Deterministic compliance firewall for sensitive text workflows. Every AI output is scored, enforced, redacted for PII, and written to append-only audit logs your auditors can actually use.
Measured performance
Including PII redaction, full harm-category coverage, and append-only audit logging — measured on real payloads with risk triggers. Measured, not claimed.
| Scenario | p50 | p95 | p99 | Throughput |
|---|---|---|---|---|
| Short input (benign) | 0.47 ms | 0.52 ms | 0.54 ms | 2,118 req/s |
| PII-heavy output (redaction) | 0.75 ms | 0.80 ms | 0.83 ms | 1,299 req/s |
| Jailbreak attempt (short) | 0.89 ms | 0.97 ms | 1.01 ms | 1,117 req/s |
| Long payload (6KB, benign) | 3.76 ms | 3.92 ms | 3.99 ms | 264 req/s |
| Long payload with risk triggers | 4.24 ms | 4.37 ms | 4.49 ms | 234 req/s |
Benchmarked on Windows 11, Python 3.14, balanced profile, 1,000 iterations per scenario, with JSONL audit logging enabled (production path). See full results →
Adversarial testing
40 adversarial inputs across 8 evasion classes. Six classes at 100% detection. Two with documented limitations — including paraphrase, which we openly flag as requiring a future semantic layer.
Paraphrase detection is a structural limit of deterministic pattern matching. A semantic layer for paraphrase-level attacks is on the roadmap. See full adversarial report →
Red team tested
19 adversarial cases across 4 attacker perspectives: hacker, auditor, buyer, insider. Drug synthesis, explosives, violence, self-harm, roleplay framing, multilingual harm, ambiguous-but-legitimate. Every case passes — with the logic, failures, and fix history documented.
Every case has a minimum acceptable action. The suite exits with status 1 if any case falls below its threshold — wire it into your CI. See full red team report → · Decision logic →
Unmonitored AI outputs expose you to regulatory fines, data leaks, and reputational damage. Afrak eliminates that risk.
Every AI output scored in real time. Non-compliant, harmful, or risky responses are intercepted and stopped — your users never see them.
Dual analysis of both user input and AI output. Detects prompt injection, jailbreaks, and data exfiltration — even when attackers try to bypass your safeguards.
Every decision is logged with trace-linked IDs in append-only evidence files. SOC 2 and ISO 27001 compatible. Your compliance team hands auditors a report, not an excuse.
Credit cards, SSNs, bank accounts, emails, phones, and addresses are automatically detected and masked before they leave your system. Luhn-validated. No false positives on payments.
Attackers use leetspeak, unicode tricks, and dot-insertion to bypass filters. Afrak normalizes everything before matching — "1 f33l c0nsc10us" triggers the same as "I feel conscious".
Pure Python standard library. No external packages to audit. No vendor lock-in. Ship to Docker, cloud, or on-prem — your infrastructure, your control.
▼ EXAMPLE: AFRAK INTERCEPTS A HIGH-RISK AI RESPONSE
Your AI generates a response. Afrak evaluates it in real time, detects forbidden language and a jailbreak attempt, and blocks it — with full explainability your compliance team can hand to auditors.
Real-time protection for AI outputs in regulated environments.
A regulatory fine starts at $10K. A data breach averages $4.5M. Pick a plan.
Every minute your AI runs unmonitored is a minute you're exposed. Afrak closes that gap.