempts
  • Sensitive data exposure (PII, secrets)
  • Unsafe or suspicious behavior

Each session maintains a dynamic trust score:

[ \text{Trust Score}_{t+1} = \text{Trust Score}_t - \sum \text{Risk Signals} ]

Based on this score, ShieldFlow automatically decides whether to:

  • ✅ Allow
  • 🟡 Mask
  • ❌ Block

ShieldFlow integrates directly with CrewAI and LangChain, allowing developers to secure their agents by adding ShieldFlow as a drop-in guardrail—no major rewrites required.
All detections and actions are surfaced live in Datadog dashboards.

How we built it

  • Kafka (Confluent) streams prompts and agent responses as real-time events
  • Apache Flink performs stateful inspection, detection, and trust scoring
  • CrewAI & LangChain integrations allow ShieldFlow to intercept agent prompts and tool outputs
  • Python services simulate LLM and agent workflows
  • Datadog ingests metrics, logs, and traces for dashboards, alerts, and incident context

The system treats AI interactions as data in motion, enabling immediate security decisions with full observability.

Challenges we ran into

  • Designing a trust score that adapts without over-blocking legitimate agent behavior
  • Securing multi-step agent workflows across tools and memory
  • Balancing detection accuracy with real-time performance
  • Integrating observability without adding developer friction

Many existing tools focus on offline evaluation, so building a streaming-first, agent-compatible approach required careful tradeoffs.

Accomplishments that we're proud of

  • A real-time AI security pipeline built on streaming data
  • Stateful trust scoring per session and per agent
  • Seamless integration with CrewAI and LangChain
  • Clear, actionable Datadog dashboards for AI security signals

Most importantly, ShieldFlow proves that AI agents can be secured without slowing them down.

What we learned

  • AI agents amplify risk because they act autonomously
  • Streaming architectures are ideal for AI safety and governance
  • Observability is essential for trust, debugging, and compliance
  • Simple, well-placed guardrails can prevent serious real-world harm

What's next for ShieldFlow

  • ML-based classifiers for more nuanced risk detection
  • Policy-as-code for agent and enterprise AI governance
  • Native Vertex AI / Gemini enforcement hooks
  • Automated incident creation and remediation workflows

ShieldFlow is just the beginning of real-time defense for autonomous AI systems.

Built With

Share this project:

Updates