SOUF AI - Sub-millisecond LLM Governance

SOUF AI is a sub-millisecond LLM governance proxy that extends Veea's open-source Lobster Trap to close critical baseline gaps. Built solo from Tashkent for the TechEx Veea hackathon. THE PROBLEM Veea's Lobster Trap baseline blocks only 39.6% of in-distribution prompt injection attacks (F1=0.567). Modern jailbreaks, encoding obfuscation, and multilingual lookalikes slip through. Lakera Guard is SaaS-only (Cisco acq. May 2025). NeMo Guardrails requires custom Colang flows. Meta Prompt Guard 2 publishes 92.4ms per classification on A100 — 1,800× SOUF AI's CPU latency. WHAT SOUF AI DELIVERS - 5 benchmarks, all F1=1.000 across 231 adversarial prompts - 188 TP, 43 TN, 0 FP, 0 FN - Wilson 95% CI DENY [0.980, 1.000] - DPI latency: 0.051ms P50, 0.111ms P99 - 1,800× faster than Meta Prompt Guard 2 (92.4ms A100, per model card) - 17,553 req/s throughput on a single core - 16 PatternSets, 337 regex patterns - Built-in HIPAA + PCI-DSS vertical compliance packs (F1=1.000 each) - Ed25519-signed audit chain with SHA-256 Merkle tamper-evidence (7/7 property tests PASS) - 3 policy modes: Base, HIPAA, PCI-DSS - Defeats 4 encoding attack vectors: base64 meta-instructions, token-split obfuscation, fullwidth Unicode (NFKC), Cyrillic/Greek homoglyphs (54-codepoint confusable map) REPRODUCIBILITY One command runs all 5 benchmarks in under 5 seconds: python3 scripts/run_all_benchmarks.py. No GPU. No API key. No internet. MIT licensed, self-hosted, offline-capable. ECOSYSTEM SOUF AI is the governance core of a 4-product AI safety ecosystem: FORGE generates policies, CITADEL evaluates models, ATLAS routes agents. Same Ed25519 audit chain across all four. Lobster Trap is the floor. SOUF AI is the ceiling. Built solo by Sardor Razikov, Tashkent.