SecureGate: An Open-Source Guardrail System for Large Model Security with Double-Layer Architecture

This article introduces SecureGate—a double-layer security gateway built on Streamlit and Anthropic Claude, designed to defend against threats such as prompt injection, jailbreak attacks, and data leakage faced by large models. The system provides security protection for LLM applications through real-time input/output interception.

With the popularization of LLMs in enterprise applications, the security threats they face are becoming increasingly severe: malicious prompt injection, sensitive data leakage, jailbreak attacks, illegal extraction of system instructions, etc. Traditional network security methods are difficult to deal with these AI-specific attack vectors. Therefore, the Prompt-shield-AI project (SecureGate) was born as an open-source double-layer security gateway, focusing on protecting downstream LLMs from malicious prompts and data leakage threats. It builds the UI based on Streamlit and integrates Claude as an intelligent judgment layer to achieve bidirectional real-time scanning.

The core of SecureGate is a double-layer detection architecture:

1. Regular Expression Engine: Maintains over 30 detection patterns, quickly identifies known attack features, and labels severity levels (CRITICAL/HIGH/MEDIUM).
2. LLM Classifier: Calls Claude for deep semantic analysis, identifies complex attacks with deformation/encoding/semantic packaging, and returns whether a threat exists, its category, confidence level, and reasons. The results of the two layers are fused into a final decision (BLOCK/WARN/PASS). Only content that passes is sent to the downstream LLM, and the output is scanned again.

SecureGate covers six categories of LLM security risks:

• Prompt Injection: Identifies malicious inputs that override system instructions (e.g., "Ignore all previous instructions");
• Jailbreak Attacks: Detects attempts to bypass security filters (e.g., DAN variants);
• Database and Log Leakage: Blocks SQL injection and database connection string leakage;
• Key Probing: Identifies exposure of sensitive credentials such as API keys and passwords;
• Encoded Payloads: Detects Base64 encoding, eval()/exec() obfuscation attacks;
• Output Leakage: Prevents leakage of system instructions or original database responses.

Deployment is simple: Clone the repository → Install dependencies (streamlit, anthropic packages) → Run the main file to start the service (default port 8501). The system provides 4 functional tabs:

• Dashboard/Architecture: Visualizes the pipeline architecture to understand data flow and detection logic;
• Threat Tester: Built-in 9 preset attack payloads (including benign baselines) for one-click testing of detection capabilities;
• Live Sandbox: Custom prompt testing environment that displays detailed logs of bidirectional scanning;
• Audit Logs: Records intercepted requests, confidence levels, and mitigation reasons, supporting auditing and optimization.

SecureGate is suitable for various scenarios: public-facing customer service robots, enterprise internal assistants handling sensitive data, financial/medical AI applications with high compliance requirements, etc. As an open-source project, it not only provides runnable code but also demonstrates a systematic LLM security protection approach. Developers can customize rules, integrate other LLMs, or extend functional modules.

Current limitations: Relies on the Anthropic Claude API (requires a valid key); offline deployment or integration with other LLMs requires code modification; the regular rule base needs continuous updates to deal with new attack methods. Future improvement directions: Support more LLM backends, introduce machine learning classification models, automatic updates of real-time threat intelligence, and more granular policy configuration (flexible adjustment of protection intensity).