Show HN: I found a prompt injection in my own IDs triage tool – what stopped it

Category: security

Tags: ids, suricata, local-llm, alert-triage, security, homelab

Score: 7.0/10 (Innovation: 7, Technical: 7, Documentation: 8, Utility: 6)

Triagewall is a local-LLM powered alert triage tool for Suricata IDS that pre-filters known noise and classifies residual alerts with a security-tuned model, designed for homelabs and small SOCs. Its innovative combination of prompt injection hardening, canary tokens, and systematic prompt engineering to unlock a security-domain model's latent specialization makes it stand out from generic LLM wrappers. The project fills a clear gap for self-hosters who want cloud-free, privacy-respecting IDS triage with measurable accuracy improvements.

Target audience: security engineers, devops, homelab enthusiasts

Repository: https://triagewall.io/posts/prompt-injection-phase-2 · Python · AGPL-3.0 · 3 stars

View on Hacker News