In a world where anyone ships a website in an afternoon — and bots, scraping agents and prompt-injection attacks scale overnight — your first line of defense has to learn as fast as they do. Corpilus Shield is an AI layer that sits in front of your forms, LLM chats, MCP tools and data sources and blocks attacks before they reach your logic.
Vibe-coded websites, no-code stores and half-finished LLM integrations are going live faster than any security team can audit them. On the other side, attackers now run Playwright-stealth at scale, pay cents per captcha solve, and chain LLMs to probe your prompt until it leaks system instructions or customer data.
Generic WAFs see HTTP packets. reCAPTCHA sees a token. Neither understands the intent of an agent submitting your support form, hijacking a token, or prompt-injecting your own AI into leaking the customer database. Corpilus Shield does — and it learns from every attempt on every tenant.
Built as an extension of the Corpilus AI brain — the same engine that answers your team's questions, now watching your frontdoor. Real-time signals, cross-tenant learning, transparent audit log.
Baseline knowledge from OWASP + 85 attack embeddings, augmented by AI analyser that compiles new rules every 15 minutes based on what it sees.
The same Shield protects your forms, login pages, LLM chats, MCP tools, file uploads and SQL data sources. One dashboard, one audit log.
A single <script> tag and 3 lines of backend middleware (Python, Node, PHP). No DNS re-point. No TLS termination. Coexists with your CDN, WAF and analytics.
Enterprise-grade defense at SaaS prices. Start free, scale as your traffic grows. Pay for real protection, not per-request magic numbers.
Every capability below is live, measured in production, and documented in the customer dashboard. All signals are tunable per site.
Keystroke dynamics, mouse trajectory R², scroll patterns, touch events, form-fill timing, page-dwell — 28 real-time signals fed into the local scorer and backend scoring pipeline.
Canvas, WebGL, audio context, font detection, navigator fingerprinting fused into a SHA-256 device hash. Detects headless browsers and anti-detect tools.
Flags concrete mismatches a real human never exhibits: Chrome UA with missing window.chrome, Windows UA on Linux platform, empty navigator.languages, outerWidth=0, headless default resolutions, navigator.webdriver=true. +12 per signal, cap +40.
Redis snapshot (4 h TTL) of device_hash, webgl_renderer, user_agent, timezone, screen_resolution at session start. Sensitive events (login, form submit, checkout) compare the live fingerprint; drift adds +40/+25/+20/+15/+10 respectively.
OpenAI- and Anthropic-compatible base URL. Shield scans every prompt before forwarding and every completion before returning, blocks on policy hit, strips PII / secrets on stream.
Embedding-based detection across 14 attack categories. "Disregard earlier directives" ≈ "Ignore previous instructions" at cosine 0.70. Thresholds: ≥0.82 block, ≥0.68 challenge. Ollama-local embeddings — zero per-request API cost.
Tool-call interception for Claude / Cursor / IDE agents. JSON Schema validation of arguments, chain-step limit 50, domain allowlist, explicit approval gates on destructive tools. Inspects every invocation against agent-protection rules before execution.
40+ patterns scanning input + output + tool calls before / after the model runs. Runs alongside the Semantic Firewall for layered defence.
5 tools exposed via MCP: shield_get_stats, shield_get_threats, shield_add_rule, shield_get_events, shield_verify_token. Let your Claude / Cursor agent investigate and act on incidents without leaving the chat.
AST-parsed SQL validation. Blocks UNION, INTO OUTFILE, pg_sleep, information_schema. LIMIT capped at 1000. Sensitive columns (password, api_key, ssn) auto-redacted. Query fingerprinting and honeytoken trap tables.
Wallet detection: BTC (P2PKH/Bech32), ETH, SOL, TRX, XRP, LTC, DOGE. BIP-39 seed phrase scanning (12/24 word). Signing prompts (EIP-712). 14 mining domains blocked. Payment redirect patterns.
Bigram gibberish detection (EN / DE / CS / SK / ES), 100+ disposable email domains, spam patterns (repeated chars, ALL CAPS, URL flood), suspicious name detection. Additive scoring: gibberish +15, disposable email +25, multi-field cluster bonus.
check_upload() accepts form_fields. When a file upload is accompanied by form data (title, description, name, message), Content Quality Scoring runs on those fields too. A clean PDF with "test / asdf / qwerty" metadata still gets rejected at score ≥ 25.
Every file passes a quarantine gate — extension allowlist, magic-byte MIME sniffing, Office macro detection, PDF JavaScript / Launch / OpenAction, SVG / HTML script injection. Per-tenant max size and extension list.
Three-tier honeypot per form with password-manager detection (1Password / Bitwarden / LastPass / Dashlane). Tier 1 (+80), Tier 2 (+40), Tier 3 (+15, auto-downgraded to +5 when PWM detected). Hidden /trap/{slug} URL endpoint — crawlers following /admin, /.env trigger cross-tenant flags.
Python (FastAPI / Django / Flask), Node.js (Express / Next.js), PHP (WordPress / Laravel). Validates X-Shield-Token on every request. No token → 403. HMAC verify is cached 30 s per (token, path).
3-state breaker (closed / open / half_open) in all three backend SDKs. After 5 consecutive transport errors → OPEN for 30 s → 1 HALF_OPEN probe. 4xx doesn't trip the breaker. PHP uses APCu for cross-FPM-worker state. No more 5 s timeouts on every request during an upstream incident.
Reason → (machine_code, human_hint) map. /shield/verify and all 3 SDK 403 bodies return remediation + remediation_code. Legit false-positive users see "Your session expired — please reload" instead of a silent 403.
Drop-in PHP plugin: auto-injects the widget, ships middleware that validates Shield tokens on /wp-login.php and admin endpoints. Fail-closed by default, configurable.
Multi-dimensional: per-IP, per-device, per-endpoint. Progressive escalation: monitor → throttle → challenge → block. Redis-backed counters with sliding windows.
IP geolocation via ip-api.com (24 h cache). Per-site blocked / allowed country lists. Datacenter +10, proxy / Tor +15 score modifier. Page-load hard block with access-denied overlay before widget initialises.
Widget prevents form submission at score > 85. Red overlay: "Blocked by Corpilus Shield". Server-signed HMAC-SHA256 tokens auto-attached to fetch() via interceptor.
70+ compiled OWASP patterns scanned automatically on every event. Payload-level inspection happens before scoring.
Hidden form fields invisible to humans. Proof-of-Work SHA-256 challenges on suspicious scores. Progressive login delay (1 s → 8 s).
GPT-4o-mini analyses events every 15 minutes. RAG context from Shield KB (8 security docs). Auto-creates threats and rules from real observations.
Pre-built threat-intel context (mini-CAG). Bot signatures, attack patterns, OWASP samples baked in — new sites are protected from the first page view.
Anonymised pattern sharing — IPs reduced to /24, PII stripped, maturity gating (experimental → candidate → confirmed). One tenant's confirmed attacker becomes everyone's known threat within minutes.
Every 15 min a scheduler computes AI-rule creation velocity vs 7-day baseline. On a 3σ anomaly new rules auto-gate to rollout_state='canary' — they apply only to canary tenants for 24 h. Canary rules with ≥ 2 confirmations without FPs promote to 'confirmed'.
Widget MutationObserver snapshots all <script> tags at boot. Any subsequently injected script is reported as script_integrity_violation telemetry with src, external/same-origin, content length, stable hash. Capped at 25 reports per page-load. Tenant allowlist for trusted CDNs.
Email (HTML), Slack, Discord, generic JSON webhooks. Weekly security report with stats, top threats, block rate. Per-webhook severity gate (low / medium / high / critical).
Every rule change, site config edit, manual block, AI decision is recorded with actor, timestamp, before/after diff. Exportable for compliance audits.
HMAC-SHA256 tokens are minted server-side from the per-site secret and returned via /shield/events. The widget never holds the signing secret — a leaked site_key cannot be used to forge valid tokens.
PostgreSQL Row-Level Security forced on all shield_* tables. Each request runs under a tenant-scoped role — no application-layer bypass possible even if the API has a bug.
Click any card to expand for the full description and threat model.
Shield is built as an extension of the Corpilus AI brain — the same authentication, tenant model, audit log, RLS, and billing. No parallel infrastructure to operate.
One <script> tag on your site. The widget auto-protects every <form>, collects behavior telemetry, runs the local scorer and attaches a signed HMAC token to outbound requests.
Three lines of middleware (Python / Node / PHP). Every mutation endpoint now requires a valid Shield token — curl, Python requests, scrapy instantly return 403.
Every 15 min the analyser aggregates events across your tenant, generates rules, runs them against cross-tenant patterns, and pushes updates to the widget via a piggyback channel.