SIGIL, an open-source tool for securing LLM prompts using cryptographic signatures, launches to eliminate reliance on third-party servers for AI security.

What happened: SIGIL is a free, open-source framework that uses Ed25519 digital signatures to seal LLM prompts and prevent tampering. It records prompts locally in a Merkle-linked audit chain, detects encoded attacks (Base64, ROT13, Hex), quarantines user input from system instructions using XML boundaries, and works with Google Gemini, Anthropic Claude, OpenAI GPT, and local Ollama instances. The tool provides revocation via certificate revocation list (CRL), time-bounded signatures, and human-in-the-loop approval gates without requiring external dashboards or servers.

Why it matters: Organizations using LLMs for sensitive operations (banking, legal discovery, healthcare) have historically needed to trust a vendor's external security service. SIGIL shifts that trust from "trust our server" to "trust mathematics," keeping all data and cryptographic verification local. This removes both vendor lock-in and the monthly subscription cost of enterprise AI security platforms—users can deploy it immediately with pip install and Python decorators, making defense-grade prompt integrity available to teams that cannot afford SaaS overhead.

What to watch: SIGIL is free and has zero external dependencies. It includes an audit proxy that detects "political injection" (policy-speak masquerading as content) and runs an integrity canary—asking the LLM for SHA256('SIGIL') to catch silent model swaps. A legal discovery exporter bundles audit records and a tamper-evident manifest for court or regulator submission. The tool's effectiveness depends on how broadly teams adopt its XML trust boundaries and input normalization layers to prevent prompt breakout attacks.