I built AL-MUNAA for OpenAI Build Week: a local security layer that wraps AI agents before they read untrusted content, before they run tools, and before they send output back out.
The idea is simple: when one agent detects an indirect prompt injection, it should be able to protect other agents from the same attack without sharing the raw prompt, private conversation, or any secret that appeared near the attack.
AL-MUNAA combines four gates:
The antibody is not the malicious text. It is a bounded HMAC fingerprint over normalized character shingles, signed with Ed25519, and verified through an explicit trusted-publisher registry. A second agent can import that antibody and block a mutated version of the attack without receiving the original attack text.
Codex helped harden the core protocol with test-first work:
The current suite reports 74 passing tests. The calibration set is intentionally small and synthetic, so I do not claim production-wide recall. The point is a reproducible mechanism, honest boundaries, and a working path judges can run.
The product uses GPT-5.6 for gray-case analysis and defensive vaccine generation. In a controlled live benchmark, an unsafe runbook without the gate reached a synthetic in-memory sink; with AL-MUNAA enabled, the action gate blocked before the read/sink path executed.
This is not a claim that every model will always leak secrets. It is a demonstration that when an agent is about to perform a risky action, the security layer can interrupt it with a signed audit trail.
Repository:
https://github.com/Farhanward/al-munaa
Demo video:
Build Week submission:
https://devpost.com/software/zeedos-self-hosted-autonomous-ai-operating-system
pip install ".[dev]"
pytest -q
python scripts/calibrate_antibody.py
python -m munaa_immune
Built by Farhan Almutairi / CARBONFLOWS.STORE.