Deconvolute SDK
Introduction & Overview

What is Deconvolute?

An overview of the Deconvolute SDK and its core architecture.

Deconvolute is an open source security SDK designed to protect your AI agents and Large Language Model pipelines. It operates as an Application Firewall for the Model Context Protocol (MCP) and provides a suite of content scanners for robust defense in depth.

The SDK is built around a clear separation of responsibilities to secure both your infrastructure and your data.

Infrastructure Protection (The MCP Firewall)

Traditional stateless scanners inspect individual text payloads but often miss infrastructure attacks where for example a compromised MCP server swaps a tool definition after discovery.

Deconvolute protects your MCP sessions across two critical layers:

  1. Transport Layer Security: Using wrappers like secure_sse_session, Deconvolute binds security identities to physical network origins. This prevents routing attacks like DNS Rebinding and Server Identity Spoofing.
  2. Protocol Layer Security: Using the mcp_guard() wrapper, Deconvolute cryptographically seals MCP tool definitions to prevent tampering. It enforces policy-as-code with a Default Deny model, effectively preventing the following threats:
    • Shadowing: Servers exposing undeclared tools or hiding malicious functionality.
    • Rug Pulls: Servers changing a tool's definition between discovery and execution.
    • Confused Deputy: Agents being tricked into calling restricted tools, mitigated by ensuring only approved tools from your policy can be invoked.

Approved tool schemas are pinned on first use and persisted across sessions, ensuring these guarantees hold long-term.

Data & Behavior Protection (Content Scanners)

To protect against adversarial content that flows through your system, Deconvolute provides complementary scanners:

  • scan(): Validates untrusted text before it enters your system (e.g. RAG documents, user input).
  • llm_guard(): Wraps LLM clients to detect jailbreaks and policy violations in model outputs.
  • Direct Scanner Usage: Allows developers to implement custom security logic using built-in deterministic checks.

Welcome to Deconvolute

The open source security SDK for AI agents and RAG pipelines.

Why AI Security Matters

Understanding the new attack surfaces in AI agents and RAG systems.

On this page

Infrastructure Protection (The MCP Firewall)Data & Behavior Protection (Content Scanners)