Complete guide
to Silker AI
Everything you need to secure your applications
What is Silker AI?
Runtime security platform that protects web applications from threats in real-time. Unlike traditional security tools that focus on code scanning or infrastructure, Silker AI monitors your application while it runs, detecting and blocking attacks as they happen.
Built for modern development teams. Combines AI-powered threat detection with automatic vulnerability patching. Works with Next.js sites on Vercel, or custom APIs on VPS.
Key Features
OWASP Top 10
SQL injection, XSS, CSRF, SSRF, path traversal
Real-Time Monitoring
Live dashboard with threat analytics and metrics
Auto-Fix
Patches vulnerabilities without manual intervention
Compliance
GDPR and HIPAA compliant, SOC 2 in progress
Edge Computing
Cloudflare Workers and Grok AI for minimal latency
Customizable
Fine-tune settings, whitelist IPs, configure alerts
Quick Start
1. Install the SDK
Install Silker AI via npm or yarn:
npm install @silker-ai/agent2. Initialize in your app
Add Silker AI to your application entry point:
import { middleware } from '@silker-ai/agent';
app.use(middleware({
apiKey: process.env.SILKER_API_KEY!,
appId: 'my-app'
}));3. That's it!
Silker AI is now protecting your application. Visit your dashboard to monitor threats, configure rules, and view security analytics.
Framework Integrations
Express.js
const express = require('express');
const { middleware } = require('@silker-ai/agent');
const app = express();
app.use(middleware({
apiKey: process.env.SILKER_API_KEY!,
appId: 'my-express-app'
}));
app.listen(3000);Next.js
// middleware.ts
import { middleware } from '@silker-ai/agent';
export const config = {
matcher: '/api/:path*'
};
export default middleware({
apiKey: process.env.SILKER_API_KEY!,
appId: 'my-nextjs-app'
});Vercel Deployment
Add your API key to environment variables:
SILKER_API_KEY=your-api-keyConfiguration
Silker AI works out of the box with smart defaults, but you can customize behavior. All security features are **enabled by default**.
import { middleware } from '@silker-ai/agent';
app.use(middleware({
apiKey: process.env.SILKER_API_KEY!,
appId: 'my-app',
endpoint: 'https://api.silkerai.com',
debug: false,
maxPayloadSize: 51200,
features: {
// All features are enabled by default (true).
// Set to false to disable specific checks.
}
}));Security Features Reference
Core Security
rateLimitDefault: trueProtects against brute-force and DoS attacks by limiting requests (5 req/min per IP). Uses sliding window algorithm.
sqliDetectionDefault: trueDetects and blocks SQL injection patterns in query parameters, body, and headers using heuristic analysis.
xssDetectionDefault: truePrevents Cross-Site Scripting (XSS) attacks by detecting malicious scripts in input data.
pathTraversalDetectionDefault: trueBlocks attempts to access unauthorized files via directory traversal (e.g., ../etc/passwd).
promptInjectionDetectionDefault: trueAI/LLM Specific: Detects attempts to manipulate LLM behavior via malicious prompts (jailbreaks, context leaks).
OWASP Top 10
accessControlDetectionDefault: trueA01: Broken Access Control. Detects privilege escalation attempts and unauthorized resource access.
cryptographicValidationDefault: trueA02: Cryptographic Failures. Checks for weak encryption usage and exposure of sensitive data in transit.
sqliDetection / xssDetectionDefault: trueA03: Injection. Protection against SQL Injection, Cross-Site Scripting (XSS), and Command Injection attacks.
zeroTrustDetectionDefault: trueA04: Insecure Design. Enforces zero-trust principles and validates request integrity to prevent design-level flaws.
securityHeadersValidationDefault: trueA05: Security Misconfiguration. Validates security headers (CSP, HSTS, X-Frame-Options) and checks for default configurations.
vulnerableComponentsDetectionDefault: trueA06: Vulnerable and Outdated Components. Identifies usage of known vulnerable dependencies or components (CVEs).
authenticationValidationDefault: trueA07: Identification and Authentication Failures. Detects weak authentication, credential stuffing, and brute-force attempts.
softwareIntegrityValidationDefault: trueA08: Software and Data Integrity Failures. Verifies integrity of software updates, CI/CD pipelines, and critical data flows.
auditLoggingDefault: trueA09: Security Logging and Monitoring Failures. Ensures critical security events are logged and alerts are triggered.
ssrfDetectionDefault: trueA10: Server-Side Request Forgery (SSRF). Blocks requests to internal networks (localhost, 127.0.0.1) and sensitive metadata services.
Advanced Security
csrfDetectionDefault: trueCross-Site Request Forgery protection. Verifies Origin/Referer headers for state-changing requests.
idorDetectionDefault: trueInsecure Direct Object Reference detection. Checks for unauthorized access to objects via IDs.
hostHeaderInjectionDetectionDefault: truePrevents attacks that manipulate the Host header to poison caches or reset passwords.
dataLeakageDetectionDefault: trueScans outgoing responses for sensitive data (API keys, Credit Cards, SSN, PII).
sessionAnomaliesDetectionDefault: trueBehavioral analysis to detect session hijacking and unusual user patterns.
apiSchemaValidationDefault: trueValidates requests against expected API schemas and structures.
fileUploadDetectionDefault: trueScans uploaded files for malware and validates file types/extensions.
thirdPartyDetectionDefault: trueMonitors and validates interactions with third-party APIs and services.
complianceDetectionDefault: trueChecks for violations of GDPR, HIPAA, and other regulatory requirements.
threatIntelligenceDefault: trueChecks IPs and signatures against global threat intelligence feeds.
cloudCommunicationDefault: trueSends sanitized security events to Silker Cloud for analysis and dashboard reporting.
API Documentation
Complete REST API reference for integrating Silker AI into your applications. Create requests, alerts, and threats programmatically using your API key.