AIRGAP StudioAirgap Security Shield
Learn about the 5-layer security system: audit logging, DLP, vulnerability analysis, supply chain security, and output validation.
Overview
AIRGAP Security Shield is an extension providing a modular 5-layer security system. It consists of Audit Core (audit logging), Data Guard (Korean PII protection), Code Scanner (KISA vulnerability analysis), Supply Chain (dependency security), and Output Validator (AI output verification). It operates fully offline with no external dependencies.
Shield-1: Audit Core — Audit Logging
An audit logging system that automatically records all AI activities.
| Item | Description |
|---|---|
| Format | JSONL (daily files) |
| Integrity Verification | SHA-256 hash for log tampering detection |
| Privacy | Only prompt hashes are recorded, full text is not stored |
Activities such as file creation/modification, terminal commands, and code generation performed by the AI are automatically logged. SHA-256 hashes are included in log files to verify whether they have been tampered with.
Shield-2: Data Guard — Korean PII DLP
A DLP (Data Loss Prevention) feature that automatically detects and masks personal information in AI inputs/outputs.
Detection Patterns
Supports 10 Korean PII (Personally Identifiable Information) patterns:
- Resident Registration Number
- Phone / Mobile Phone Number
- Bank Account Number
- Credit Card Number
- Email Address
- Business Registration Number
- Passport Number
- Internal IP Address
- Driver's License Number
How It Works
- Bidirectional masking — Detects and masks in both AI input and AI-generated output
- Code context awareness — Automatically reduces false positives in code-heavy input
- Processing guaranteed within 100ms
Shield-3: Code Scanner — KISA Vulnerability Analysis
Performs static code analysis based on the KISA (Korea Internet & Security Agency) vulnerability guide.
Key Features
- Static analysis of 47 KISA vulnerability items (progressively expanding)
- Dual scan cross-validation using two analysis engines
- Results integrated into the VS Code Problems panel
- AI Quick Fix — Suggests automatic fix code when vulnerabilities are found
Shield-4: Supply Chain — Supply Chain Security
A supply chain security feature that scans for dependency vulnerabilities in offline environments.
- Dependency vulnerability scanning with an offline CVE database (~50MB)
- Automatic SBOM generation in standard format
- Detection of known vulnerabilities in project dependency packages
Shield-5: Output Validator — AI Output Verification
Proactively blocks dangerous patterns in AI-generated terminal commands and code.
- Terminal command risk pattern blocking — Detects dangerous commands like file deletion, system modification, etc.
- Malicious script pattern recognition and warnings
Security Commands
You can run Security Shield commands from the Command Palette (Ctrl+Shift+P):
- Run Security Scan
- View Audit Logs
- Generate SBOM
- Manage DLP Settings
Model Integrity Verification
Verifies the integrity of Ollama model files using SHA-256 hashes. This ensures only trusted AI models are used by checking whether model files have been tampered with.
Extension Integration
Security Shield integrates with all AIRGAP extensions.
| Extension | Integration Details |
|---|---|
| Assistant | AI input/output DLP masking, terminal command verification |
| Designer | Security scanning of generated code |
| Bridge | Security verification of code conversion results |
| Autocomplete | Autocomplete code pattern verification |
Related Documentation
- Airgap Assistant - AI coding assistant
- Airgap Designer - AI UI Designer
- Airgap Bridge - Design token pipeline