imaddhin
Start project
Labs

Cybersecurity for APIs, AI & data

Hardening REST APIs, governing how AI consumes data, and giving teams clearer control and visibility over data in the age of AI.

REST APIs, AI governance, Data control, Security

Cybersecurity for APIs, AI & data — 1

A focused security layer for AI-heavy products: hardened REST APIs, governed AI consumption of company data, and explicit data control with row-level policies and an audit trail teams can trust.

What I’ll build

  • API guard: zod validation, JWT auth, IP rate limit, OWASP headers.
  • Consistent error envelope; no internals leaked to clients.
  • AI tool/prompt guard: allow-list, PII redaction, token + step caps.
  • Structured-output schemas so model responses are validated at the boundary.
  • Row-level data access policy keyed by role, owner, and tags.
  • Append-only audit log for every allow/deny decision.
  • Secret + key-rotation playbook (KMS-only, no plain env secrets).

Architecture

Each Next.js Route Handler wraps its handler in withApiGuard(schema, fn). AI calls go through safeGenerate, which redacts PII, caps prompt size, and only forwards tools on the allow-list. Backend services in Python share a policy module so the same access decisions are made server and worker side, with audit rows written to an append-only store.

Stack: Next.js · zod · Upstash Ratelimit · Vercel AI SDK · Python 3.12 · append-only audit log

Roadmap

  1. API guard + headers + rate limit shipped on existing routes.
  2. AI guard rolled out to every generateText call.
  3. Row-level policy + audit log for the data plane.
  4. Tabletop exercises and a public threat model.
  5. External pen-test and continuous dependency scanning in CI.

Interested? Enterprises, security leads, or platform teams — email contact@imaddhin.com.