Iron Dome
The behavioural security layer for AI agents. Six defensive layers that intercept, analyse, and gate every instruction before your agent acts on it.
Free & open source·Part of ShieldCortex
One Command. Full Protection.
Activate Iron Dome and watch six defence layers come online
Six Layers of Defence
Every instruction passes through six checkpoints before your agent acts on it
Instruction Gateway
Validates and normalises every instruction before it enters the pipeline. Blocks malformed commands, enforces schema rules, and rejects instructions from untrusted sources.
Injection Scanner
Multi-pattern detection for prompt injection, jailbreak attempts, and instruction smuggling. Catches hidden payloads, Unicode tricks, and fragmented attacks across messages.
Action Gating
Controls what actions an agent can take. Allowlists, denylists, and scope boundaries per profile. High-risk actions require explicit approval or are blocked outright.
PII Protection
Detects and redacts personally identifiable information before it reaches memory or external systems. Names, emails, phone numbers, addresses, and national IDs — caught and masked.
Kill Switch
Instant shutdown when threat thresholds are breached. Halts all agent operations, preserves state for forensic review, and sends alerts. No graceful degradation — full stop.
Audit Trail
Every instruction, decision, and action is logged with timestamps, source identity, and outcome. Tamper-resistant, queryable, and ready for compliance exports.
Four Security Profiles
Choose a profile that matches your threat model. Every profile activates all six layers — the difference is how aggressively they respond.
School
- ✓ Strict content filtering
- ✓ Full PII redaction
- ✓ No external API calls
- ✓ Audit everything
Enterprise
- ✓ Injection scanning (strict)
- ✓ Action allowlists
- ✓ PII redaction + alerting
- ✓ Kill switch at threshold
Personal
- ✓ Injection scanning (balanced)
- ✓ PII detection + warning
- ✓ Flexible action gating
- ✓ Lightweight audit log
Paranoid
- ✓ Block-first, allow-second
- ✓ All actions require approval
- ✓ Zero tolerance on PII
- ✓ Verbose audit + alerts
--profile school | --profile enterprise | --profile personal | --profile paranoid
How It Works
Iron Dome wraps your agent's instruction pipeline. Every instruction enters, gets checked, and only clean instructions reach your agent's logic.
Instruction arrives
From user prompt, sub-agent, tool result, or external webhook — Iron Dome intercepts it.
Six-layer scan
The instruction passes through all six layers in sequence. Each layer can allow, flag, quarantine, or block.
Decision
Clean instructions pass through. Suspicious ones get quarantined for review. Malicious ones are blocked and logged.
Agent acts safely
Your agent only sees instructions that passed all six layers. Everything else is logged in the audit trail.
Part of ShieldCortex
Iron Dome is ShieldCortex's behavioural layer. Together, they protect both what your agent remembers and what it does.
ShieldCortex Memory
Protects what your agent stores. Persistent memory, semantic search, trust scoring, sensitivity classification, memory firewall.
Learn more about ShieldCortex →Iron Dome Behaviour
Protects what your agent does. Instruction gateway, injection scanning, action gating, PII protection, kill switch, audit trail.
You are hereWorks With Your Stack
Drop-in behavioural security for the tools you already use
Secure Your Agent's Behaviour
Six layers of defence. One npm install. Free and open source.