Skip to main content
SANDWORMSECURITY

Sandworm AI Security

AI and LLM security — prompt/output scanning, jailbreak defense, and an agent firewall.

What is Sandworm AI Security?

Sandworm AI Security is an AI and LLM security platform that sits between your application and its underlying language model to scan prompts and responses in real time, detect jailbreak attempts, enforce agent tool-call policies, and maintain an AI Bill of Materials (AI-BOM) for governance. It is designed for engineering and security teams building or operating AI-powered products who need visibility and control over what enters and exits their models without modifying model weights or inference infrastructure.

  • Proxy mode forwards requests to your LLM provider transparently — change a single API base URL in your application.
  • The agent firewall enforces allow/deny policies on tool calls made by AI agents, preventing unexpected side effects before they happen.
  • AI-BOM tracks all models in use, their versions, data lineage, and intended use to support AI governance and compliance requirements.

Connect your AI workloads

Sandworm AI Security sits between your application and your LLM provider as a proxy or via SDK instrumentation. No model access is required — it inspects the wire format.

  • Proxy mode: point your application's LLM API base URL at the Sandworm AI Security gateway endpoint; it forwards requests transparently.
  • SDK instrumentation: use the Sandworm AI Security client wrapper (Python/TypeScript) to wrap your existing Anthropic or OpenAI SDK calls.
  • Agent firewall: for AI agent pipelines, register your agent's tool definitions so Sandworm AI Security can enforce tool-call policies.
  • AI-BOM: provide your model identifiers and deployment details to generate an AI Bill of Materials entry.
  1. 1
    Configure proxy mode or SDK instrumentation.

    Change your application's LLM API base URL to point at the Sandworm AI Security gateway, or wrap your Anthropic/OpenAI SDK calls with the Sandworm AI Security client library.

  2. 2
    Set a scanning policy.

    Navigate to Sandworm AI Security → Policies → New Policy. Define which content categories to block in prompts and outputs, and set the action (block, redact, alert, or log-only).

  3. 3
    Register your agent tool definitions.

    If you operate AI agents, paste your tool schema in Sandworm AI Security → Agent Firewall → Register Tools. Define which tools are allowed, restricted, or require confirmation.

Sandworm never writes to your environment. All integrations use the minimum read-only permissions required.

Key concepts

Sandworm AI Security provides AI/LLM security: real-time prompt and output scanning, jailbreak detection, agent firewall policy enforcement, and an AI-BOM for compliance.

  • Prompt scanning: analyses incoming prompts for injection attempts, sensitive data, and policy violations before they reach the model.
  • Output scanning: analyses model responses for harmful content, data leakage, and policy violations before they reach the user.
  • Jailbreak detection: classifier-based detection of prompt patterns designed to bypass model safety guidelines.
  • Agent firewall: enforces allow/deny policies on tool calls made by AI agents — prevents unexpected side effects.
  • AI-BOM: inventory of all AI models in use, their versions, data lineage, and intended use — supports AI governance requirements.

Scanning your first prompt

After configuring proxy mode or SDK instrumentation, Sandworm AI Security begins logging and scanning traffic automatically. Navigate to Sandworm AI Security → Activity to see inspected requests and any policy violations.

  • The Policy editor (Sandworm AI Security → Policies) lets you define custom rules — block specific topics, require output disclaimers, or rate-limit per user.
  • Violations generate alerts that can route to Elm for investigation.
  • The AI-BOM tab shows a live inventory of models in use across your organisation's AI applications.

Integrations

Sandworm AI Security connects to LLM providers and AI frameworks in proxy or SDK-instrumentation mode, and shares security events with the broader Sandworm platform.

  • LLM providers: Anthropic Claude, OpenAI GPT-4/o, Azure OpenAI Service — proxy mode is provider-agnostic.
  • AI frameworks: LangChain, LlamaIndex (Python/TypeScript SDK wrappers available).
  • Elm (SOAR): policy violations can auto-create Elm cases for security review of AI behaviour anomalies.
  • Sandworm SIEM: prompt and output violation events forwarded in OCSF format for correlation with other security signals.
  • Sandworm SCA (supply-chain): AI-BOM entries from Sandworm AI Security are included in Sandworm SCA's overall software inventory for governance reporting.
  • Trust Portal: AI-BOM attestations surface on the public attestation index to demonstrate responsible AI governance.

API and CLI

Manage Sandworm AI Security policies and review scan results via the sandworm CLI or REST API.

  • `sandworm muaddib activity list --violations-only` — list recent policy violations.
  • `sandworm muaddib policies list` — list active scanning policies.
  • `sandworm muaddib ai-bom list` — list AI-BOM entries.
  • REST API: see the OpenAPI spec at /api/muaddib/openapi.json on your deployment.
bash
sandworm muaddib activity list --violations-only --format table
Book a demo← Back to Sandworm AI Security
Sandworm Security — One security platform, AI in every tool