Skip to content
AI Detection & Response · AI firewall
DELIA

Detection & Enforcement Layer for Intelligent Agents

The AI layer of your systems is unprotected.

DELIA observes, detects and responds inline to the data-borne attacks on your LLM, RAG and agentic applications, and exports the evidence to your SIEM in the open OCSF format. Sovereign, self-hostable and OpenTelemetry-native.

DELIA console — operations view

Four capabilities

Observe. Detect. Respond. Integrate.

The sensor, detection and response your AI layer is missing — without replacing your SOC, plugging into it.

Observe

OpenTelemetry traces (GenAI semconv) of every retrieval, model call, tool call and agent step. Open standard, no lock-in.

Detect

Data-borne threats: indirect prompt injection, RAG poisoning, exfiltration, excessive agency and loss of integrity. Mapped to OWASP LLM Top 10 and MITRE ATLAS.

Respond

Inline: sanitize, quarantine, block or gate, with configurable fail-safe. Plus out-of-band alerts.

Integrate

Normalizes findings to OCSF for your SIEM/SOAR. Every detection carries a reproducible evidence recipe.

Inline detection

What it watches, what it does

DELIA sits inline in the pipeline and intercepts every hop. It applies the response right where the attack happens, with a latency budget and configurable fail-safe.

User

prompt

Retrieval

RAG

Model

LLM

Tool

agent

Output

response

DELIA · inline firewall — observe · detect · respond at every hop

RetrievalLLM01

Indirect prompt injection

Sanitize or quarantine the chunk before the model uses it; block.

Ingestion · RAGLLM04

Corpus poisoning

Drop the source, alert and roll back the vector index.

OutputLLM02

Data exfiltration

Block the output and cut the channel (canary token + semantic DLP).

ToolLLM06

Excessive agency

Gating and human approval (Cedar scope-guard + in-kernel enforcement).

Deterministic rule on the hot path; ML and semantic judge on the cold path. Detectors are versionable plugins (microkernel) behind a stable port — the ML D4 (DistilBERT → ONNX) is swappable: combined recall 91%, 95% on unseen holdout.

A look inside

The evidence-plane console

Observability, findings, OCSF evidence and response for your AI layer — in a single console, sovereign and self-hostable. (Click to enlarge.)

Operations overview

The dashboard: intercepted, blocked, p95 latency and evidence, with Top OWASP-LLM and MITRE ATLAS live.

Findings

The detections feed: severity, detector, taxonomy, hop, action and source confidence.

Finding trace

Per-hop waterfall and span tree: where it was blocked and why, with reproducible OCSF evidence.

Scope-guard & approvals

Tool-call approval queue (Cedar): human-on-the-loop over the agent's agency (LLM06).

Red-team coverage

Attack → detection matrix by attack class and interception point, validated by KAIX HAVOC.

Assurance

Validated by KAIX HAVOC

Our offensive engine continuously attacks the protected pipeline — it seeds poisoned sources, injects instructions, attempts exfiltration and tool abuse — and every successful attack becomes a validated detection, with a reproducible recipe.

Closed red/blue loop. The defensive product (DELIA) is provably effective because our offensive engine measures it. Almost nobody does this.

The validation loop

Red attacks · blue learns

HAVOC attacksred

Poisons, injects, exfiltrates and abuses tools, nonstop.

DELIA detects and respondsblue

Inline and at the hop: sanitize, quarantine, block or gate.

Reproducible evidence

Every finding leaves its recipe and stays tamper-evident (OCSF).

Harden and repeat

Attack→detection coverage is measured and rises release over release.

Sovereign · self-hostable · air-gappable

Protect the AI layer you already run.

We'll show you on your own pipeline: what threats it intercepts, how it responds inline and what evidence it leaves for your SOC.