This is where the developer skepticism is most warranted, so let's be direct about how the AI is actually used — and where it isn't needed at all.
The system does not call an expensive model for every request. It uses a pyramid approach: rules first, small model second, large model last.
Before any AI call, every request passes through a deterministic rule engine — prompt injection patterns, unicode homograph normalization, base64 payload scanning, known attack tool user-agent detection, suspicious path checks. This handles about 70% of traffic on its own. Zero cost, zero latency.
Gray-zone traffic (score 30-49, where rules are ambiguous) goes to a 20B parameter model running at ~1000 tokens/second. Fast enough for inline request classification in the 200-500ms range. Cost: ~$0.07 per 1M tokens.
Deep forensics, evidence packet generation, and threat intelligence synthesis use a 120B parameter model — 500 tok/s. This is for offline analysis, not per-request blocking. The output is structured forensic documentation — country of origin, ASN ownership, attack pattern classification, correlation with known threat actor infrastructure.
| Model | Speed | Cost/1M input | Cost/1M output | Used for |
|---|---|---|---|---|
| 20B (fast) | 1000 tok/s | $0.075 | $0.30 | Request classification, prospecting |
| 120B (deep) | 500 tok/s | $0.15 | $0.60 | Forensics, evidence, threat intel |
Total monthly AI cost: effectively zero on free tier, or ~$5-10/mo on usage.
Is any single component novel? No. IP blocking is not new. SSL checking is not new. Calling an LLM from Node.js is not new. What's novel is the coordination — four independent agents across four isolated servers, communicating over an encrypted mesh, with deterministic rule tiers feeding into AI tiers feeding into automated counter-measures and forensic documentation.
— Part 2 of 2. Read Part 1: Architecture →