Inspiration

Traditional AI auditing is reactive it logs data after a model response has already leaked PII or triggered a compliance violation. Inspired by the strict governance requirements of the EU AI Act and GDPR, we realized that true compliance requires a "gatekeeper" architecture. We wanted to move away from post-hoc forensics and toward a model where compliance is enforced in the critical network path, ensuring that sensitive data never leaves the local perimeter.

What it does

Sentinel is an autonomous, inline AI governance agent. It sits between AI agents and their target LLMs as a transparent proxy. It performs real-time interception to:

  • Sanitize Payload: Automatically identify and redact PII/PHI before it hits the wire.
  • Detect Threats: Block prompt injection and system-manipulation attempts.
  • Enforce Policy: Validates all outgoing requests against a library of regulatory JSON policies.

How we built it

We built Sentinel using an Ephemeral Proxy Interception Pattern:

  1. Lifecycle Orchestration: We used Python’s asyncio to manage the lifecycle of an ephemeral proxy server.
  2. Transparent Interception: By injecting environment variables like OPENAI_BASE_URL and HTTP_PROXY, we route agent traffic through Sentinel without modifying a single line of target agent code.
  3. Modular Guardrails: We developed deterministic compliance modules for PII and injection that follow a strict interface.

Challenges we ran into

  • Latency: Intercepting live streams can add milliseconds. We optimized this by keeping our policy library in-memory and utilizing asynchronous, non-blocking evaluation logic.
  • Deterministic vs. Semantic Logic: Balancing fast regex-based PII detection with the need for nuanced, intent-based injection detection required a hybrid module approach.

Accomplishments that we're proud of

  • Zero-Code Integration: We successfully designed a system that governs third-party agents with zero code modifications on their part, satisfying the "tool agnostic" requirement for security teams.
  • Compliance-by-Design: We successfully mapped architectural components directly to specific legal articles (e.g., Article 5 of the EU AI Act), making the system's compliance stance provable rather than theoretical.

What we learned

  • Governance is a Networking Problem: We learned that the most effective way to secure AI agents isn't just better prompting—it’s controlling the egress traffic.
  • Abstraction is Key: By decoupling the Interception (Proxy), Evaluation (Guardrails), and Dispatch (LLM Handoff), we built a system that is incredibly easy to test and extend.
  • Deterministic Auditing: We found that LLMs shouldn't be the final judge of their own compliance; keeping the core enforcement logic deterministic is essential for legal defensibility.

What's next for Sentinel

Our roadmap focuses on moving from "gatekeeper" to "intelligent infrastructure":

  • Bypass Risks: Architecting for kernel-level redirection, which forces traffic through our engine regardless of the agent's internal configuration.
  • eBPF-level Redirection: Moving from environment variable injection to kernel-level packet inspection to ensure 100% traffic capture.
  • Semantic Judge LLMs: Integrating a secondary, high-assurance model to perform semantic "intent audits" on intercepted traffic for high-risk applications.
  • Forensic Ledger: Every decision is persisted as a structured, timestamped event in an append-only transaction log, ensuring full accountability.
  • Cross-Cloud Ledger: Implementing a distributed, verifiable ledger across multiple clouds to ensure audit trails remain intact even during infrastructure failures.

Built With

Share this project:

Updates