Part of the Cognis Neural Suite by Cognis Digital Cognis Open Collaboration License (COCL) v1.0 · domain:
ai-security
RAG corpus poisoning detector — embedding anomalies, backdoor triggers.
AI Security & Governance — securing LLMs, agents, and the MCP supply chain.
- Install the
ragshieldcommand:pip install cognis-ragshield # or: pip install -e . from this repo - Scan a JSONL corpus for poisoning, backdoor triggers and embedding anomalies (
scanis the only subcommand; the corpus path is positional):ragshield scan demos/01-basic/corpus.jsonl
- Tune the gate.
--fail-onsets the minimum severity that exits non-zero (mediumdefault; alsohigh,critical,any,never);--dup-thresholdcontrols the near-duplicate Jaccard cutoff (default0.9):ragshield scan corpus.jsonl --fail-on high --dup-threshold 0.85
- Read the output.
--format jsonemitsdoc_count,risk_score,poisonedand afindingslist (each withseverity,detector,doc_id,message); the defaulttablerenders the same data for humans:ragshield scan corpus.jsonl --format json > scan.json - Wire it into CI — the exit code is the gate, so a poisoned corpus fails the build:
- run: pip install cognis-ragshield - run: ragshield scan data/corpus.jsonl --fail-on high
Security and intelligence teams need RAG corpus poisoning detector — embedding anomalies, backdoor triggers without standing up heavyweight infrastructure. ragshield is single-purpose, scriptable, CI-friendly, and self-hostable: point it at a target, get prioritized findings in the format your workflow already speaks (table, JSON, SARIF, HTML), and wire it into agents over MCP when you want it autonomous.
pip install cognis-ragshield
# or, from this repo:
pip install -e ".[dev]"ragshield --version
ragshield scan demos/ # run against the bundled demo
ragshield scan demos/ --format sarif --out r.sarif --fail-on high
ragshield scan demos/ --format html --out report.html
ragshield mcp # expose as an MCP server (Cognis.Studio / Claude Desktop / Cursor)Each scenario folder includes a SCENARIO.md describing the situation and the findings to expect.
demos/01-basic/demos/01-corp-knowledge-base/demos/02-clean-corpus/demos/03-research-papers-mixed/
- Table (default) — human-readable terminal summary
- JSON — machine-readable findings for pipelines
- SARIF — drops into GitHub code-scanning / IDE problem panes
- HTML — shareable report with severity rollups
ragshield is one of 52 tools in the Cognis Neural Suite. Every tool ships an MCP server, so Cognis.Studio agents can call them as scoped capabilities.
Sibling tools in ai-security: aegis, promptmirror, ledgermind, adversa, guardpost, hallumark, aicard, biascope, mcpharden, agentlog
- Design notes:
docs/ARCHITECTURE.md - Planned work:
ROADMAP.md
PRs, new detections, and demo scenarios are welcome under the collaboration-pull model. See CONTRIBUTING.md and SECURITY.md.
ragshield composes with the 300+ tool Cognis suite — JSON in/out and a shared
OpenAI-compatible /v1 backbone. See INTEROP.md for the
suite map, composition patterns, and reference stacks.
Forward ragshield's findings to STIX/MISP/Sigma/Splunk/Elastic/Slack/webhooks via
cognis-connect. See INTEGRATIONS.md.
Source-available under the Cognis Open Collaboration License (COCL) v1.0 — free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.
This is dual-use security software. Use it only against systems, data, and identities you own or are explicitly authorized in writing to test, and in compliance with applicable law.
Cognis Digital — Wyoming, USA · Making Tomorrow Better Today: Advanced Cybersecurity, AI Innovation, and Blockchain Expertise.