pypl0/Ombre

GitHub: pypl0/Ombre

Ombre 是一个开源的 AI 安全基础设施层，通过 17 个智能体在本地为每次 AI 请求提供安全扫描、数据脱敏、合规审计和访问控制，确保数据不离开服务器。

Stars: 4 | Forks: 0

# Ombre ### AI 安全边界 [ ![版本](https://img.shields.io/badge/version-2.0.0-brightgreen) ](https://github.com/pypl0/Ombre/releases) [ ![许可证](https://img.shields.io/badge/license-BUSL%201.1-blue) ](LICENSE) [ ![智能体](https://img.shields.io/badge/agents-17-purple) ](https://github.com/pypl0/Ombre) [ ![已收录](https://img.shields.io/badge/awesome--machine--learning-listed-orange) ](https://github.com/josephmisiti/awesome-machine-learning) [ ![安全性](https://img.shields.io/badge/OWASP-Top%2010%20covered-red) ](https://github.com/pypl0/Ombre) **17 个自主智能体。一个群体智能。零数据传输。** *对 Project Glasswing 的开源回应。*

## Ombre 为什么存在 Anthropic 的 Claude Mythos Preview 在所有主流操作系统和浏览器中发现了数千个零日漏洞。他们将其通过 Project Glasswing 锁定，仅提供给 50 家公司。 Ombre 将防御性 AI 安全带给地球上每一位开发者。免费。开源。无需 1 亿美元的会员费。 ## 安全边界您的应用 ↓ ┌─────────────────────────────────────────────────┐ │ OMBRE 安全边界 │ │ │ │ SENTINEL ──── 协调所有 17 个智能体 │ │ │ │ │ ┌───▼────┐ ┌────────┐ ┌─────────┐ ┌────────┐ │ │ │Guardian│ │Firewall│ │ Vault │ │Contract│ │ │ │零日扫描│ │间接注入│ │PII Token化│ │行为强制│ │ │ └────────┘ └────────┘ └─────────┘ └────────┘ │ │ │ │ ┌────────┐ ┌────────┐ ┌─────────┐ ┌────────┐ │ │ │Security│ │ Audit │ │Complian.│ │ Cost │ │ │ │零信任+8│ │SHA-256 │ │EU AI Act│ │成本跟踪│ │ │ │个以上 │ │ 链 │ │ HIPAA │ │预测 │ │ │ └────────┘ └────────┘ └─────────┘ └────────┘ │ │ │ │ 共享威胁情报总线 │ └─────────────────────────────────────────────────┘ ↓ 任何 AI 模型 (OpenAI / Anthropic / Groq / Mistral) ## 安装 ``` pip install git+https://github.com/pypl0/Ombre.git from ombre import Ombre ai = Ombre(openai_key="your-key") # 17 个 agent 会在每次请求时自动激活 response = ai.run("Analyze this contract for legal risks") print(response.text) print(response.confidence) # 0.0-1.0 print(response.cost_saved) # Dollars saved print(response.audit_id) # Tamper-proof record print(response.threats_blocked) # Attacks stopped Guardian — Zero-Day Vulnerability Scanner The open source answer to Claude Mythos Preview. # 扫描您的 AI 应用程序代码 report = ai.scan_repository("./your_ai_app") print(f"Risk score: {report['risk_score']}/10") print(f"Critical: {report['summary']['critical']}") print(f"Zero-day candidates: {report['summary']['zero_day_candidates']}") print(f"OWASP Top 10: {report['compliance']['owasp_top10_coverage']:.0%}") # 当发现严重漏洞时获取通知 def alert_team(notification): print(f"ALERT: {notification['count']} critical vulns in {notification['file']}") ai.guardian.add_notification_callback(alert_team) Privacy Vault — PII Never Enters The Model Python # PII 在 inference 前被 tokenized，之后恢复 # 模型对 PERSON_A 而不是 John Smith 进行推理 # 架构上符合 HIPAA 和 GDPR response = ai.run("Review the contract for John Smith john@acme.com") # 模型看到："Review the contract for PERSON_A EMAIL_A" # 您看到：恢复了真实姓名的正常响应 Behavior Contract — Legal-Grade AI Policy Python from ombre.agents.contract import BehaviorContract contract = BehaviorContract( forbidden_topics=["competitor_products", "legal_advice"], forbidden_outputs=["I cannot help", "As an AI"], min_confidence=0.8, block_violations=True, ) ai.set_contract(contract) # 每个 response 均经过验证。违规会产生 cryptographic proof。 Zero Trust Gateway — Role-Based AI Access # 为用户分配角色 ai.zerotrust.assign_role("user_123", "admin") ai.zerotrust.assign_role("user_456", "readonly") # 立即 Block 用户 ai.zerotrust.block_user("user_789", reason="Policy violation") # 针对每个 role 自动执行 Rate limits Swarm Intelligence # 查看 swarm 知道的内容 report = ai.get_intelligence_report() print(report["sentinel_mode"]) # PASSIVE / ACTIVE / LOCKDOWN print(report["threat_intelligence"]) # System-wide threat level print(report["recent_signals"]) # What each agent detected The 17 Agents Agent Purpose 🛡 Guardian Zero-day vulnerability scanning 🧠 Sentinel Swarm intelligence coordinator 🔥 Firewall Indirect injection protection 🔐 Vault PII tokenization — model never sees real data 📜 Contract Legal-grade behavior enforcement 🚪 Zero Trust Role-based access control 🔒 Security Direct injection and threat blocking 🧠 Memory Persistent encrypted context 💰 Token Semantic caching — 40-60% cost reduction ⚡ Compute Intelligent model routing ✅ Truth Ground truth injection ⏱ Latency P99 monitoring and SLA enforcement 🎯 Reliability Hallucination detection 📋 Audit Tamper-proof SHA-256 chain 🔄 Feedback Continuous improvement loop 📊 Cost Spend tracking and forecasting 🏛 Compliance EU AI Act, HIPAA, SOC2, GDPR Pricing Tier Price Who Free $0 forever Developers, startups Growth $2,500/month Series A+ companies Enterprise Custom Large organizations Government Custom Agencies, defense Enterprise licenses: USDT (TRC20) TT3aCEYKF1d9PpyLDdzKGULi6Maa3DqPVU Contact: ombreaiq@gmail.com ```

标签：AI代理, AI基础设施层, AI安全, AI网关, Burp项目解析, Chat Copilot, CISA项目, Clair, IP 地址批量处理, LLM幻觉检测, OWASP Top 10, Petitpotam, PII脱敏, 人工智能基础设施, 代码安全, 企业级AI安全, 动态调试, 大模型安全, 安全代理, 安全审计日志, 安全防护边界, 开源AI, 提示词注入防护, 敏感信息token化, 数据隐私, 无线安全, 本地部署, 漏洞枚举, 私有化部署, 群体智能, 行为契约, 记忆缓存, 请求响应过滤, 逆向工具, 间接注入防御, 防御性AI, 防御规避, 防火墙, 防篡改审计, 零数据传输