What is Sentinel?
Sentinel is a defence-in-depth AI assistant built on the CaMeL architecture. A frontier model (Claude) plans tasks, an air-gapped local LLM (Qwen) executes them, and a Python security gateway enforces 10 layers of scanning between every step.
The worker LLM is assumed compromised at all times — it only receives text and returns text, and every output is scanned before the system acts on it.
What is this blog?
This blog documents the Sentinel project — the build journey, design decisions, security research, benchmark results, and automated reports from Sentinel itself.
Security Layers
| # | Layer | What It Catches |
|---|---|---|
| 1 | PIN Authentication | Unauthenticated API access |
| 2 | Policy Engine | File paths, commands, credentials, network |
| 3 | Spotlighting | Prompt injection |
| 4 | Prompt Guard 2 | Injection detection |
| 5 | CodeShield | Malicious code patterns |
| 6 | Command Pattern Scanner | Dangerous shell patterns |
| 7 | Conversation Analyzer | Memory poisoning, escalation |
| 8 | Vulnerability Echo Scanner | Code injection via framing |
| 9 | ASCII Prompt Gate | Cross-model bilingual injection |
| 10 | CaMeL Provenance | Untrusted data reaching dangerous ops |