ShieldKit: On-Device LLM Safety

ShieldKit is a zero-latency, on-device AI firewall built on Zetic MLange. It intercepts LLM jailbreaks locally in <15ms, eliminating cloud API costs and guaranteeing absolute user data privacy.

Comment

Inspiration

As developers rapidly integrate Generative AI into mobile applications, securing these models against Prompt Injections, Jailbreaks, and PII (Personally Identifiable Information) leaks has become a mandatory requirement. However, the industry standard is to route every user message through a cloud moderation API before the LLM can respond.

This architecture creates three deal-breakers for mobile applications:

  1. Latency: Adding a 500ms network round-trip just to check if a prompt is safe destroys the snappy user experience.
  2. Cost: Paying API fees per-token for safety checks is completely unscalable for apps with thousands of daily users.
  3. Privacy: Sending unencrypted user prompts (which often contain sensitive health or financial data) to a third-party server is a massive compliance risk.

If the AI industry is moving towards running inference on the edge to solve privacy and latency issues, why is our safety layer still stuck in the cloud? That question inspired us to build ShieldKit.

What it does

ShieldKit is a zero-latency, on-device AI firewall built specifically for the Zetic MLange ecosystem.

Instead of waiting for a cloud API, ShieldKit intercepts user prompts and runs them through an optimized Zetic MLange text classifier executing directly on the user's native hardware (utilizing their device's NPU). If the MLange runtime detects a threat (e.g., a "DAN" jailbreak, data exfiltration, or roleplay exploit), ShieldKit explicitly blocks it locally before any expensive generative LLM is invoked.

We also built the ShieldKit Insight Dashboard, a web telemetry portal that allows enterprise security teams to monitor live fleet threat metrics globally without ever extracting the private prompt content.

How we built it

We utilized the core Zetic MLange SDK to compile and load the Tanaos/text-anonymizer-v1 model from the Melange public library onto the edge device.

In our native iOS test application, we handle user input by immediately converting the prompt into a Tensor string and executing model.run(inputs) strictly on the local hardware. ShieldKit then parses that NPU output to determine a confidence score and a threat vector classification.

For the enterprise side, we built a modern React and Vite web dashboard featuring a "Detonation Chamber" sandbox and a Live Fleet Simulator that proves how ShieldKit scales telemetry metrics across thousands of devices natively.

Challenges we ran into

The hardest part of building on-device security is balancing hardware execution speed with accurate threat classification. We originally worried that running classification locally before an LLM call would still feel sluggish to the user. However, by leveraging the Zetic MLange hardware acceleration, we were able to get native NPU execution times down to under 15 milliseconds—effectively making the safety layer invisible to the end user.

Accomplishments that we're proud of

We are incredibly proud to have built a true, enterprise-ready B2B product during a hackathon. We didn't just build a cool tech demo; we built the two necessary halves of a commercial security product: a lightning-fast, zero-cost edge SDK for mobile developers, and a beautiful, high-visibility telemetry dashboard for security engineers.

What we learned

We learned just how powerful edge compute has become. The ability to pull down a pre-compiled, optimized model using Zetic MLange and have it analyzing text against complex multi-class threat vectors locally in milliseconds completely validated our hypothesis: cloud moderation APIs are going to become obsolete.

What's next for ShieldKit: On-Device LLM Safety

The next step is turning ShieldKit into an officially distributed CocoaPod and NPM package. We want developers to be able to drop import ZeticShieldKit into their Swift or React Native apps and gain enterprise-grade LLM security in just three lines of code.

Built With

Share this project:

Updates