AI-powered security detection engine for the vibe-coding era.
Real-time threat detection · Pre-execution blocking · Prompt injection guard · DNS/C2 monitoring
This project is currently in public beta. The Windows installer does not yet carry an OV code-signing certificate (in progress). Windows SmartScreen will show a warning.
To install:
- Download the installer from Releases
- If SmartScreen appears → click "More info" → "Run anyway"
- OV certificate is being obtained. All detection logic is open source here.
Verify the binary:
- SHA256 checksums are listed on each Release page
- VirusTotal scan result → (updated each release)
Kido.ai is a local AI security layer designed for individuals and teams — whether you're a seasoned developer, a vibe coder using AI tools like Cursor or Claude, or simply someone who wants their PC protected.
Traditional security responds after execution. Kido.ai decides before it runs.
File saved / Process launched
│
▼
┌─────────────────────────────────┐
│ Local Rule Engine (<5ms) │ ← 90% handled here, no AI cost
└────────────┬────────────────────┘
│ High-risk?
▼
┌─────────────────────────────────┐
│ AI Analysis (Gemini/Claude/ │ ← Business: Gemini only
│ GPT-4 multi-stage) │ Pro: Full multi-AI chain
└────────────┬────────────────────┘
│
▼
┌─────────────────────────────────┐
│ Arbitration + Action │ ← Block / Alert / Rollback
└─────────────────────────────────┘
Every process is scored before it runs. Suspicious behavior (anomalous paths, unsigned binaries, known malware hashes) is blocked before execution — not after.
Register your dev folder and every file save triggers:
- AST-level code vulnerability scan
- Malicious package detection (typosquatting, supply chain)
- Exposed API key / secret detection
- Git history scan for leaked credentials
- Security fix suggestions for your existing codebase
Scans AI-generated code for:
- Hidden prompt injection patterns
- Stealth Unicode characters
- Jailbreak instructions
- Secret exfiltration commands
Real-time DNS query monitoring:
- C2 beaconing detection
- DNS tunneling patterns
- DGA (Domain Generation Algorithm) domains
Copy-on-Write snapshot before ransomware can encrypt. Full recovery within 3 seconds.
Learns continuously from:
- CISA Known Exploited Vulnerabilities (KEV)
- NVD CVE database
- OSV.dev (PyPI, npm, Go, Maven...)
- GitHub Security Advisories
- URLhaus malicious URLs
- MalwareBazaar malware hashes
engine/
├── security_engine.py # Core detection pipeline (KidoEngine, DetectingAI)
├── engine_main.py # Windows process/file watcher orchestrator
├── project_guardian.py # Dev folder security scanner
├── prompt_injection_detector.py # AI-generated code injection scanner
├── dns_monitor.py # DNS/C2 network monitor
├── git_history_scanner.py # Git history secret leak scanner
├── amsi_provider.py # Windows AMSI integration
├── wsc_registration.py # Windows Security Center registration
└── requirements.txt # Python dependencies
- ✅ File contents are NEVER sent to our servers
- ✅ All code analysis runs locally on your machine
- ✅ Only anonymized metadata (file path hash, event type) is transmitted
- ✅ No personal identifiers — see our Privacy Policy
- Language: Python 3.12
- AI Models: Google Gemini Flash · Anthropic Claude · OpenAI GPT-4
- Windows Integration: WMI, ETW, AMSI, WSC
- Threat Feeds: CISA KEV, NVD, OSV.dev, GitHub Advisory, URLhaus, MalwareBazaar
| Feature | Free | Business ($15/mo) | Pro ($29/mo) |
|---|---|---|---|
| Real-time protection | ✓ | ✓ | ✓ |
| Rule-based detection | ✓ | ✓ | ✓ |
| AI analysis | ✕ | Gemini (1,000/mo) | Multi-AI (5,000/mo) |
| AI security chat | ✕ | 100/day | 200/day |
| Auto rollback | ✕ | ✓ | ✓ |
| Project Guardian | ✕ | ✓ | ✓ |
| DNS & C2 detection | ✕ | ✓ | ✓ |
| Prompt injection guard | ✕ | ✓ | ✓ |
| Devices | 1 | 3 | 5 |
Bug reports, false positive reports, and feature requests are welcome via GitHub Issues.
For security vulnerability reports, see SECURITY.md.
MIT License — see LICENSE
The Kido.ai server, client app, and infrastructure are proprietary. This repository contains the detection engine only.