What is Deconvolute?
An overview of the Deconvolute SDK and its core architecture.
Deconvolute is an open source security SDK designed to protect your AI agents and Large Language Model pipelines. It operates as an Application Firewall for the Model Context Protocol (MCP) and provides a suite of content scanners for robust defense in depth.
The SDK is built around a clear separation of responsibilities to secure both your infrastructure and your data.
Infrastructure Protection (The MCP Firewall)
Traditional stateless scanners inspect individual text payloads but often miss infrastructure attacks where for example a compromised MCP server swaps a tool definition after discovery.
Deconvolute protects your mcp sessions using the mcp_guard() wrapper, which cryptographically seals MCP tool definitions to prevent tampering. It enforces policy-as-code with a Default Deny model, effectively preventing the following threats:
- Shadowing: Servers exposing undeclared tools or hiding malicious functionality.
- Rug Pulls: Servers changing a tool's definition between discovery and execution.
- Confused Deputy: Agents being tricked into calling restricted tools, mitigated by ensuring only approved tools from your policy can be invoked.
Data & Behavior Protection (Content Scanners)
To protect against adversarial content that flows through your system, Deconvolute provides complementary scanners:
scan(): Validates untrusted text before it enters your system (e.g. RAG documents, user input).llm_guard(): Wraps LLM clients to detect jailbreaks and policy violations in model outputs.- Direct Scanner Usage: Allows developers to implement custom security logic using built-in deterministic checks.