Separate data from control
Guard Bands wraps untrusted content with cryptographically signed boundaries, similar in spirit to prepared statements separating SQL data from SQL commands.
Cryptix Security
Cryptographic boundaries for safer LLM applications.
Guard Bands is an open research project that makes untrusted LLM content inert by default, separating data from instructions before sensitive tool use or policy decisions.
Guard Band marker
INERT:START
Untrusted content is wrapped, signed, bound to context, and verified before it can affect privileged behavior.
VERIFY -> ENFORCE -> AUDIT
Featured project
Guard Bands
A proof-of-concept security pattern for applications that pass documents, web pages, tickets, emails, or other user-controlled content into LLM workflows.
Verify before sensitive actions
Applications verify signatures, hashes, and context binding before content can influence tool calls, workflow decisions, private-data access, or policy-controlled paths.
Designed for operational visibility
The project includes FastAPI endpoints, rate limits, structured audit events, PostgreSQL and Splunk HEC sinks, plus SSO support through Keycloak and oauth2-proxy.
Read the project site
Visit guardbands.com for the fuller project overview, threat model, POC capabilities, and links to the source repository.
Open guardbands.comSecurity posture
Prompt wording is not a security boundary.
Guard Bands treats the model as a consumer of verified data, not the root of trust. The surrounding application enforces whether wrapped content is authentic, unmodified, and being used in the expected context.
Services offered
Focused help for security-critical systems.
Cryptix Security helps teams make practical security decisions across AI, cloud, regulated environments, and high-trust product architecture.
AI and LLM security architecture
Threat modeling, guardrails, tool-use controls, prompt-injection defenses, and secure patterns for AI-enabled workflows.
Cloud and application security
Architecture review, hardening, security design, identity boundaries, logging, detection, and practical remediation plans.
Crypto and fintech security
Security leadership for custody, regulated financial systems, vendor risk, operational controls, and audit-facing programs.
Public-sector readiness
Support for FedRAMP, CMMC, control mapping, evidence collection, hardening plans, and security program execution.
Security program leadership
Fractional or advisory leadership for roadmap creation, board-ready risk narratives, hiring plans, and security operating models.
Assessments and threat modeling
Focused reviews for product launches, architecture changes, acquisition diligence, and high-risk integrations.
Consulting
Available for focused security work.
Cryptix Security is available for high-impact consulting across application security, cloud security, AI security architecture, threat modeling, hardening, and security program execution.
About Monte
Security leadership for regulated and high-trust systems.
Monte Toren is a security executive and architect with experience across crypto, fintech, public-sector compliance, cloud platforms, and consumer technology.
Highlights include serving as crypto CISO during a historic FINRA custody approval, working as a Netflix security architect and head of security, and supporting public-sector security programs involving FedRAMP and CMMC readiness.