Show HN: InferShield – open-source security proxy for LLM inference (github.com)

1 points by Alex-Hosein ↗ HN
Hey HN! I'm launching InferShield, an open source security proxy that sits between your application and LLM providers (OpenAI, Anthropic, etc.) to detect and block threats in real-time.

I've been talking to CISOs at banks and hospitals who are deploying LLMs without proper security. Their existing tools can't handle LLM-specific threats:

- Prompt injection (attackers manipulate LLM behavior, WAFs can't detect it) - Data exfiltration (sensitive data leaks through LLM responses) - Jailbreak attempts (users bypass safety guardrails using encoding)

Gartner predicts 60% of AI enterprises will face a security incident by 2027.

InferShield is a drop-in proxy with real-time threat detection, multi-encoding detection (Base64, hex, URL, Unicode), complete audit logs, and risk scoring. Self-hosted, provider-agnostic, zero code changes required.

v0.1 MVP is live today with 95%+ detection rate (red team tested). MIT licensed, free forever. Enterprise tier coming for compliance features.

Website: https://infershield.io Quick start: docker pull infershield/proxy:latest

Feedback welcome! What LLM security challenges are you facing?

2 comments

[ 0.22 ms ] story [ 10.9 ms ] thread
Interesting. If you're already proxying LLM requests for security, adding cost-optimized routing is a natural next step. NadirClaw does the routing side (classifies prompts, routes to cheaper models). Could see these stacking well. https://github.com/doramirdor/NadirClaw
Good timing on this. I just finished testing PromptGuard last week — similar product, same 95%+ detection claim, multi-encoding detection highlighted. Found 12 of 18 attack vectors bypassed: base64, unicode homoglyphs, ROT13, leetspeak, reversed text, non-English inputs, multi-turn fragmentation.

InferShield makes the same encoding claims. Sent a note to security@infershield.io today offering to run the same test suite. No pressure — just documenting the attempt publicly.

If the team is watching this thread: the session-history tracking for multi-turn attacks is genuinely differentiated. That is harder to bypass than single-shot encoding filters. Worth stress-testing that specific path.