Aegis is an open-source proxy for prompt attacks and hallucinations
Aegis is a self-hosted, that checks inputs and outputs around calls. It is built to work with OpenAI-style clients, so a team can point the client’s BASE_URL to Aegis instead of changing the whole app. Before a prompt reaches the model, Aegis runs a 10-step input guard.
It normalizes unusual characters into standard ASCII, removes invisible characters, and looks for PEM keys, API tokens, Log4Shell-style attack strings, and other risky payloads inside prompts or . It also tries to catch such as GCG and AutoDAN tokens. After the model response is returned, Aegis analyzes the output , so the user does not wait longer while it checks for or major drift.
The project is licensed under AGPLv3.
Key points
- Aegis sits between an app and the model as a self-hosted .
- OpenAI-style clients can connect by changing the BASE_URL.
- The input guard checks for hidden characters, strange character forms, leaked secrets, API tokens, and known attack payloads.
- It targets such as GCG and AutoDAN tokens.
- The output check runs after the response is sent, aiming to avoid extra user-facing delay.