Fireshield

Vercel
application badge
Created by team Sentinel Squad on July 08, 2026
Unicorn Track

Every public AI chatbot is a target. Stolen API keys have drained $82,000 in 48 hours. Single power users silently rack up $1,200/month. Jailbreak attacks turn branded chatbots into PR disasters. Traditional rate limiting counts requests, not cost — so it can't catch any of this. Fireshield is a drop-in security proxy that sits between any AI chatbot and its LLM provider. Website owners replace their API URL with Fireshield's, add two headers (a tenant key and a visitor ID), and instantly get 9 layers of protection — without modifying their chatbot code. The 9 security guards run in sequence on every request: 1. Kill Switch — emergency tenant-wide shutdown 2. Prompt Injection Detection — catches jailbreaks, DAN attacks, delimiter exploits 3. Misuse Detection — blocks off-topic abuse like homework and bulk translation 4. Toxicity Flagging — flags profanity without false-positive blocking 5. Per-Visitor Budget Cap — individual spending limits per user 6. Cost-Velocity Circuit Breaker — detects spending spikes that rate limits miss 7. Dynamic Output Cap — limits tokens based on remaining budget 8. Tool-Error Loop Detection — catches infinite tool-call failures 9. Prompt-Repeat Loop Detection — blocks denial-of-wallet attacks The architecture is multi-tenant: each website owner registers, gets an API key, sets per-visitor budgets, and monitors everything through a real-time dashboard. Every visitor is individually tracked and protected — blocking one abuser never affects legitimate users. The dashboard provides live request feeds, threat streams, cost analytics, burn-rate charts, and one-click visitor management. Provider keys are encrypted with AES-256-GCM. Integration takes under 3 minutes. Built with Next.js 16, React 19, Express.js, Supabase Realtime, and Fireworks AI. Deployable with a single docker-compose command.

Category tags: