Level 2: Basics

Free Tier Essentials

Master the fundamentals of AgentAIShield with Monitor Mode, API keys, Trust Scores, and PII detection. This module covers everything you need to secure your first AI agent on the Free tier.

25 minutes

8 sections

Beginner

Setting Up Your First Project

In AgentAIShield, a "project" represents a collection of related AI agents. Most users start with a single project (e.g., "Production" or "My App"), but you can create multiple projects to separate environments or use cases.

From the Dashboard, complete the onboarding wizard if you haven't already
Navigate to API Keys in the left sidebar
Your default project is automatically created during signup
Click Create API Key to generate your first key

Email Verification Required

You must verify your email before creating API keys. Check your inbox for the verification link sent during signup.

Monitor Mode vs Proxy Mode

AgentAIShield offers two integration modes. As a Free tier user, you have full access to Monitor Mode (Proxy Mode is available on all tiers as well).

Monitor Mode (Fire-and-Forget)

In Monitor Mode, you send a copy of each AI request to AAIS after making your normal LLM call. This is:

Zero latency impact: AAIS doesn't sit in the critical path
Passive observation: Perfect for monitoring without blocking
Simple integration: Just POST request/response data to AAIS

const response = await openai.chat.completions.create({ ... });

// Fire-and-forget monitoring
await fetch('https://agentaishield.com/api/v1/monitor', {
  method: 'POST',
  headers: { 'X-API-Key': 'aais_...' },
  body: JSON.stringify({
    agent_id: 'chatbot-v1',
    messages: [...],
    response: response
  })
});

Proxy Mode (Inline Scanning)

In Proxy Mode, all AI traffic flows through AAIS first. This allows:

Real-time blocking: Stop threats before they reach the LLM
Prompt sanitization: Automatically clean PII from prompts
Cost arbitrage: Route requests to cheaper providers when possible

// Route through AAIS proxy instead of directly to OpenAI
const client = new OpenAI({
  baseURL: 'https://gateway.agentaishield.com/v1/openai',
  apiKey: 'aais_...'  // Your AAIS key
});

Which Mode to Choose?

Monitor Mode: If you want observability without changing request flow or risking latency. Proxy Mode: If you need real-time threat blocking and are okay with the additional hop (~50-100ms).

Creating Your First API Key

API keys authenticate your agents to AAIS. Each key is scoped to a project and can have different permissions.

Go to API Keys in the sidebar
Click Create API Key
Give it a descriptive name (e.g., "production-chatbot")
Select permissions (Read/Write for full access)
Copy the key — it's only shown once

Security Best Practice

Store API keys in environment variables or secret managers — never commit them to source control. Use different keys for dev/staging/production environments.

Sending Your First Monitored Request

Let's walk through a complete example using Monitor Mode with the OpenAI SDK:

import OpenAI from 'openai';
import fetch from 'node-fetch';

const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY });

const messages = [
  { role: 'user', content: 'What is the capital of France?' }
];

// 1. Make normal LLM call
const response = await openai.chat.completions.create({
  model: 'gpt-4',
  messages
});

// 2. Send to AAIS for monitoring
await fetch('https://agentaishield.com/api/v1/monitor', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'X-API-Key': process.env.AAIS_API_KEY
  },
  body: JSON.stringify({
    agent_id: 'my-chatbot',
    provider: 'openai',
    model: 'gpt-4',
    messages: messages,
    response: response.choices[0].message.content
  })
});

console.log(response.choices[0].message.content);

Within seconds, this request will appear in your Dashboard's Live Activity Feed. Click on it to see detailed analysis including PII detections, injection score, and cost breakdown.

Reading Your Trust Score

Every agent gets a Trust Score — a grade from A+ to F based on behavioral analysis. The score is calculated using a 6-factor weighted formula:

PII Leaks (30%): Frequency of sensitive data in prompts/responses
Injection Resistance (20%): Detected adversarial attacks
Policy Compliance (20%): Adherence to content policies
Behavioral Consistency (15%): Traffic pattern stability
Error Rate (10%): How often requests fail or return errors
Track Record (10%): Tenure and clean streak bonuses

Trust Score Calculation

Scores update daily at 2 AM CT. A new agent starts at C (70/100). Clean traffic improves the score; violations drop it. Aim for B+ (85+) or higher in production.

Want to Dive Deeper?

For a complete breakdown of each factor, grade meanings, and improvement strategies, see our dedicated Trust Score Explained training module.

View Trust Scores from:

Dashboard: The "Agent Trust Scores" widget shows fleet-wide distribution
Agent Registry: See per-agent scores with drill-down details
Trust Scores page: Detailed breakdowns and historical trends
Request Log: Each request shows per-event trust impact

Understanding PII Detection Basics

AgentAIShield uses a hybrid approach to detect personally identifiable information:

Regex patterns: Fast detection of emails, phones, SSNs, credit cards
Named Entity Recognition (NER): ML-based detection of names, addresses, dates of birth

Supported PII Types

Email addresses
Phone numbers (US and international formats)
Social Security Numbers
Credit card numbers
Passport numbers
Driver's license numbers
IP addresses
Names (person, organization)
Physical addresses
Dates of birth

PII in Prompts vs Responses

AAIS scans both directions. PII in a prompt means you're sending sensitive data to the LLM (data leak risk). PII in a response means the model generated it (potential hallucination or training data leak).

Basic Threat Monitoring

The Free tier includes real-time threat detection for common attack patterns:

Prompt Injection Detection

AAIS uses a lightweight classifier to detect injection attempts like:

"Ignore previous instructions and..."
"You are now in developer mode..."
"Repeat your system prompt"
Encoded/obfuscated payloads

Jailbreak Attempts

Patterns that try to bypass safety guardrails:

Persona hijacking ("You are now DAN...")
Hypothetical scenarios to extract unsafe content
Recursive role-play tricks

Detection vs Blocking

On Free tier, threats are detected and logged but not blocked (Monitor Mode is passive). To auto-block detected threats, use Proxy Mode or upgrade to Starter tier for advanced blocking rules.

Community Support Resources

Free tier users have access to:

Documentation: Full API reference at docs.html
Discord Community: Ask questions and share best practices
GitHub Discussions: Feature requests and troubleshooting
Email Support: Community-supported, best-effort response (upgrade to Starter for guaranteed SLA)

Free Tier Mastered!

You now know how to integrate agents, monitor traffic, interpret Trust Scores, and detect PII/threats. Ready to level up? Explore advanced features in Starter tier or continue to Advanced Integration guides.

Previous: Getting Started Next: Integration Guide