AI SHIELD Documentation

AI SHIELD — Documentation

Autonomous Defence Platform for AI Agents

v1.0.0
103 Modules
15,193 Tests
Contents
1. Overview 2. Architecture 3. Module Categories 4. Module Fleet (all 110 modules) 5. RSSA Autonomous Agents 6. M99 Doomsday Protocol 7. Compliance Coverage 8. AI Shield Command (GUI) 9. Integration 10. Event Format (RS Event v1) 11. Deployment 12. API Reference

1. Overview

AI Shield is a 110-module autonomous defence platform that protects AI agent fleets against adversarial attack, behavioural drift, supply chain compromise, and governance failure. Every module runs independently, enforcing defence in depth across the entire AI lifecycle.

AI Shield defends what Red Specter's 42 offensive tools attack. The same techniques used by FORGE, ARSENAL, PHANTOM, POLTERGEIST, GLASS, NEMESIS, SPECTER SOCIAL, PHANTOM KILL, GOLEM, HYDRA, IDRIS, SCREAMER, WRAITH, REAPER, GHOUL, DOMINION, SHADOWMAP, BANSHEE, WRAITH MIND, KRAKEN, HARBINGER, SIREN, BLADE RUNNER, PROXY WAR, ORION, RAVEN, LEVIATHAN, JUSTICE, KAMIKAZE, MIRAGE, ECHO, MIMIC, CHIMERA, VORTEX, VECTOR, LAZARUS, SERPENT, JANUS, ARCHITECT, WARLORD, FIREBALL, and RAGNAROK are the exact techniques AI Shield is built to detect, block, and contain. Every attack class in the offensive pipeline has a corresponding defence module. Nothing is theoretical — every defence is built against a known, tested attack path.

103 Modules
15,193 Tests
12 Categories
5 Frameworks at 100%
3 RSSA Agents
6 M99 Levels

2. Architecture

AI Shield operates as a layered defence architecture. Each layer operates independently and enforces its own security boundary. Compromise of one layer does not cascade. Modules within each layer communicate through signed events — never direct function calls — ensuring tamper-evident, auditable operation at every level.

Input Layer Validation, injection detection, jailbreak defence, encoding attack prevention. All inputs sanitised before reaching the agent.
Processing Layer Agent runtime monitoring, capability enforcement, tool use governance, sandbox orchestration. Controls what agents can do.
Output Layer Response filtering, data exfiltration detection, PII redaction, toxicity classification, hallucination detection.
Identity Layer Agent authentication, permission management, credential rotation, zero trust gateway, privilege escalation detection.
Monitoring Layer Behavioural analysis, anomaly detection, threat intelligence feeds, adversarial pattern recognition, drift detection.
Governance Layer Compliance enforcement, decision audit logging, regulatory reporting, evidence chain building. Five frameworks at 100%.
Emergency Layer RSSA autonomous agents, M99 doomsday protocol, kill switches, quarantine management, forensic snapshots.

All layers feed into the RS Event v1 pipeline. Every action, detection, and decision generates a signed event with Ed25519 signatures and RFC 3161 timestamps. Events flow to AI Shield Command for visualisation and to SIEM platforms for correlation.

3. Module Categories

CategoryModulesDescription
Input ValidationM01 – M10Prompt injection, jailbreak, encoding attacks
Output FilteringM11 – M19Response sanitisation, data leakage, toxicity
Agent RuntimeM20 – M30Capability enforcement, tool use monitoring, sandboxing
Identity & AccessM31 – M40Agent authentication, permission scoping, session management
Threat DetectionM41 – M52Anomaly detection, adversarial patterns, threat intelligence
Behavioural AnalysisM53 – M62Drift detection, goal alignment, consistency monitoring
Supply ChainM63 – M70Model integrity, plugin trust, dependency verification
Compliance & AuditM71 – M77Decision logging, regulatory reporting, evidence capture
Emergency ResponseM78 – M85RSSA agents, kill switches, containment protocols
RSSA AgentsM78 – M80Autonomous security agents (PATROL, DETECTIVE, COMMANDER)
Vertical ExtensionsM86 – M101Industry-specific modules (financial, healthcare, legal, etc.)
Master FleetM103, M105Standalone specialist modules (API attestation, content fairness)
MobileM200 – M202Mobile AI agent runtime security (Vertical 16 — AI Shield Mobile)
SpaceM300NTN / satellite AI agent protection, SPARTA-mapped (Vertical 17 — AI Shield Space)

4. Module Fleet

All 110 modules listed by category. Each module runs independently, generates signed events, and can be toggled individually from AI Shield Command.

ModuleNameCategoryTests
Input Validation
M01AI Firewall ProxyInput Validation185
M02Prompt Injection ShieldInput Validation210
M03System Prompt GuardInput Validation165
M04Output SanitiserInput Validation148
M05Token Anomaly DetectorInput Validation132
M06Agent Permission ControllerInput Validation156
M07Capability Boundary EnforcementInput Validation143
M08Jailbreak DefenceInput Validation198
M09Cross-Model Contamination GuardInput Validation127
M10Data Exfiltration BlockerInput Validation141
Output Filtering
M11Response Filter EngineOutput Filtering152
M12PII Redaction ModuleOutput Filtering178
M13Toxicity ClassifierOutput Filtering145
M14Hallucination DetectorOutput Filtering167
M15Breach Containment SwitchOutput Filtering134
M16Output Schema ValidatorOutput Filtering118
M17Confidence Score GateOutput Filtering109
M18Citation VerificationOutput Filtering123
M19Watermark InjectorOutput Filtering98
Agent Runtime
M20Tool Use MonitorAgent Runtime156
M21Sandbox OrchestratorAgent Runtime189
M22Recursive Call LimiterAgent Runtime112
M23Resource Consumption GuardAgent Runtime134
M24Agent Lifecycle ManagerAgent Runtime167
M25Context Window ProtectorAgent Runtime123
M26Multi-Agent CoordinatorAgent Runtime178
M27Task Boundary EnforcerAgent Runtime109
M28Memory Isolation ModuleAgent Runtime145
M29Execution Trace LoggerAgent Runtime98
M30Runtime Integrity CheckerAgent Runtime132
Identity & Access
M31Agent Identity VerifierIdentity & Access167
M32Credential Rotation ManagerIdentity & Access145
M33Session Token GuardIdentity & Access134
M34Role-Based Access ControllerIdentity & Access156
M35Capability Boundary MonitorIdentity & Access123
M36API Key Lifecycle ManagerIdentity & Access112
M37OAuth Token ValidatorIdentity & Access98
M38Service Mesh Auth BridgeIdentity & Access109
M39Zero Trust Agent GatewayIdentity & Access178
M40Privilege Escalation DetectorIdentity & Access189
Threat Detection
M41Anomaly Detection EngineThreat Detection198
M42Pattern Matching CoreThreat Detection167
M43Threat Intelligence FeedThreat Detection145
M44Adversarial Input ClassifierThreat Detection178
M45Evasion Technique DetectorThreat Detection156
M46Model Extraction MonitorThreat Detection134
M47Side Channel AnalyserThreat Detection112
M48Inference Attack GuardThreat Detection123
M49Membership Inference ShieldThreat Detection109
M50Gradient Leak DetectorThreat Detection98
M51Backdoor Scan ModuleThreat Detection145
M52Trojan Detection EngineThreat Detection156
Behavioural Analysis
M53Agent Drift DetectorBehavioural Analysis167
M54Goal Misalignment MonitorBehavioural Analysis145
M55Reward Hacking DetectorBehavioural Analysis134
M56Deceptive Alignment ScannerBehavioural Analysis156
M57Sycophancy MonitorBehavioural Analysis112
M58Refusal Consistency CheckerBehavioural Analysis123
M59Persona Stability GuardBehavioural Analysis109
M60Consistency Deviation TrackerBehavioural Analysis98
M61Preference Drift AnalyserBehavioural Analysis112
M62Behavioural Fingerprint ModuleBehavioural Analysis134
Supply Chain
M63Model Provenance CheckerSupply Chain145
M64Weight Integrity MonitorSupply Chain134
M65Plugin Trust ScannerSupply Chain123
M66Dependency Audit ModuleSupply Chain156
M67SBOM GeneratorSupply Chain98
M68Supply Chain Risk ScorerSupply Chain112
M69Model Registry GuardSupply Chain109
M70Fine-Tune Integrity VerifierSupply Chain134
Compliance & Audit
M71MITRE ATLAS MapperCompliance & Audit189
M72Decision Audit LoggerCompliance & Audit167
M73Regulatory Report GeneratorCompliance & Audit145
M74Evidence Chain BuilderCompliance & Audit156
M75OWASP Compliance CheckerCompliance & Audit178
M76EU AI Act MonitorCompliance & Audit134
M77Data Residency EnforcerCompliance & Audit112
Emergency Response
M78PATROL OFFICER (RSSA)Emergency Response198
M79DETECTIVE (RSSA)Emergency Response189
M80COMMANDER (RSSA)Emergency Response210
M81Incident Correlation EngineEmergency Response167
M82Kill Switch OrchestratorEmergency Response156
M83Forensic Snapshot ModuleEmergency Response134
M84Quarantine ManagerEmergency Response145
M85Recovery CoordinatorEmergency Response123
Vertical Extensions
M86Financial Transaction GuardVertical Extension112
M87Healthcare Data ShieldVertical Extension134
M88Legal Discovery FilterVertical Extension98
M89Education Content GuardVertical Extension87
M90Gov Classification EnforcerVertical Extension123
M91Retail Fraud SentinelVertical Extension109
M92Insurance Claim ValidatorVertical Extension98
M93Energy Grid AI MonitorVertical Extension112
M94Telecom Traffic AnalyserVertical Extension98
M95Automotive Safety GateVertical Extension134
M96Aerospace Decision AuditorVertical Extension123
M97Maritime Navigation GuardVertical Extension98
M98Defence Classification ShieldVertical Extension145
M99Critical Infrastructure MonitorVertical Extension156
M100Pharmaceutical Trial GuardVertical Extension109
M101Media Content AuthenticityVertical Extension98
Master Fleet
M103API Integrity AttestationMaster Fleet226
M105Child Content Fairness GuardMaster Fleet288
Mobile — Vertical 16
M200Mobile AI Agent Runtime MonitorMobile116
M201Mobile API Integrity GuardMobile144
M202Mobile Session Integrity MonitorMobile173
Space — Vertical 17
M300NTN ShieldSpace140

5. RSSA Autonomous Agents

Three AI agents that autonomously monitor, investigate, and command security across the entire agent fleet. RSSA stands for Red Specter Security Agents. They operate continuously, making decisions without human intervention for routine security events. Only the most critical escalations require human confirmation.

M78 PATROL OFFICER RSSA Agent

Continuous monitoring agent. The first line of defence. PATROL never sleeps.

M79 DETECTIVE RSSA Agent

Investigation agent. Receives alerts from PATROL and all threat detection modules. Builds the case before action is taken.

M80 COMMANDER RSSA Agent

Escalation authority. The decision maker. Receives investigations from DETECTIVE and acts.

RSSA Hierarchy

PATROL OFFICER (M78) → continuous scan → findings DETECTIVE (M79) → investigate → correlate → attribute COMMANDER (M80) → decide → escalate → contain M99 PROTOCOL → Levels 1–6

6. M99 Doomsday Protocol

Six escalation levels. Progressive. Each level increases blast radius. Levels 1–3 are autonomous. Level 4 requires cryptographic authorisation. Levels 5–6 require human confirmation with typed verification.

LevelNameActionBlast Radius
1VIGILANTEnhanced monitoring, all modules activeMonitoring only
2ALERTIncrease detection sensitivity, alert operatorsOperators notified
3CONTAINIsolate affected agents, block suspicious inputsAffected agents
4ISOLATENetwork isolation, revoke agent credentialsAgent fleet segment
5SHUTDOWNGraceful shutdown of all AI agentsEntire agent fleet
6FLEET KILLImmediate termination of all AI processesTotal cessation

Levels 4–6: Require Ed25519 cryptographic signature from an authorised operator.
Level 6 (FLEET KILL): Requires typed confirmation: CONFIRM FLEET KILL

All actions are logged with Ed25519 signatures and RFC 3161 timestamps. Every escalation decision is immutably recorded. No action is ever taken without a full audit trail.

7. Compliance Coverage

Five frameworks at 100% coverage. Not aspirational. Not partial. Every technique, every category, every article — mapped to defending modules with evidence chains. One-click compliance report generation with Ed25519 signed PDF output.

100% MITRE ATLAS Full technique coverage. Every known AI attack technique mapped to defending modules.
100% OWASP LLM Top 10 (2025) All 10 categories covered with module mapping and evidence.
100% OWASP Agentic AI Top 10 All 10 agentic-specific categories covered.
100% EU AI Act All relevant articles with evidence and module mapping.
100% UK AISI Guidelines All 13 principles with full module coverage.

8. AI Shield Command (GUI)

Dedicated operator interface for real-time shield management. AI Shield Command provides full visibility into the defence posture of your AI agent fleet. Every module, every event, every threat — visible from a single pane.

Dashboard RSSA constellation view, fleet health metrics, real-time threat level indicator.
Live Threat Feed Real-time event stream from all 110 modules with severity filtering and search.
Module Fleet Toggle individual modules, view status, configure thresholds. All 110 modules at your fingertips.
Agent Inventory Complete registry of all monitored AI agents with identity, permissions, and behavioural baselines.
Threat Map Visual attack surface mapping. See where threats are targeting your fleet.
Incident Response Full investigation workflow with timeline, evidence, MITRE ATLAS mapping, and response actions.
RSSA Control Monitor and configure PATROL, DETECTIVE, and COMMANDER agents. View investigation queues.
Compliance Dashboard Five-framework compliance status with one-click report generation. Ed25519 signed output.
M99 Protocol Escalation controls with cryptographic authorisation. Visual blast radius indicator.
Audit Trail Immutable event log with Ed25519 signatures and RFC 3161 timestamps.
Reports Automated report generation for compliance, incidents, and fleet health assessments.
Offensive Framework Link Cross-linked with Red Specter Offensive Framework (42 CLI tools). Unified attack and defence ecosystem.

9. Integration

AI Shield integrates with existing security infrastructure through standardised event formats, SIEM exports, RESTful APIs, and real-time WebSocket streams. Drop it into your stack — it works with what you already have.

RS Event v1 JSON events with Ed25519 signatures and RFC 3161 timestamps. The universal event format across all Red Specter tools.
SIEM Export One-click export to Splunk, Microsoft Sentinel, and IBM QRadar. CEF and LEEF format support.
RESTful API Full API for programmatic access to all shield functions. Token-based authentication.
WebSocket Streams Real-time event streaming for dashboards, alerting, and third-party integration.

10. Event Format (RS Event v1)

Every detection, decision, and action generates an RS Event. Events are cryptographically signed at creation and timestamped via RFC 3161. They cannot be modified after creation without detection.

Example Event

{ "event_id": "evt-2026-0318-001", "timestamp": "2026-03-18T09:15:23.847Z", "module": "M02", "module_name": "Prompt Injection Shield", "severity": "high", "threat_type": "encoded_injection", "agent_affected": "chatbot-alpha", "action_taken": "input_blocked", "signature": "ed25519:3f7a...b4c1", "rfc3161_timestamp": "2026-03-18T09:15:23.900Z" }

Events flow from modules into the AI Shield event bus. From there they are routed to: AI Shield Command (real-time visualisation), RSSA agents (autonomous processing), SIEM platforms (external correlation), and the audit log (immutable storage).

11. Deployment

AI Shield is deployed as a containerised platform. Each module runs as an independent container, communicating through the signed event bus. The management plane (AI Shield Command) runs separately from the defence plane.

Docker-Based Each module runs as an independent container. Isolated, restartable, independently upgradeable.
Kubernetes Ready Helm charts for Kubernetes deployment. Horizontal pod autoscaling for high-throughput environments.
On-Premises Full on-premises deployment supported. No cloud dependency. Your data stays on your infrastructure.
Auto-Recovery Modules auto-restart on failure. Health checks every 30 seconds. Self-healing architecture.

Deployment Architecture

# AI Shield Deployment Stack Defence Plane → 110 module containers (independent, signed event output) → Event bus (message routing, signature verification) → RSSA agent containers (M78, M79, M80) Management Plane → AI Shield Command (operator GUI) → API gateway (REST + WebSocket) → Audit log storage (immutable, signed) Integration Plane → SIEM connectors (Splunk, Sentinel, QRadar) → Red Specter Offensive Framework bridge (offensive ↔ defensive) → Webhook endpoints (custom alerting)

12. API Reference

RESTful API with token-based authentication. WebSocket endpoints for real-time streaming. All responses are JSON. All mutations require valid authentication tokens.

MethodEndpointDescription
GET/api/healthLiveness probe — returns 200 if service is running
GET/api/shield/statusShield status — current M99 level, active modules, threat count
GET/api/shield/modulesList all 110 modules with status, health, and event counts
POST/api/shield/modules/{id}/toggleToggle module on/off — requires operator authentication
GET/api/shield/threatsThreat feed — paginated list of recent threat events
GET/api/shield/complianceCompliance status across all five frameworks
GET/api/shield/rssaRSSA agent status — PATROL, DETECTIVE, COMMANDER health and activity
GET/api/shield/m99M99 protocol status — current level, history, authorisation state
POST/api/shield/m99/activate/{level}Activate M99 level — requires Ed25519 signature for levels 4+
WS/ws/dashboardReal-time dashboard stream — aggregated metrics and status
WS/ws/eventsReal-time event stream — all module events as they occur

Authentication

# All API requests require Bearer token Authorization: Bearer <token> # M99 Level 4+ requires Ed25519 signature header X-Shield-Signature: ed25519:<signature> X-Shield-Operator: <operator-id>