TL;DR

Silmaril is the first self-healing prompt injection defense for AI native applications and agents. It understands application context to block 2x as many threats as current SOTA defenses with 10x lower latency. Customers plug us into frameworks like LangChain with 5 lines of code.

We’re working with the top productivity, analytics, and legal companies in the world and would love to protect you as well!

Our Launch Video: https://youtu.be/95VAZSvIsLA

Ask: If your AI systems ingest external data or you’re concerned about prompt injection, set up a 15 minute chat. If you know security or AI leaders (Director+) who could benefit from stopping prompt injections please reach out at aum@silmaril.dev.

Problem

Attackers are using AI to create and experiment with more sophisticated techniques at scale, making them 4.5x more likely to succeed. The AI security tools enterprises rely on today were not built for this.

Existing guardrails treat malicious inputs as the unit of security. They pattern-match against known bad prompts and require constant manual policy tuning. Against real-world contextual and emerging threats, leading guardrails blocked only 61% of attacks. That's barely better a coin toss.

This leaves security teams stuck in an endless loop: triaging alerts, tuning policies, and chasing attackers who move faster than they can respond.

How it works

Most AI security tools ask "does this input look malicious?" We ask "does this execution lead to a harmful outcome?" That distinction is what makes Silmaril work against attacks that guardrails completely miss.

The system has three layers:

1. Agents hunt for attacks and generate threat intelligence. We reverse-engineer your application and deploy autonomous agents that continuously probe it. These agents find and verify attack chains that combine individual vulnerabilities for a larger impact such as data exfiltration and privilege escalation. They surface novel threats tied to your application logic, far more useful in simulating AI enabled attackers than historical prompt injection lists.

2. A classifier model that blocks attackers in real time. The firewall integrates directly with your orchestration framework via our SDK, letting you control exactly when it runs. In LangGraph, for example, you can add it as a callback handler that fires before/after tool calls and model inference. Because Silmaril reasons over application snapshots rather than input patterns, it catches emerging, contextual, and multi-turn attacks that single-input classifiers miss entirely. Latency overhead is 20ms.

3. A self-healing retraining loop. Verified exploits from threat hunting and production traffic feeds back into the model continuously. The firewall retrains and deploys updated weights automatically within an hour. No manual policy tuning required.

Against a dataset of real-world contextual and emerging threats, Silmaril blocked 96% of attacks. Leading guardrails blocked 61%.

Why us

Eduardo and I spent 10+ years building security and AI. I built security frameworks protecting AWS’s AI infrastructure. Eduardo developed hardened models and agents for Amazon's homepage. We drove $2.2B in savings and new revenue.

After leaving, we became whitehat hackers and hacked OpenAI, Anthropic, Google, and Microsoft 15 times in two weeks. We saw firsthand how far ahead attackers already are. That's why we built Silmaril.