Skip to content

Unique Innovations

OxideShield is built from the ground up in Rust with a focus on performance, security, and deployment flexibility. These eight innovations represent capabilities that are unique to OxideShield or significantly differentiated from competing products.

1. Wellbeing Guards

OxideShield includes seven dedicated wellbeing guards that protect users from psychological harm, manipulative AI behaviour, and accessibility barriers:

  • DarkPatternGuard — detects manipulative nudging, false urgency, and dark UI patterns in LLM responses
  • DependencyGuard — monitors engagement patterns for signs of unhealthy AI dependency
  • PsychologicalSafetyGuard — screens for crisis indicators and sycophantic reinforcement
  • AutonomyGuard — protects user decision-making autonomy from AI overreach
  • MisalignmentGuard — detects value misalignment between user intent and AI behaviour
  • HelpfulnessGuard — identifies evasive, unhelpful, or excessively cautious responses
  • AccessibilityGuard — enforces readability standards and flags jargon-heavy outputs

Why it matters: The EU AI Act and emerging UK/US regulations increasingly require responsible AI safeguards. OxideShield is the only LLM security toolkit with built-in wellbeing protections, giving teams compliance-ready guardrails without custom development.

Learn more: Wellbeing Guards Overview

2. WASM Browser Execution

OxideShield compiles to WebAssembly, enabling client-side LLM security directly in the browser. Guards run locally with zero data exposure to external servers.

The interactive playground demonstrates all 32 guard examples running entirely in-browser via WASM — no backend required.

Why it matters: For privacy-sensitive applications (healthcare, legal, finance), WASM execution means user inputs never leave the device. This eliminates an entire class of data residency and compliance concerns while maintaining sub-millisecond guard performance.

Learn more: WASM Deployment

3. Pure Rust ML Inference via Candle

OxideShield runs BERT-based ML classifiers and semantic similarity models using Candle — Hugging Face's Rust ML framework. There is no Python runtime dependency, no ONNX runtime, and no external inference server.

Models are loaded and executed in-process with the same Rust binary that runs pattern matching and encoding detection.

Why it matters: Eliminating the Python runtime removes an entire dependency surface (virtualenvs, pip, version conflicts, GIL contention). The result is a single static binary that runs ML inference at native speed, with no setup beyond downloading the binary.

Learn more: ML Classifier Guard | Semantic Similarity Guard

4. Air-Gapped Operation

OxideShield is designed for environments with no internet connectivity. Key capabilities that work fully offline:

  • License validation — Ed25519 signature verification with no server calls required
  • ML inference — bundled model weights, no downloads at runtime
  • Threat intelligence — offline catalog with pre-packaged MITRE ATLAS mappings
  • Compliance reports — generated locally with bundled templates

Why it matters: Defence, government, critical infrastructure, and regulated financial environments require tools that operate in air-gapped networks. OxideShield's offline-first design means no last-mile surprises during deployment behind firewalls.

Learn more: Offline Mode

5. Cryptographic Audit Logs

Every guard check can be recorded as a cryptographically signed audit entry using Ed25519. Signed entries are tamper-evident: any modification invalidates the signature chain.

Audit logs include guard name, action taken, severity, timestamp, and the signing key fingerprint. Attestation reports aggregate entries into compliance-ready documents.

Why it matters: SOC 2, ISO 27001, and financial services regulations (EBA, PRA) require tamper-proof audit trails for automated decision-making. OxideShield's signed audit logs provide cryptographic proof that security controls were applied, simplifying audit evidence collection.

Learn more: Attestation & Audit Logs

6. Four Deployment Targets from One Codebase

OxideShield ships from a single Rust codebase as:

  1. Rust cratecargo add oxideshield-guard for native Rust applications
  2. Python packagepip install oxideshield with PyO3 bindings
  3. CLI tooloxideshield guard --input "..." for shell pipelines and CI/CD
  4. WASM module — browser and edge runtime execution

All four targets share identical guard logic, thresholds, and test suites. A pattern that triggers a block in the Rust API will produce the same result in Python, CLI, and WASM.

Why it matters: Teams using multiple languages and deployment targets get consistent security behaviour everywhere, without maintaining separate implementations or accepting behavioural drift between platforms.

Learn more: Installation | Python SDK | CLI Reference

7. Encoding Attack Detection

The EncodingGuard detects a wide range of text encoding attacks designed to bypass content filters:

  • Unicode normalisation attacks (NFKC/NFKD canonical equivalents)
  • Homoglyph substitution (Cyrillic, Greek, and mathematical lookalikes)
  • Invisible characters (zero-width joiners, soft hyphens, direction overrides)
  • Base64/hex encoded payloads embedded in otherwise normal text
  • Mixed-script detection (Latin+Cyrillic, Latin+Greek within single words)

Why it matters: Encoding attacks are one of the most effective ways to bypass keyword-based and even ML-based content filters. OxideShield detects these attacks at the character level before content reaches other guards, closing a gap that most competing products leave open.

Learn more: Encoding Guard

8. Swarm & Multi-Agent Security

As LLM applications move from single-model to multi-agent architectures, OxideShield provides purpose-built security guards:

  • SwarmGuard — monitors inter-agent communication for prompt injection, privilege escalation, and coordination attacks
  • AgenticGuard — enforces tool-use policies, action budgets, and scope boundaries for autonomous agents
  • ContainmentPolicy — defines isolation boundaries and breakout detection for agent sandboxes

Why it matters: Multi-agent systems introduce attack surfaces that don't exist in single-model applications: one compromised agent can poison the entire swarm. OxideShield is the only toolkit with dedicated multi-agent security guards mapped to MITRE ATLAS techniques.

Learn more: Swarm Guard | Agentic Guard | Containment Policy