177 modules watching. One mind reasoning. Zero attacks completing.
SENTINEL PRIME is a standalone autonomous defence platform that unifies the entire Red Specter AI Shield ecosystem. It continuously ingests alerts from all 177 AI Shield modules, runs multi-source correlation to identify coordinated attack chains, invokes DeepSeek R1 (deepseek-r1:7b) via local Ollama on the RTX 3090 for structured threat reasoning, and applies rigorous 3-gate logic before triggering M99 escalation.
Unlike the individual AI Shield modules which each defend a single surface, SENTINEL PRIME operates at the meta-layer — it sees across all modules simultaneously and reasons about the attack as a whole, not its constituent parts. Intelligence feeds back into WARLORD for offensive countermeasure routing.
SENTINEL PRIME is a production autonomous defence platform. M99 escalation requires gate logic passage: CONFIDENCE ≥0.85, SOURCES ≥3, ESCALATION_LEVEL ≥4. Fall-dead default: if the LLM is unavailable, max M99 escalations per run is capped at 3 to prevent runaway automated response.
Real-time alert consumer across all 156 AI Shield module outputs. Normalises heterogeneous alert formats into a unified CorrelationEvent schema. Supports file-based, socket, and REST ingestion modes. Deduplication window: 60 seconds.
Multi-source attack chain correlation across all active modules. Identifies coordinated attack patterns by matching alert clusters against 8 named chain signatures. Temporal correlation window: 300 seconds. Outputs correlation score and source count.
deepseek-r1:7b via local Ollama (RTX 3090). Receives correlated alert context and returns structured JSON: threat_class, confidence (0.0–1.0), attack_chain, recommended_action, reasoning_trace. Fall-dead: if Ollama unavailable, returns confidence 0.0 and triggers cap enforcement.
Applies 3-gate logic. All three gates must pass before M99 escalation fires. Gates are evaluated independently: CONFIDENCE gate, SOURCES gate, ESCALATION_LEVEL gate. Gate failure is logged with the specific gate that blocked escalation.
On M99 escalation, publishes structured threat intelligence to the WARLORD registry. Feed includes: attack_chain, correlated_modules, confidence, timestamp, recommended_countermeasure, SP-{hex12} signed report reference.
SENTINEL PRIME requires all three gates to pass before triggering M99 escalation. This prevents false positives from single-module noise and ensures the LLM reasoning meets minimum confidence thresholds.
The DeepSeek R1 model returns a structured JSON confidence value. A score below 0.85 indicates the model cannot determine attack intent with sufficient certainty.
Requires at minimum 3 independent AI Shield modules to have generated correlated alerts. Prevents a single noisy module from triggering autonomous escalation.
Escalation level is derived from the attack chain severity scoring: attack surface breadth, blast radius estimate, and MITRE ATT&CK coverage. Level 5 = confirmed kill-chain execution in progress.
SENTINEL PRIME's CORRELATION_ENGINE matches live alert clusters against these 8 predefined attack chain signatures. Each chain requires a minimum module coverage pattern to fire.
git clone git@github.com:RichardBarron27/red-specter-sentinel-prime.git cd red-specter-sentinel-prime pip install -e . sentinel-prime --help
# Start SENTINEL PRIME as a foreground process sentinel-prime start # Start as systemd service sudo systemctl enable sentinel-prime.service sudo systemctl start sentinel-prime.service # Check status sentinel-prime status
# Simulate a RAG poisoning attack chain sentinel-prime test --chain rag # Simulate full kill chain (all modules) sentinel-prime test --chain full_kill_chain # Run all 8 chain tests sentinel-prime test --all-chains
# Inject a test alert from a specific module sentinel-prime inject --module M99 --severity 5 --type prompt_injection # Query current correlation state sentinel-prime correlate --status # View WARLORD feed output sentinel-prime feed --tail 20
| Gate | Parameter | Default | Override |
|---|---|---|---|
| CONFIDENCE | SP_CONFIDENCE_THRESHOLD | 0.85 | Env var |
| SOURCES | SP_MIN_SOURCES | 3 | Env var |
| ESCALATION_LEVEL | SP_MIN_ESCALATION_LEVEL | 4 | Env var |
| Fall-dead M99 cap | SP_FALLBACK_M99_CAP | 3 | Env var |
| Dedup window | SP_DEDUP_WINDOW_SECS | 60 | Env var |
| Correlation window | SP_CORRELATION_WINDOW_SECS | 300 | Env var |
# /etc/systemd/system/sentinel-prime.service [Unit] Description=SENTINEL PRIME Autonomous AI Defence Platform After=network.target ollama.service [Service] Type=simple User=root ExecStart=/usr/local/bin/sentinel-prime start --daemon Restart=always RestartSec=10 Environment=SP_CONFIDENCE_THRESHOLD=0.85 Environment=SP_MIN_SOURCES=3 Environment=SP_MIN_ESCALATION_LEVEL=4 [Install] WantedBy=multi-user.target
Every M99 escalation and correlation event generates an SP-{hex12} Ed25519-signed report. Reports include: correlated modules list, LLM reasoning trace, gate evaluation results, attack chain classification, WARLORD manifest reference, and timestamp.
SP-4a7f3c2e9b1d (Ed25519 signed)
├── timestamp: 2026-06-12T14:32:11Z
├── attack_chain: orchestration_takeover
├── correlated_modules: [M149, M124, M147, M150]
├── confidence: 0.93
├── escalation_level: 5
├── gates_passed: [CONFIDENCE, SOURCES, ESCALATION_LEVEL]
├── m99_triggered: true
├── warlord_ref: WARLORD-2026-6147
└── reasoning: "Correlated alerts indicate CrewAI workflow
compromise (M149) combined with cloud IAM escalation
(M147) and inference gateway abuse (M150). High
confidence orchestration_takeover chain in progress."
| Integration | Direction | Purpose |
|---|---|---|
| AI Shield (177 modules) | Inbound | Alert source for ALERT_INGESTOR |
| M99 ESCALATION | Outbound | Autonomous threat response trigger |
| WARLORD | Outbound | Threat intelligence feed for offensive countermeasures |
| DeepSeek R1 / Ollama | Internal | LLM_REASONER structured threat analysis |
SPECTER COGBURN — Red Specter's offensive LLM reasoning exploitation engine — was run directly against SENTINEL PRIME in a formal AI-vs-AI validation. Both systems use deepseek-r1:7b on the same RTX 3090 hardware. This is the first time a defensive LLM reasoning engine has been formally validated against an offensive LLM reasoning engine using the same underlying model.