cd /news/ai-safety/al-munaa-a-collective-immune-system-… · home topics ai-safety article
[ARTICLE · art-64826] src=dev.to ↗ pub= topic=ai-safety verified=true sentiment=↑ positive

AL-MUNAA: a collective immune system for AI agents

Farhan Almutairi built AL-MUNAA, a local security layer for AI agents that detects and blocks indirect prompt injections using signed HMAC fingerprints. The system combines four gates and uses Ed25519 signatures to share attack antibodies between agents without exposing raw prompts. In a live benchmark, AL-MUNAA successfully blocked a risky action before execution.

read1 min views1 publishedJul 18, 2026

I built AL-MUNAA for OpenAI Build Week: a local security layer that wraps AI agents before they read untrusted content, before they run tools, and before they send output back out.

The idea is simple: when one agent detects an indirect prompt injection, it should be able to protect other agents from the same attack without sharing the raw prompt, private conversation, or any secret that appeared near the attack.

AL-MUNAA combines four gates:

The antibody is not the malicious text. It is a bounded HMAC fingerprint over normalized character shingles, signed with Ed25519, and verified through an explicit trusted-publisher registry. A second agent can import that antibody and block a mutated version of the attack without receiving the original attack text.

Codex helped harden the core protocol with test-first work:

The current suite reports 74 passing tests. The calibration set is intentionally small and synthetic, so I do not claim production-wide recall. The point is a reproducible mechanism, honest boundaries, and a working path judges can run.

The product uses GPT-5.6 for gray-case analysis and defensive vaccine generation. In a controlled live benchmark, an unsafe runbook without the gate reached a synthetic in-memory sink; with AL-MUNAA enabled, the action gate blocked before the read/sink path executed.

This is not a claim that every model will always leak secrets. It is a demonstration that when an agent is about to perform a risky action, the security layer can interrupt it with a signed audit trail.

Repository:

https://github.com/Farhanward/al-munaa

Demo video:

https://youtu.be/mlAxp2UJaFg

Build Week submission:

https://devpost.com/software/zeedos-self-hosted-autonomous-ai-operating-system

pip install ".[dev]"
pytest -q
python scripts/calibrate_antibody.py
python -m munaa_immune

Built by Farhan Almutairi / CARBONFLOWS.STORE.

── more in #ai-safety 4 stories · sorted by recency
── more on @farhan almutairi 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/al-munaa-a-collectiv…] indexed:0 read:1min 2026-07-18 ·