Detection & Enforcement Layer for Intelligent Agents
The AI layer of your systems is unprotected.
DELIA observes, detects and responds inline to the data-borne attacks on your LLM, RAG and agentic applications, and exports the evidence to your SIEM in the open OCSF format. Sovereign, self-hostable and OpenTelemetry-native.

Four capabilities
Observe. Detect. Respond. Integrate.
The sensor, detection and response your AI layer is missing — without replacing your SOC, plugging into it.
Observe
OpenTelemetry traces (GenAI semconv) of every retrieval, model call, tool call and agent step. Open standard, no lock-in.
Detect
Data-borne threats: indirect prompt injection, RAG poisoning, exfiltration, excessive agency and loss of integrity. Mapped to OWASP LLM Top 10 and MITRE ATLAS.
Respond
Inline: sanitize, quarantine, block or gate, with configurable fail-safe. Plus out-of-band alerts.
Integrate
Normalizes findings to OCSF for your SIEM/SOAR. Every detection carries a reproducible evidence recipe.
Inline detection
What it watches, what it does
DELIA sits inline in the pipeline and intercepts every hop. It applies the response right where the attack happens, with a latency budget and configurable fail-safe.
User
prompt
Retrieval
RAG
Model
LLM
Tool
agent
Output
response
DELIA · inline firewall — observe · detect · respond at every hop
Indirect prompt injection
Sanitize or quarantine the chunk before the model uses it; block.
Corpus poisoning
Drop the source, alert and roll back the vector index.
Data exfiltration
Block the output and cut the channel (canary token + semantic DLP).
Excessive agency
Gating and human approval (Cedar scope-guard + in-kernel enforcement).
Deterministic rule on the hot path; ML and semantic judge on the cold path. Detectors are versionable plugins (microkernel) behind a stable port — the ML D4 (DistilBERT → ONNX) is swappable: combined recall 91%, 95% on unseen holdout.
A look inside
The evidence-plane console
Observability, findings, OCSF evidence and response for your AI layer — in a single console, sovereign and self-hostable. (Click to enlarge.)
Operations overview
The dashboard: intercepted, blocked, p95 latency and evidence, with Top OWASP-LLM and MITRE ATLAS live.
Findings
The detections feed: severity, detector, taxonomy, hop, action and source confidence.
Finding trace
Per-hop waterfall and span tree: where it was blocked and why, with reproducible OCSF evidence.
Scope-guard & approvals
Tool-call approval queue (Cedar): human-on-the-loop over the agent's agency (LLM06).
Red-team coverage
Attack → detection matrix by attack class and interception point, validated by KAIX HAVOC.
Assurance
Validated by KAIX HAVOC
Our offensive engine continuously attacks the protected pipeline — it seeds poisoned sources, injects instructions, attempts exfiltration and tool abuse — and every successful attack becomes a validated detection, with a reproducible recipe.
Closed red/blue loop. The defensive product (DELIA) is provably effective because our offensive engine measures it. Almost nobody does this.
The validation loop
Red attacks · blue learns
HAVOC attacksred
Poisons, injects, exfiltrates and abuses tools, nonstop.
DELIA detects and respondsblue
Inline and at the hop: sanitize, quarantine, block or gate.
Reproducible evidence
Every finding leaves its recipe and stays tamper-evident (OCSF).
Harden and repeat
Attack→detection coverage is measured and rises release over release.
Sovereign · self-hostable · air-gappable
Protect the AI layer you already run.
We'll show you on your own pipeline: what threats it intercepts, how it responds inline and what evidence it leaves for your SOC.