vigil

eBPF-based runtime security for AI inference workloads

AI Workloads
Ollama
vLLM
llama.cpp
LiteLLM
FastAPI + HF Transformers
syscalls
block decision ↑
Linux Kernel
eBPF Programs (compiled C, embedded in binary)

Syscall Probes

  • openat — file access
  • connect — outbound net
  • execve — process spawn
  • mmap — memory maps

LSM Hooks

  • security_file_open
  • security_socket_connect
  • security_bprm_check
  • → BLOCK inline
Ring Buffer
lock-free kernel→userspace event stream · ~zero overhead · structured event records
events stream
block map ↑
User-space Go Daemon
vigil daemon — single static binary

Process Detector

Finds AI serving processes by name/cmdline. Auto-attaches eBPF probes on discovery.

Event Processor

Consumes ring buffer. Parses and enriches events with PID, container ID, timestamp.

Anomaly Detector

Compares events against loaded profile. Flags deviations above threshold.

Policy Enforcer

Writes block decisions to eBPF map. LSM hook reads map synchronously to deny syscall.

Profile Store
ollama.yaml
vllm.yaml
llamacpp.yaml
litellm.yaml
custom.yaml
embedded in binary · overridable
JSON audit log
CLI commands
Output & CLI

Audit Logger

Structured JSON to stdout, file, or syslog. Plug into any SIEM (Splunk, Elastic, Datadog).

{"ts":"...","pid":1234,"event":"connect","dst":"1.2.3.4","action":"BLOCKED","framework":"ollama"}

CLI

vigil watch [--framework ollama] vigil audit [--tail] vigil profile list | show <name>
Kernel / eBPF layer
User-space daemon (Go)
Output & CLI
Inline block path (LSM)