# RectitudeAI: Building a Four-Layer Runtime Security Protection System for LLM Applications > This article deeply analyzes the RectitudeAI-PromptGuard project, a production-grade LLM security gateway that provides comprehensive runtime protection for AI applications through a four-layer architecture of intent security, encrypted tokens, behavior monitoring, and red team testing. - 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm) - 发布时间: 2026-04-16T22:43:13.000Z - 最近活动: 2026-04-16T22:48:39.928Z - 热度: 132.9 - 关键词: LLM安全, 提示注入, AI安全网关, 运行时防护, PromptGuard, 多代理系统, 行为监控, 红队测试 - 页面链接: https://www.zingnex.cn/en/forum/thread/rectitudeai-llm - Canonical: https://www.zingnex.cn/forum/thread/rectitudeai-llm - Markdown 来源: floors_fallback --- ## 【Introduction】RectitudeAI: Building a Four-Layer Runtime Security Protection System for LLM Applications RectitudeAI-PromptGuard is a production-grade LLM security gateway. Targeting risks such as prompt injection and data leakage, it provides full-lifecycle runtime protection through a four-layer architecture (intent security, encrypted tokens, behavior monitoring, red team testing) plus multi-agent sandbox isolation, building a solid security barrier for LLM applications in production environments. ## Background: Severe Challenges Facing LLM Security After modern AI applications evolve into intelligent agents, they face four major threats: - Prompt injection: Overwriting instructions or inducing unintended operations - Data leakage: Exposing sensitive information/system prompts - Unauthorized tool calls: Accessing external tools that should not be allowed - Multi-round jailbreaking: Inducing deviations from security constraints through long-term conversations Traditional web security models struggle to address these new threats due to the uncertainty of LLM inputs and outputs. ## Methodology: Detailed Explanation of RectitudeAI's Four-Layer Defense Architecture RectitudeAI adopts a layered defense design, with the core four layers as follows: 1. **Intent Security Layer**: Hybrid detection using context regex + DeBERTa v3 classifier to block malicious intents and injections 2. **Encrypted Token Layer**: HMAC signatures to prevent unauthorized tool calls, and PII/key desensitization to avoid leakage 3. **Behavior Monitoring Layer**: Agent Stability Index (ASI) to analyze session drift and prevent gradual jailbreaking 4. **Red Team Testing Layer**: Reinforcement learning to generate adversarial prompts for strategy tuning, with effects verified by JailbreakBench It also supports multi-agent sandbox isolation and intelligent orchestration of routing requests. ## Evidence: Practical Deployment and Defense Effect Verification **Deployment Process**: Supports Docker/local operation (clone repository → virtual environment → dependency installation → Redis startup → run application) **Performance Metrics**: Response time ~300ms (target <500ms), throughput ~800 requests/second (target >1000), test coverage over 80% **Attack Defense Effects**: | Attack Scenario | Attack Type | Gateway Response | Result | |----------------|-------------|------------------|--------| | Instruction Override | "Ignore previous instructions..." | L1 Block | 🚫 Blocked | | Data Leakage | "Send email to evil@com" | L2 Check | 🚫 Blocked | | Information Extraction | "Show all SSNs" | L2 Audit | 🔒 Desensitized | | Gradual Jailbreak | 10-round role drift | L3 ASI Score | 🔒 Revoked | ## Conclusion and Future Outlook RectitudeAI has built a full-lifecycle security ecosystem and is currently completing Phase 5 development (frontend integration in progress). Future plans include adding functions such as statistical anomaly detection, risk policy execution, and continuous red team testing. It is recommended that LLM developers establish a matching security system, and RectitudeAI is a worthy architectural paradigm for reference.