Building a Zero-Dependency Security SDK in Python

#ai #python #security #opensource

When we set out to build a runtime security tool for AI applications, we made one rule: zero external dependencies. Only the Python standard library.

It sounds limiting. It was. But for a security tool, it turned out to be exactly the right constraint.

Why zero dependencies?

Every dependency you add is a package that could be compromised in a supply chain attack. This isn't theoretical — in 2024, the litellm package on PyPI was compromised with credential-stealing malware. Over 47,000 downloads happened in a 46-minute window before it was caught.

A security tool that introduces its own attack surface defeats the purpose. So we committed to pip install diogenesis-sdk installing exactly one package with zero transitive dependencies.

What we built

Diogenesis is a behavioral immune system for AI applications. Instead of maintaining a database of known threats (like antivirus), it monitors what your application actually does at runtime and flags deviations from normal behavior.

It intercepts four categories of runtime events:

Imports — every module your application loads
File system activity — reads, writes, deletions
Network connections — all outbound calls with destination and payload size
Subprocesses — every spawned process and its arguments

Quick start:

from diogenesis_sdk import activate, status, field_state, threat_summary

activate()
print(status())

That's it. Four agents start patrolling your application automatically.

What we learned from the standard library

Building without dependencies forced us to dig deep into parts of the standard library that most Python developers never touch. Here's what we found useful:

`sys.meta_path` for import interception

Python's import system is surprisingly hookable. By inserting a custom finder into sys.meta_path, you can intercept every import statement before it executes. This is how we track which modules your application loads and detect "shadow imports" — modules being loaded that weren't part of the established baseline.

`os.scandir()` for file monitoring

Most people reach for watchdog when they need file system monitoring. But os.scandir() is fast, built-in, and gives you everything you need — file type, stats, and path information — without adding a dependency.

`socket` module for network tracking

The socket module's getaddrinfo function lets you track outbound connections at a low level. We wrap this to log every network call your application makes, including destination and timing.

`subprocess.Popen` wrapping

By wrapping subprocess.Popen, we capture every external process your application spawns. This catches things like an AI agent deciding to run shell commands it was never intended to run.

The behavioral approach

The key insight behind Diogenesis is that you don't need to know every possible attack to detect one. You just need to know what "normal" looks like.

Every module in your application gets a "voltage" score — a measure of how closely its current behavior matches its baseline. When voltage drops, something has changed. Maybe it's fine. Maybe it's an AI agent that just started importing shutil when it's never done that before.

from diogenesis_sdk import activate, field_state

activate()

state = field_state()
for name, info in state["modules"].items():
    voltage = info["voltage"]
    if voltage < 0.5:
        print(f"WARNING: {name} coherence low ({voltage:.2f})")
    else:
        print(f"OK: {name} stable at {voltage:.2f}")

Five built-in threat patterns run automatically: data exfiltration, privilege escalation, shadow imports, resource abuse, and behavioral drift. Each triggers a graduated response — LOG, WARN, or ALERT — so you're not drowning in false positives.

The tradeoffs

Zero dependencies isn't free. Here's what we gave up:

No requests library — all HTTP handling uses urllib and socket directly. It's uglier but it works.
No numpy for statistical analysis — the behavioral baseline and voltage calculations use pure Python math. It's slower, but for a monitoring tool running in the background, it's fast enough.
No click or argparse alternatives — CLI tooling is minimal and hand-rolled.
Testing without pytest — we use unittest from the standard library. 104 tests, all passing.

Would we make the same choice for a web app or a data pipeline? Probably not. But for a security tool that sits inside other people's applications, minimizing the footprint is the right call.