End-to-end securityfor the .
Inline LLM guardrails today. Red-teaming and observability next. One platform for every prompt, agent, and tool call in your AI stack.
$pip install seenyxMIT licensed · Self-host or use hosted (early access)
Built for the teams shipping production LLMs
The new attack surface
LLMs introduced three classes of bugs your security stack never saw.
WAFs detect SQL injection. SAST catches buffer overflows. Neither was built for an attacker who writes English to a model that can call tools on your infrastructure.
Prompt injection
Users hijack your model with one paragraph.
Hidden instructions in user messages, RAG documents, or tool responses can override your system prompt — leaking data, bypassing safety, or impersonating staff.
Data exfiltration
Your secrets walk out in a markdown image.
Models can be tricked into encoding system prompts, API keys, or PII into URL parameters, code blocks, or paraphrased outputs that bypass naive content filters.
Tool & agent abuse
An agent calls send_email() — to the wrong address.
Once your model can take actions, every prompt is potentially privileged. One untrusted input can chain into wires transferred, mailboxes drained, or production state corrupted.
How Seenyx works
16 layers of defense, in one request.
Every prompt, RAG chunk, tool call, and model output flows through the same pipeline. Stages share context — later layers read what earlier ones wrote. No layer is bypassable.
Tag & sign
Every input gets a HMAC-signed provenance record: source, trust, lineage.
Provenance
Tag & sign
L0
Normalize
Canary
Canary scan
L1
SVM ensemble
L2
ML classifier
L2+
Cross-turn
L3
LLM judge
Combiner
Signal combine
Scoring
Trust-weighted
Tool risk
Tool constraints
Session
Peak + accumulation
Policy
ABAC engine
L5
Output scanner
Lineage
Update DAG
Audit
Hash-chain
Storage
Persist & emit
Operator-grade dashboard
A control plane your security team will actually open.
Six surfaces purpose-built for the workflows that matter: triage threats, govern policy, prove compliance.
Real-time
Watch every prompt, decision, and risk score as it happens.
Live SSE feed of every event flowing through your stack. Filter by action, source, or risk band. Deep-link an event to its full forensic trace.
- Sub-second SSE event stream
- Action, source, risk-band filters
- Deep-link to forensic trace
Policy as data
Edit your firewall rules in the browser. Roll back in one click.
Declarative ABAC with shadow mode, profiles, validation, and time-stamped history. Test rules in the playground before they ship.
- Drag-to-reorder priority
- Shadow / monitor / enforce per rule
- Time-stamped history with diff + restore
Tamper-evident audit
Hash-chained proof of every decision you can hand to an auditor.
Each event gets prev_hash → hash linkage. One altered byte breaks the chain. Export to W3C PROV-JSON for compliance e-discovery.
- Hash-chained JSONL ledger
- Full evidence: signals, rules, shadow matches
- W3C PROV-JSON export
Forensic lineage
See exactly where an attack came from — and where it was going.
Every event carries its provenance DAG: source, parents, fingerprints, trust path. Trust-matrix Sankey reveals systemic policy gaps at a glance.
- Per-event forensic trace
- Trust matrix Sankey visualization
- Time-window + filter chips
Deterministic detection
Drop a canary in your system prompt. Catch leaks with zero false positives.
Cryptographically random tokens injected into system context. If they ever appear in output, the leak is real — there's nothing to tune.
- Partial-match detection for truncation attacks
- Per-token revoke + lifecycle
- Auto-injected via /api/canaries/prompt
Paraphrase-tolerant
Catch leaked content even when the model rephrased it.
SimHash + MinHash signatures detect near-duplicate output. Register protected content once — Seenyx catches modified, summarized, or partial leaks at egress.
- 64-bit SimHash for near-duplicates
- MinHash for partial-reuse detection
- Templates for prompts, keys, PII, docs
From install to first block
One install. Three lines of code. Production-grade defense.
Drop Seenyx between your users and your model. No infrastructure to stand up, no embedding model to host, no SDK lock-in. Run it anywhere Python runs.
from seenyx import guard
# One line. Block injections, exfiltration, tool abuse.
result = guard(user_input, source_type="user")
if result.blocked:
raise ValueError(result.reason)
# Send the (now safe) input to your model
response = llm.complete(result.content)
Validate jailbreak payloads in the playground before they ship. See per-layer scores, matched rules, shadow-mode hits, and exact decision reasons.
Built for platforms
One firewall. Many customers. Zero blast radius.
If you're running Seenyx for many tenants, the platform side has to be as serious as the detection side. RBAC, scoped tokens, and per-tenant isolation come standard.
Three-role RBAC
Admin, editor, viewer. Editors author policy; viewers run incident triage; admins manage tenants and keys.
Per-tenant isolation
Separate session limits, rate budgets, and policy bundles per customer. One runaway LLM can't starve the others.
Scoped API keys
Issue keys with `guard:invoke` only — or `policy:read`, `lineage:read`, `admin:reload`. Tenant-bound by default.
Hot-reload config
Tune thresholds without redeploying. Per-tenant overrides for risk levels, tool scope, and detection backends.
Compliance & trust
Auditors want proof. Seenyx gives them a hash chain.
Every decision is signed, linked, and exportable. The same evidence powers your SOC dashboard during an incident and your compliance review next quarter.
Detection layers
Median overhead
Of decisions logged
False-positive canaries
“The hash-chained audit + provenance DAG is the difference between ‘we think we’re safe’ and ‘here’s the artifact, signed by us, proving exactly what happened.’”
Two ways to run Seenyx
Open source forever. Managed when you're ready.
The detection engine, dashboard, and audit ledger are MIT licensed. Self-host indefinitely — or hand it to us when scale and SLAs matter.
Self-hosted
Run Seenyx on your own infrastructure. The full firewall, forever free.
- All 16 detection layers
- Hash-chained audit log
- Visual policy editor
- Multi-tenant + RBAC
- Community support on GitHub
- Run anywhere Python runs
Hosted Seenyx
HostedManaged proxy, dashboard, multi-region. We run it. You ship.
- Everything in Self-hosted
- 99.99% SLA · global edge
- SSO / SAML / SCIM
- Dedicated detection backends (L3 included)
- Priority incident support
- Compliance evidence on demand
Have a regulated workload? We sell on-prem licenses with deployment support — talk to us.
Stop guessing if your LLM is safe.
Start proving it.
Install the firewall in 60 seconds. Block your first injection before lunch. Hand your auditor a hash chain by Friday.
$pip install seenyxNo credit card · Self-host or hosted (early access) · MIT licensed