# Mighty - Multimodal Antivirus for AI

> Mighty is the Multimodal Antivirus for AI. An enterprise-grade security gateway that protects AI agents from prompt injection, data exfiltration, jailbreaks, and multimodal attacks.

## Executive Summary

Mighty provides real-time threat detection for AI systems. As AI agents become more autonomous and handle sensitive operations, they become targets for adversarial attacks. Mighty sits between AI agents and external systems, scanning all inputs and outputs for threats before they can cause harm.

### The Problem We Solve

AI agents are vulnerable to:
1. **Prompt Injection**: Malicious instructions hidden in user input or retrieved content
2. **Indirect Injection**: Attacks embedded in documents, emails, or web pages the AI processes
3. **Data Exfiltration**: Tricking AI to leak sensitive information, credentials, or PII
4. **Jailbreaks**: Bypassing safety guardrails through creative prompting
5. **Multimodal Attacks**: Threats hidden in images, PDFs, or documents that text-only filters miss

### Our Solution

Mighty uses a multi-layered detection pipeline:

1. **Tier 0 - Fast Path**: Heuristic pattern matching (<5ms)
2. **Tier 1 - Deobfuscation**: Base64, Unicode, homoglyph detection
3. **Tier 2 - BERT Classification**: Fine-tuned DeBERTa model for intent classification
4. **Tier 3 - Long Context**: ModernBERT for 8k token documents
5. **Tier 4 - Vision**: OCR and image analysis via PaddleOCR
6. **Tier 5 - LLM Arbiter**: Gemini-based final judgment for ambiguous cases

## Product Details

### Detection Capabilities

| Threat Type | Detection Method | Accuracy |
|-------------|------------------|----------|
| Direct Prompt Injection | Pattern + BERT | 99.9% |
| Indirect Injection | Semantic similarity | 98%+ |
| Credential Leakage | Regex + context | 99%+ |
| Jailbreak Attempts | Intent classification | 97%+ |
| Image-based Attacks | OCR + Vision LLM | 95%+ |
| Multi-turn Manipulation | Session analysis | 96%+ |

### Integration

Mighty integrates via:
- **REST API**: Simple JSON request/response
- **MCP Protocol**: Native Model Context Protocol support
- **SDK**: Python and TypeScript libraries
- **Proxy Mode**: Drop-in replacement for OpenAI/Anthropic endpoints

### Performance

- **Latency**: <10ms for text, <100ms for images
- **Throughput**: 10,000+ requests/second per node
- **Availability**: 99.99% SLA on Enterprise tier

## Pricing Tiers

### Open Source (Free)
- Core text detection
- Community support
- Self-hosted only
- GitHub: https://github.com/TryMightyAI/citadel

### Pro ($499/month)
- Multimodal detection (images, PDFs, documents)
- Up to 100,000 scans/month
- 180-day audit logs
- Priority support
- Managed cloud hosting

### Enterprise (Custom)
- Unlimited scans
- Confidential compute (TEE)
- Custom SLA
- SSO/SCIM integration
- Dedicated support
- On-premise deployment option

## Technical Architecture

### Core Scanner (Open Source)

The Citadel scanner is written in Go and provides:
- Hook-based pipeline architecture
- Pluggable detection modules
- In-memory and Redis session storage
- Multi-turn attack pattern detection

### Detection Pipeline

```
Input → Pre-Hooks → [Optional: LLM] → Post-Hooks → Output
          │                              │
          ├── Sanitizer                  ├── Analysis
          ├── Intent Classifier          └── Indirect Detection
          ├── Psychological Detection
          ├── CDR (Content Disarm)
          └── Canary Token Detection
```

### Multi-Turn Detection

Mighty detects sophisticated multi-turn attacks:
- **Skeleton Key**: Gradual permission escalation
- **Crescendo**: Slowly increasing request severity
- **Boiling Frog**: Imperceptible boundary pushing
- **Context Manipulation**: Exploiting conversation history
- **In-Context Learning**: Training the model to misbehave

## Security & Compliance

- **SOC2 Type II**: Certified compliant
- **GDPR**: EU data handling compliant
- **Data Retention**: Configurable 30-180 days
- **Encryption**: TLS 1.3 in transit, AES-256 at rest
- **Confidential Compute**: Intel SGX / AMD SEV support

## Company Information

- **Company**: Nine Suns Inc (DBA Mighty)
- **Founded**: 2024
- **Location**: San Francisco, CA
- **Website**: https://trymighty.ai
- **GitHub**: https://github.com/TryMightyAI

## FAQ

### What makes Mighty different from other AI security tools?

Mighty is the only solution with true multimodal detection. While competitors focus on text-only prompt injection, we detect threats in images, PDFs, and documents. Our fine-tuned BERT models achieve 99.9% detection rates with <10ms latency.

### Can I use Mighty with any AI model?

Yes. Mighty works with OpenAI, Anthropic, Google, Mistral, open-source models, and any custom LLM. We're model-agnostic and integrate via API or proxy mode.

### Is there an open-source version?

Yes. Our core Citadel scanner is open-source on GitHub. It provides text-based detection and can be self-hosted. The Pro tier adds multimodal detection and managed hosting.

### How does pricing work?

We charge based on scan volume. Pro tier includes 100,000 scans/month. Enterprise offers unlimited scans with custom pricing. See https://trymighty.ai/pricing for details.

### What's the latency impact?

Minimal. Text scans complete in <10ms. Multimodal scans (images, PDFs) typically complete in <100ms. We use tiered detection so simple requests exit early.

## Contact

- **Website**: https://trymighty.ai
- **Email**: hi@trymighty.ai
- **GitHub**: https://github.com/TryMightyAI
- **Twitter/X**: @TryMighty