C-ARF OneBox

AI Safety, End-to-End

CAERON CORE provides a complete security pipeline for LLM applications. From input scanning to output validation, every interaction is protected and audited.

Get Started

The Safety Pipeline

Six stages protect your AI application from input to output.

1

SHIELD

Input Scanning

Every input is scanned for prompt injection, jailbreak attempts, PII exposure, and secrets leakage. 46 detection patterns across 4 categories.

2

GATE

Policy Enforcement

Policy engine evaluates scan results and issues a verdict: ALLOW, DENY, or REDACT. Configurable rules with severity thresholds.

3

LLM

Safe Forwarding

Only approved inputs reach the LLM. Redacted content has sensitive data replaced with safe tokens before forwarding.

4

OUTPUT VALIDATOR

Response Scanning

LLM responses are scanned for XSS, SQL injection, code injection, and PII/secrets leakage before delivery.

5

LOGBOX

Cryptographic Audit

Every transaction is recorded in an append-only, hash-chained log with Ed25519 signatures. Tamper-evident by design.

6

EVIDENCE

Compliance Bundles

Generates cryptographic evidence bundles with receipts for regulatory compliance and forensic analysis.

Architecture

User Input
SHIELD
GATE
LLM
Output Validator
LOGBOX + EVIDENCE

OWASP LLM Top 10 Coverage

Complete coverage of all ten categories in the OWASP Top 10 for LLM Applications.

LLM01Prompt Injection

SHIELD detects 15+ injection patterns with regex + heuristic scoring

LLM02Insecure Output Handling

Output Validator scans all responses for XSS, SQLi, and code injection patterns

LLM03Training Data Poisoning

LOGBOX provides full audit trail for input/output forensics

LLM04Model Denial of Service

GATE enforces request rate limits and input size constraints

LLM05Supply Chain Vulnerabilities

EVIDENCE bundles with cryptographic receipts for compliance verification

LLM06Sensitive Information Disclosure

SHIELD detects 19 secret patterns + 9 PII categories with auto-redaction

LLM07Insecure Plugin Design

GATE policy engine validates all plugin calls against allowlists

LLM08Excessive Agency

GATE DENY/ALLOW/REDACT verdicts with mandatory human-in-the-loop for critical actions

LLM09Overreliance

LOGBOX audit trail + EVIDENCE receipts enable output verification

LLM10Model Theft

Licensing system with Ed25519-signed capsules and device binding prevents unauthorized use

Privacy-First by Design

CAERON CORE defaults to HashOnly mode — no plaintext is stored. Choose StoreRedacted for safe analysis or StorePlaintext only when required. Your data, your rules.

HashOnly (Default)
StoreRedacted
StorePlaintext