Security
LLM-powered applications introduce security risks that traditional application firewalls do not address: sensitive data leaking into prompts, prompt injection attacks that bypass intended behavior, and SQL injection payloads hidden inside natural-language queries. AxonFlow enforces security policies on every request and response at the agent gateway layer, blocking threats before they reach your LLM provider or database.
Security Features
| Feature | Description | Edition |
|---|---|---|
| PII Detection | Detect and mask sensitive data (SSN, credit cards, Aadhaar, NRIC) | Community |
| SQL Injection Scanning | Prevent injection attacks in LLM-generated queries | Community |
| Best Practices | Security hardening guide | All |
Built-in Protections
PII Detection
AxonFlow scans both inbound prompts and outbound LLM responses for personally identifiable information. Detection uses a two-layer approach: fast regex matching at the agent layer (under 1ms) followed by validation with Luhn, MOD 97, and Verhoeff checksums at the orchestrator layer to minimize false positives.
Supported PII types include:
- Personal Identifiers: SSN, passport numbers, driver's license
- Financial Data: Credit cards (Luhn-validated), bank accounts, IBAN
- Contact Info: Email, phone, addresses, IP addresses
- Regional Formats: India (Aadhaar with Verhoeff checksum, PAN), Singapore (NRIC, FIN, UEN), EU (VAT, national IDs)
Configure detection behavior with the PII_ACTION environment variable:
| Action | Behavior |
|---|---|
redact (default) | Mask detected PII, allow request through |
block | Reject request immediately |
warn | Log warning, allow request through |
log | Log for audit only, allow unmodified |
PII Detection Example
Send a prompt containing an SSN to see detection in action:
curl -X POST http://localhost:8080/api/v1/query/execute \
-H "Content-Type: application/json" \
-H "X-Client-Id: my-tenant" \
-H "X-Client-Secret: your-client-secret" \
-d '{
"query": "Process refund for customer SSN 123-45-6789",
"context": {
"user_id": "agent-1"
}
}'
With the default PII_ACTION=redact, the SSN is masked before the query reaches the LLM:
{
"response": "Processing refund for customer SSN XXX-XX-6789",
"policies": ["ssn_detection"],
"pii_detected": true,
"context_id": "ctx_abc123"
}
Set PII_ACTION=block to reject requests containing PII outright:
PII_ACTION=block docker compose up -d
SQL Injection Scanning
AxonFlow inspects LLM-generated SQL before it reaches your database, catching injection patterns such as:
- Tautologies (
OR 1=1) - Union-based injection (
UNION SELECT) - Stacked queries (
;DROP TABLE) - Comment-based evasion (
--,/* */)
Requests that trigger SQL injection rules are blocked and logged with the matched pattern for audit purposes.
Security Architecture
Every request passes through the policy engine before reaching LLM providers. Responses are also scanned before being returned to the client. The audit log records policy evaluation results, detected PII types, and blocked threats.
Compliance Support
AxonFlow's security features map to specific compliance controls:
| Standard | Relevant Features |
|---|---|
| GDPR | PII detection (email, phone, address, IP), data masking, audit logs |
| HIPAA | PHI detection (SSN, DOB), access controls, encryption at rest |
| SOC 2 | Immutable audit logging, role-based access controls |
| PCI-DSS | Credit card detection with Luhn validation, automatic masking |
| MAS FEAT | Singapore NRIC/FIN/UEN detection, audit trails |
Network Security
Recommended Configuration
- Deploy agent and orchestrator in private subnets
- Use VPC endpoints for AWS services (Secrets Manager, S3, Bedrock)
- Enable TLS 1.2+ for all connections
- Restrict security groups to necessary ports only
Ports
| Service | Port | Protocol | Notes |
|---|---|---|---|
| Agent | 8080 | HTTPS | Primary entry point for client requests |
| Orchestrator | 8081 | HTTPS | Internal, not exposed publicly |
| PostgreSQL | 5432 | Internal | Private subnet only |
| Redis | 6379 | Internal | Private subnet only |
Community vs Enterprise Security
| Capability | Community | Enterprise |
|---|---|---|
| PII detection (global types) | Included | Included |
| PII detection (regional: India, Singapore) | Included | Included |
| SQL injection scanning | Included | Included |
| Policy-as-code (Rego/OPA) | Included | Included |
| Audit logging | Included | Included |
| Custom PII patterns | -- | Included |
| Advanced threat detection (prompt injection ML models) | -- | Included |
| Compliance dashboards (SOC 2, HIPAA, GDPR) | -- | Included |
| Custom security policies with approval workflows | -- | Included |
| Multi-region audit replication | -- | Included |
| Role-based PII access controls | -- | Included |
Enterprise Edition adds advanced threat detection with ML-based prompt injection models, compliance dashboards for SOC 2 / HIPAA / GDPR audit preparation, custom security policies with approval workflows, and multi-region audit log replication.
Next Steps
- Review Best Practices for security hardening
- Configure PII Detection for your region
- Enable SQL Injection Scanning
- Set up Audit Logging for compliance