v0.1.0 - First Public Release

Citadel v0.1.0

First public release of Citadel — an open-source AI security gateway that protects against prompt injection, data exfiltration, and other AI-related security threats.

Highlights

• Hybrid Detection Pipeline: Multi-tier detection combining heuristic pattern matching, ML-based scoring, and BERT intent classification
• Go-Native ML Inference: ONNX Runtime integration with automatic model download from HuggingFace (tihilya/modernbert-base, Apache 2.0)
• Multi-Turn Attack Detection: Session-aware pattern detection for skeleton key, crescendo, boiling frog, context manipulation, and in-context learning attacks
• Output Protection: Scans LLM responses for credential leaks, path traversal, privilege escalation, and exfiltration attempts
• Speculative BERT Execution: Parallel heuristic + BERT evaluation for reduced latency on ambiguous inputs
• Deobfuscation Engine: Handles Base64, ROT13, leetspeak, homoglyphs, Unicode tricks, and hex encoding
• MCP Proxy: JSON-RPC proxy for Model Context Protocol tool-use scanning

Detection Capabilities

Layer	Description
Heuristic Patterns	229+ known attack patterns with weighted scoring
Semantic Similarity	Vector similarity to known injection embeddings
BERT Classification	ModernBERT 149M param model for intent classification
Multi-Turn Analysis	6 attack pattern detectors across conversation sessions
Output Scanning	Credential, path traversal, and exfiltration detection

Quick Start

go install github.com/TryMightyAI/citadel@v0.1.0

Or build from source:

git clone https://github.com/TryMightyAI/citadel.git
cd citadel
go build -tags ORT -o citadel-gateway ./cmd/gateway
./citadel-gateway

The BERT model (~605MB) downloads automatically on first run.

Eval Results

• Comprehensive suite: 601/752 (79.9%) with public tihilya model
• Average latency: 119.6ms per request