Every AI team knows the pain: you ship a new prompt, RAG pipeline, or agent change… and suddenly production breaks in unexpected ways. Compliance teams scream about OWASP LLM Top 10, SOC2, HIPAA, or EU AI Act. Security reviews take forever.
What if you had a self-evolving risk brain that sits right in your CI/CD, scores every change before merge, and actually gets smarter from your own incidents and senior engineers’ judgments?
That’s exactly what ITTE (Iterative Threat & Trust Evaluator) MVP is.
Why ITTE exists
Traditional guardrails are either:
- Cloud-only (your code leaves the VPC → privacy nightmare)
- Static rules (can’t learn from new failure modes)
- No memory (every PR is judged in isolation)
ITTE solves all three with a completely local, self-hosted design:
- Persistent FAISS vector memory + exponential decay
- Optional local LLM judge (Qwen2.5-Coder-1.5B or any Hugging Face model)
- Public cold-start seed + private incident distillation
- Built-in compliance templates (OWASP LLM Top 10, SOC2, HIPAA, EU AI Act)
- Native GitHub PR Gate via GitHub Actions
And yes — it’s 100% open source (Apache 2.0).
10-minute local setup (no cloud, no Docker yet)
bash
# 1. Clone
git clone https://github.com/xxx0438/itte-mvp.git
cd itte-mvp
# 2. Environment
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
# 3. Config
cp env.example .env
Top comments (0)