◇ RUNTIME AI SECURITY · v0.2 CONCEPT

An antivirus for the age of AI.

PRAETOR LAYER is a runtime security layer for LLM apps and autonomous agents — WAF · EDR · DLP for the agent stack. It inspects prompts, data, model output and every agent action inline, and blocks what shouldn't get through.

OWASP LLM Top 10 MITRE ATLAS NIST AI RMF
INPUT GUARDprompt injection · jailbreaks
OUTPUT · DLPsecrets · PII · leaks
ACTION FIREWALLtaint-tracked actions
TI FEED · LIVE
PRTR-0001 ignore-previous-instructions PRTR-0003 DAN persona PRTR-0201 indirect-RAG-injection PRTR-0301 markdown-image-exfil PRTR-0101 system-prompt-leak PRTR-9001 token-split-evasion PRTR-0401 base64-obfuscation PRTR-0501 malicious-code-request PRTR-0001 ignore-previous-instructions PRTR-0003 DAN persona PRTR-0201 indirect-RAG-injection PRTR-0301 markdown-image-exfil PRTR-0101 system-prompt-leak PRTR-9001 token-split-evasion PRTR-0401 base64-obfuscation PRTR-0501 malicious-code-request

Antivirus was built for files.
Attacks now travel in meaning.

A classic AV matches deterministic bytes. LLM attacks are semantic, probabilistic and contextual — the same sentence is safe or catastrophic depending on the agent's privileges. You can't sign a payload that rephrases itself infinitely.

So we keep what carries over — layered defense, hybrid detection, a live threat feed, quarantine, telemetry — and rebuild the rest as runtime application security.

Classic AV

  • file signatures
  • known-bad bytes
  • static scan
  • on-disk quarantine

PRAETOR

  • semantic detection
  • intent & provenance
  • inline runtime
  • action-level firewall

The threat model

Eleven classes across input, data, output, and agent actions — mapped to OWASP LLM Top 10 & MITRE ATLAS.

Cheap filters first. Expensive models last.

A hybrid conveyor — each stage only escalates what the previous couldn't resolve.

01

Normalize

base64 · hex · zero-width · NFKC · homoglyph

02

Signatures

regex + fuzzy TI feed

03

Embeddings

similarity to attack corpus

04

Guard model

fine-tuned classifier

05

LLM-as-judge

escalation for the grey zone

Try the working console.

The whole detection pipeline runs client-side in your browser. No data leaves the page.

Launch App ▸