Security AI
caution
Security AI is in preview. The default setup uses heuristic detectors (no external AI calls). Replace them with your own AI pipeline if required.
Overview
Security AI adds HTTP endpoints for threat detection and smart secret detection. By default it uses local heuristic detectors and does not call external AI services. If you want a true AI-backed detector, register your own IAIThreatDetector implementation.
The package also includes a remediation agent that can be wired with Semantic Kernel. That advanced setup is covered in the Security AI production guide.
Integration Guide
Step 1: Install the package
dotnet add package PrimusSaaS.Security.AI
dotnet add package PrimusSaaS.Security.Heuristics
Step 2: Configure Program.cs
using PrimusSaaS.Security.AI;
using PrimusSaaS.Security.Heuristics;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddPrimusSecurityAI(options =>
builder.Configuration.GetSection("PrimusSecurityAI").Bind(options));
builder.Services.AddPrimusHeuristics();
var app = builder.Build();
Step 3: Configure appsettings.json
{
"PrimusSecurityAI": {
"EnableThreatDetection": true,
"EnableBehavioralAnalysis": true,
"EnableSmartPatterns": true,
"ModelPath": "ai-models/threat-detection.model",
"ConfidenceThreshold": 0.75
}
}
How to get configuration values
ModelPathpoints to your local AI model files if you replace the heuristics detector.ConfidenceThresholdcontrols the minimum confidence required for results.
Step 4: Configure endpoint
app.MapPrimusSecurityAIEndpoints();
app.Run();
This exposes:
POST /api/aisecurity/detect-threatsPOST /api/aisecurity/smart-secret-detectionGET /api/aisecurity/ai-status
Step 5: Test the endpoint
curl -X POST http://localhost:5000/api/aisecurity/detect-threats \
-H "Content-Type: application/json" \
-d '{ "code": "string sql = \"SELECT * FROM Users\";", "fileName": "sample.cs" }'
If you are not using PrimusSaaS.Security.Heuristics, make sure you register your own IAIThreatDetector implementation or the endpoints will fail at runtime.