AI-resistant cybersecurity defense framework
AICloak detects AI-powered reconnaissance, responds with deception, and emits conflicting signals to create analysis paralysis in automated attackers. It exploits a fundamental weakness in AI scanning: AI can only attack what it understands.
Every security "best practice" is training data for tomorrow's AI attackers. Traditional defenses — firewalls, IDS rules, WAF signatures — are publicly documented and instantly recognizable to pattern-matching AI systems. AI-powered reconnaissance can:
- Process millions of data points simultaneously
- Recognize all documented security configurations instantly
- Learn from every public security disclosure
- Cannot be deterred by traditional complexity
AICloak operates on three complementary pillars that work together to make your infrastructure not worth the effort for AI reconnaissance:
Analyzes incoming request metadata to classify traffic as human or AI-generated using three independent signals:
| Detector | Method | Key Metric |
|---|---|---|
| Timing | Inter-request interval regularity | Coefficient of Variation (CV < 0.15 = AI) |
| Headers | HTTP header fingerprinting | Known scanner UA patterns, missing browser headers |
| Path | URL enumeration pattern analysis | Wordlist matching, sequential ordering |
An ensemble detector combines all signals with configurable weights to produce a unified threat score (0.0 = human, 1.0 = AI).
When AI reconnaissance is detected, responses are mutated to prevent accurate fingerprinting:
- Banner Rotation — Fake server banners (Apache, nginx, IIS) rotate per-request
- Header Injection — Misleading framework, cache, and infrastructure headers
- Timing Jitter — Response delay manipulation to defeat timing-based identification
Active misdirection to create analysis paralysis:
- Honeypot Endpoints — Fake admin panels, API docs, and config files that attract scanners
- Signal Contradiction — Same resource reports different tech stacks on different probes
- Topology Masking — False internal hosts, redirects, and organizational paths
# Clone and install
git clone https://github.com/MemoryForgeAILabs/aicloak.git
cd aicloak
pip install -e ".[dev]"
# Run the demo
aicloak detect --demo
# Run with aggressive profile
aicloak detect --demo --profile aggressive
# Start the API server
aicloak serve --port 8000
# Run tests
pytest tests/ -v>>> Simulating HUMAN browsing traffic...
Source IP: 192.168.1.42
Threat Level: NONE
Max AI Score: 0.150
AI Detected: False
>>> Simulating AI SCANNER traffic...
Source IP: 10.0.0.99
Threat Level: CRITICAL
Max AI Score: 1.000
AI Detected: True
--- Deception Actions ---
[ banner] Server: Microsoft-IIS/8.5
[ timing] delay: 277ms (heavy)
--- Confusion Actions ---
[ honeypot] 5 honeypot endpoints deployed
[ signal] 7 contradictory signals emitted
[ topology] 9 fake network elements
aicloak/
├── schemas.py # Core data models (RequestFingerprint, AnalysisResult, etc.)
├── config.py # Profile-based configuration (balanced/aggressive/stealth)
├── engine.py # Main orchestrator connecting all three pillars
├── cli.py # Click CLI interface
├── api.py # FastAPI REST server
├── detection/ # Pillar 1: AI reconnaissance identification
│ ├── timing.py # Request interval regularity (CV analysis)
│ ├── headers.py # HTTP header fingerprinting
│ ├── pathanalysis.py # URL enumeration pattern detection
│ └── ensemble.py # Weighted detector combination
├── deception/ # Pillar 2: Response mutation
│ ├── banners.py # Fake service banner rotation
│ ├── headers.py # Misleading response headers
│ └── timing.py # Response delay jitter
└── confusion/ # Pillar 3: Active misdirection
├── honeypot.py # Fake endpoint generation
├── signals.py # Contradictory metadata emission
└── topology.py # False network topology
| Profile | Threshold | Deception | Confusion | Use Case |
|---|---|---|---|---|
| balanced | 0.6 | Enabled | Enabled | Default — moderate detection with full response |
| aggressive | 0.35 | Enabled | Enabled | High-value targets — lower threshold, more honeypots |
| stealth | 0.8 | Disabled | Disabled | Passive monitoring — detection only, no active response |
from aicloak import CloakEngine
# Use a profile
engine = CloakEngine(profile="aggressive")
# Override specific settings
engine = CloakEngine(profile="balanced", overrides={"detection_threshold": 0.5})Start the server with aicloak serve --port 8000, then:
| Endpoint | Method | Description |
|---|---|---|
/health |
GET | Health check |
/analyze |
POST | Submit request fingerprint for analysis |
/status |
GET | Engine status and statistics |
/config |
GET | Current configuration |
Example:
curl -X POST http://localhost:8000/analyze \
-H "Content-Type: application/json" \
-d '{
"timestamp": 1700000000,
"method": "GET",
"path": "/admin",
"headers": {"User-Agent": "python-requests/2.31.0"},
"source_ip": "10.0.0.1"
}'The timing detector uses the Coefficient of Variation (CV = standard deviation / mean) of inter-request intervals:
| CV Range | Classification | Score |
|---|---|---|
| < 0.10 | Metronomic — almost certainly AI | ~0.95 |
| 0.10–0.25 | Regular — likely AI | ~0.70 |
| 0.25–0.45 | Ambiguous | ~0.40 |
| > 0.45 | Irregular — likely human | ~0.15 |
This works because AI scanners operate at machine speed with consistent intervals, while human browsing produces irregular timing driven by reading, clicking, and thinking.
All three pillars use a plugin architecture. To add a new detector:
from aicloak.detection.base import BaseDetector
from aicloak.schemas import RequestFingerprint, DetectionResult
class MyCustomDetector(BaseDetector):
def name(self) -> str:
return "custom"
def analyze(self, fingerprints: list[RequestFingerprint]) -> DetectionResult:
# Your detection logic here
...The same pattern applies to BaseDeceiver and BaseConfuser.
# Run all tests
pytest tests/ -v
# Run specific pillar tests
pytest tests/test_detection.py -v
pytest tests/test_deception.py -v
pytest tests/test_confusion.py -v
pytest tests/test_engine.py -v- PCAP/request log file ingestion
- Real-time middleware mode (ASGI/WSGI integration)
- Machine learning model for detection (train on labeled traffic)
- Dashboard UI for monitoring
- Integration with SIEM platforms
- Distributed deployment across multiple nodes
Contributions are welcome. Please open an issue to discuss proposed changes before submitting a PR.
Apache 2.0 — see LICENSE
Built by MemoryForge AI Labs — building intelligent systems that think differently about hard problems.