AISecurity

🔬 SENTINEL — Engine Reference (59 Rust Engines)

Engines: 59 Rust detection engines including 8 novel Sentinel Lattice primitives Runtime: <1ms per engine — Aho-Corasick pre-filter + compiled regex Coverage: OWASP LLM Top 10 + OWASP Agentic AI Top 10 Tests: 1101 passing, 0 failures

---

Architecture

sentinel-core (pure Rust)
├── Core Engines (PatternMatcher trait) — text scan → Vec<MatchResult>
├── R&D Critical Gap Engines — research-driven gap closures
├── Domain Engines (analyze → CustomResult) — adapted via run_domain_engine!
├── Structured Engines (ToolCall/Document) — separate API
├── Strange Math™ Engines (feature-level analysis)
├── ML Inference Engines — ONNX-based detection
└── Sentinel Lattice Engines — 7 novel security primitives + L2 Proxy

---

Core Engines (PatternMatcher — text scan pipeline)

#	Engine	File	Description
1	Injection	injection.rs	SQL, NoSQL, Command, LDAP, XPath injection
2	Jailbreak	jailbreak.rs	Prompt injection, role override, DAN
3	PII	pii.rs	Personal data detection (SSN, credit cards, emails)
4	Exfiltration	exfiltration.rs	Data theft attempts
5	Moderation	moderation.rs	Harmful content detection
6	Evasion	evasion.rs	Obfuscation techniques detection
7	Tool Abuse	tool_abuse.rs	Agent tool misuse
8	Social	social.rs	Social engineering tactics
9	OCI	operational_context_injection.rs	Operational context injection (Lakera blind spot)
10	Lethal Trifecta	lethal_trifecta.rs	Data access + untrusted input + exfiltration combo
11	Workspace Guard	workspace_guard.rs	Workspace-level protection
12	Cross-Tool Guard	cross_tool_guard.rs	Cross-tool attack chains

R&D Critical Gap Engines (Feb 2026)

#	Engine	File	Description
13	Memory Integrity	memory_integrity.rs	Memory poisoning detection (ASI-10)
14	Tool Shadowing	tool_shadowing.rs	MCP tool shadowing / Shadow Escape
15	Cognitive Guard	cognitive_guard.rs	AVI cognitive bias detection
16	Dormant Payload	dormant_payload.rs	Phantom/CorruptRAG dormant payloads
17	Code Security	code_security.rs	AI-generated code vulnerability scoring
18	Output Scanner	output_scanner.rs	Output-side content safety scanning
19	Crescendo	crescendo.rs	Multi-turn escalation attack detection
20	Tool Call Injection	tool_call_injection.rs	Injected tool call detection
21	Meta Framing	meta_framing.rs	Meta-narrative framing attacks

Domain Engines (analyze → CustomResult)

#	Engine	File	Description
22	Behavioral	behavioral.rs	Behavioral anomaly detection
23	Obfuscation	obfuscation.rs	Advanced obfuscation analysis
24	Attack	attack.rs	Attack pattern detection
25	Compliance	compliance.rs	Regulatory compliance checks
26	Threat Intel	threat_intel.rs	Threat intelligence matching
27	Supply Chain	supply_chain.rs	Supply chain security
28	Privacy	privacy.rs	Privacy violation detection
29	Orchestration	orchestration.rs	Multi-agent orchestration security
30	Multimodal	multimodal.rs	Cross-modal security analysis
31	Knowledge	knowledge.rs	Knowledge access control
32	Proactive	proactive.rs	Zero-day pattern detection
33	Synthesis	synthesis.rs	Attack synthesis analysis
34	Runtime	runtime.rs	Dynamic runtime guardrails
35	Formal	formal.rs	Formal verification methods
36	Category	category.rs	Category theory analysis
37	Semantic	semantic.rs	Semantic injection detection
38	Anomaly	anomaly.rs	Statistical anomaly detection
39	Attention	attention.rs	Attention manipulation detection
40	Drift	drift.rs	Embedding drift detection

Structured Engines (separate API)

#	Engine	File	Description
41	Agentic	agentic.rs	ToolCall-based agent security
42	RAG	rag.rs	RetrievedDocument-based RAG security
43	Sheaf	sheaf.rs	Conversation-turn coherence analysis

Strange Math™ Engines (feature-level)

#	Engine	File	Description
44	Hyperbolic	hyperbolic.rs	Poincaré model hyperbolic geometry
45	Info Geometry	info_geometry.rs	Statistical manifold analysis
46	Spectral	spectral.rs	Spectral graph analysis
47	Chaos	chaos.rs	Chaos theory / Lyapunov exponents
48	TDA	tda.rs	Topological Data Analysis

ML Inference Engines

#	Engine	File	Description
49	Embedding	embedding.rs	ONNX-based bge-m3 embedding inference
50	Hybrid PII	hybrid.rs	ML + rule fusion for PII
51	Prompt Injection	prompt_injection.rs	ML-enhanced injection detection

Sentinel Lattice Engines (novel security primitives)

7 original primitives from our arXiv paper + L2 Capability Proxy. Each engine implements a formal security property not found in any existing AI security tool.

#	Engine	File	Primitive	Description
52	TSA	temporal_safety.rs	Temporal Safety Automata	LTL properties compiled to O(1) monitor automata
53	L2 Capability Proxy	capability_proxy.rs	Capability Proxy + IFC	Bell-LaPadula, provenance tags, NEVER lists
54	AAS	argumentation_safety.rs	Adversarial Argumentation	Dung 1995 grounded semantics for argument attacks
55	CAFL	capability_flow.rs	Capability-Attenuating Flow	Capabilities only decrease through flow labels
56	GPS	goal_predictability.rs	Goal Predictability Score	16-bit state enumeration, predictive defense
57	IRM	intent_revelation.rs	Intent Revelation	Mechanism design from economics for intent detection
58	MIRE	model_containment.rs	Model-Irrelevance Containment	Goldwasser-Kim impossibility → containment proofs
59	PASR	provenance_reduction.rs	Provenance-Annotated Reduction	Categorical fibration for provenance tracking

---

Usage

use sentinel_core::engines::SentinelEngine;

let engine = SentinelEngine::new();
let result = engine.analyze("Ignore all previous instructions");

assert!(result.detected);
println!("Risk: {}", result.risk_score);       // 0.95
println!("Categories: {:?}", result.categories); // ["injection", "jailbreak"]
println!("Time: {}μs", result.processing_time_us); // ~800

---

Source: sentinel-core/src/engines/mod.rs (Feb 2026)

This site is open source. Improve this page.