2026-05-08 –, Building D/room 2, Workshops and AI Security Village
One of the top concerns in the age of AI is cyber attacks, and one of the weak links in defense is AI itself. From prompt injections to agents -self organizing into botnets or far worse, we need some basic level of security for any AI workloads. And while we have seen a cohort of startups being acquired in the space through 2025, is the issue really solved? Does security for AI has to be yet another budget spend, or can we do better with open source and open standards? We will discuss an open source project, AIDR bastion, which was made inside our own SOC and released to the world, things which work and shortcomings. Goal of the talk is to discuss issues and possibilities.
AIDR bastion is an open source comprehensive GenAI protection system designed to safeguard against malicious prompts, injection attacks, and harmful content. Source code is available at GitHub: https://github.com/socprime/AIDR-Bastion
The system incorporates multiple detection engines that operate sequentially to analyze and classify user inputs before reaching GenAI applications.
- The system supports Roota and Sigma rules, enabling the application of detection logic from multiple sources such as SigmaHQ (around 1,200 compatible free community Sigma rules available at release), SOC Prime (with up to 3,000 additional compatible rules), and other third-party repositories. Sigma rules can be applied to detect use cases where malware leverages a local LLM to generate malicious code for execution.
- SOC Prime Uncoder AI integration further extends functionality by translating Sigma rules into Semgrep format, providing standardized and reusable detection pipelines (requires a free account).
- Roota rules power the regex-based pipeline.
- The architecture supports rule extensibility, seamlessly integrating organization-specific signatures and external detection content.
- The system can also function as a local logging sensor, recording user and agent prompts and enabling diagnostics, incident discovery, and cyber attack investigation.
- Detection logic aligns with industry frameworks such as MITRE ATLAS and OWASP Top 10 for LLMs, ensuring standardized coverage against adversarial techniques.
- Actions include allow, block, or notify, depending on rule matches and policy configuration.
- This layered detection approach delivers defense-in-depth against evolving adversarial prompt engineering and other AI-focused attack vectors. Inspired by LlamaFirewall.
I am a successful entrepreneur with cyber security, hardware and AI as my hobbies and work specialties. Did my first blue team cyber gig in 2001, founded SOC Prime in 2014 together with Alex and Ruslan, which we've built from a small rented apartment in Kyiv to venture backed profitable company which operates across 4 continents, who's products and content are used by over 11,000 organisations. In cyber domain I am specializing in threat detection, sigma rules, MITRE ATT&CK, detection engineering and cyber threat intelligence, with a goal to build better tools for people who work in same niche. I consider two most successful contributions to such community projects Uncoder and DetectFlow which both can be found on GitHub.