What it is: Hey everyone 👋

Over the past few weeks, I’ve been building something that started as a side project… and quickly turned into something much bigger.

👉 An open-source AI Security Posture Management (AI-SPM) system.

I kept running into the same uncomfortable realization:

We’re putting AI into production… without having any real control over what it does.

Not just infrastructure.

Not just APIs.

But:

what the model decides what it accesses what it returns

And honestly — that felt like a gap worth fixing.

🧠 What It Does (High Level)

The system sits in front of and around AI systems and enforces control in real time:

Blocks prompt injection Validates tool usage (no arbitrary API calls) Prevents data leakage (PII / secrets) Applies policies before and after model execution Streams everything for detection and audit

Think of it as:

A runtime control plane for AI systems

🏗️ Architecture (Quick Breakdown)

This is not just a wrapper — it’s a full pipeline:

Gateway layer (request control) Context inspection (prompt analysis) Policy engine (OPA-based decisions) Runtime enforcement (tool sandboxing) Streaming detection (Kafka + Flink) Output filtering (DLP / PII) Observability (full trace of decisions) ⚔️ What I Tested Against

I tried to break it using:

Prompt injection (“ignore previous instructions…”) Obfuscated attacks (base64, unicode tricks) Tool abuse scenarios Data exfiltration attempts

So far — it’s holding up surprisingly well.

🙏 Where I’d Love Help

This is where I’d really appreciate input from this community:

1. Architecture Feedback Does this approach make sense? Am I over-engineering parts of it? What would you simplify?

2. Security Gaps What attack vectors am I missing? Any known bypass techniques I should test?

3. Production Readiness What would block you from using something like this? What’s missing for enterprise adoption?

4. Contributors Welcome

If this space interests you (AI + security), I’d love collaborators.

Areas that need work:

Policy packs (OPA rules) UI improvements (currently basic) More attack simulations Performance tuning 💡 My Hypothesis

I believe we’re heading toward a world where:

Every AI system will need a security control layer like this

But I’d really like to pressure-test that idea.

🔗 Links GitHub: https://github.com/dshapi/AI-SPM 🙌

Final Ask

If you’ve built, broken, or deployed AI systems:

👉 What am I missing?

I’d genuinely appreciate any feedback — even brutal honesty.