NeuralTrust Proposes New Firewall Standard for Generative AI

NEW YORK, NY – January 26, 2026 – As enterprises race to deploy generative artificial intelligence, a new class of vulnerabilities has emerged that traditional cybersecurity tools are ill-equipped to handle. Addressing this critical gap, AI security firm NeuralTrust, in collaboration with a global consortium of academic and industry experts, has introduced a new security architecture called the Generative Application Firewall (GAF).

The GAF is detailed in a foundational paper published today, proposing a new reference model for securing applications built on large language models (LLMs). The initiative aims to create a unified security layer that protects against attacks targeting the meaning and context of conversations, a stark departure from the protocol- and syntax-based threats that existing firewalls were designed to stop.

The Semantic Gap in Modern Security

For decades, cybersecurity has focused on structured data. Web Application Firewalls (WAFs) and network firewalls inspect network packets, HTTP requests, and data formats to identify malicious code or anomalous patterns. However, the rise of generative AI systems—from customer-service chatbots to autonomous agents integrated into core business workflows—has created a new, poorly understood attack surface.

These AI systems operate on natural language, interpreting user intent, accumulating conversational context, and making decisions based on semantics. This creates what security experts are calling a "semantic gap," where the most critical vulnerabilities lie not in code, but in meaning. Attackers can now use carefully crafted prompts, known as "jailbreaks" or "prompt injections," to manipulate an AI's behavior, bypass its safety controls, or trick it into revealing sensitive information.

"Traditional network firewalls and Web Application Firewalls were designed for structured, deterministic traffic," the foundational paper states. "Generative AI systems operate at a different layer entirely. Their most critical vulnerabilities do not appear in syntax or protocols, but in meaning, intent, and conversational flow." This mismatch leaves a significant security blind spot for organizations moving AI from experimentation into production.

A Multi-Layered Defense for AI Interactions

The Generative Application Firewall is designed to close this gap by establishing a centralized enforcement layer that sits between users and AI models. Rather than relying on isolated prompt filters or application-specific guardrails, the GAF provides a holistic view of AI interactions, enabling it to detect sophisticated threats that unfold over multiple turns of a conversation.

The paper, now publicly available on arXiv, defines a comprehensive model built on five complementary protection layers:

1. Network and Access Layers: This foundational layer manages traditional security concerns such as rate limiting, identity verification, and access permissions to prevent denial-of-service attacks, scraping, and unauthorized use.
2. Syntactic Controls: This layer validates data formats and structures, preventing attacks that use encoded or obfuscated inputs to bypass security filters. It is crucial for ensuring the integrity of data passed to and from tools used by AI agents.
3. Semantic Analysis: At the core of the GAF, this layer analyzes the meaning of prompts and responses to detect malicious intent. It is specifically designed to identify and block jailbreaks, prompt manipulation, and requests for harmful or non-compliant content.
4. Context-Aware Enforcement: This advanced layer maintains a memory of interactions across sessions, users, and tools. By understanding the full context of a conversation, it can identify subtle, multi-turn attacks, behavioral anomalies, and attempts to escalate privileges that would be invisible to single-turn analysis.
5. Tool and Agent Security: The GAF architecture extends protection to autonomous agents that can take actions. It intercepts calls to external tools, enforces policies on a per-tool basis, and treats tool outputs as untrusted inputs to prevent indirect prompt injection and data poisoning.

This defense-in-depth approach allows the GAF to take real-time actions—such as blocking a malicious prompt, redacting sensitive data from a response, alerting security teams, or terminating a compromised session—while preserving the performance and usability of the AI application.

A Collaborative Push for an Industry Standard

NeuralTrust's effort to define the GAF is not a solo venture. The company has emphasized a collaborative approach, developing the concept with endorsements from prominent researchers and experts from institutions like the University of Cambridge, MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL), the University of Liverpool, and the University of the Aegean.

The initiative also involves key industry governance bodies, including OWASP's GenAI Security Project, the Cloud Security Alliance (CSA), and the Center for AI and Digital Policy. This broad coalition lends significant credibility to the effort and signals a collective push to establish a common framework for AI security. The goal is for the GAF to become as essential for generative applications as the WAF became for web applications—a standard, indispensable layer of the security stack.

By proposing a reference model and a 5-star rating system to assess implementations, the authors hope to standardize the language and expectations around GenAI security. This allows organizations to better evaluate the posture of their AI systems and the solutions designed to protect them. The involvement of open-source communities like OWASP is particularly critical for fostering widespread adoption and continuous improvement of these security principles.

Enabling Secure AI Adoption in the Enterprise

The introduction of the GAF framework comes at a pivotal moment. As companies move beyond initial AI pilots, they face immense pressure to scale these powerful tools across their organizations. This transition from experiment to enterprise-wide production system magnifies the risks of data exfiltration, compliance violations, and reputational damage from model misuse.

For Chief Information Security Officers (CISOs) and risk managers, securing generative AI presents a daunting challenge. The GAF model provides a structured approach to mitigating these new risks, offering a blueprint for integrating security directly into the AI infrastructure rather than treating it as an afterthought. This built-in security is crucial for unlocking the full potential of AI in critical business functions, from finance and healthcare to software development.

NeuralTrust, which has been recognized by Gartner and the European Commission for its work in AI security, positions the GAF as the architectural foundation for its platform. The company states its solution is platform-agnostic, capable of integrating with major LLM providers and deploying across cloud, on-premise, or hybrid environments. As organizations grapple with how to govern a technology that learns and evolves, frameworks like the Generative Application Firewall represent a critical step toward building a foundation of trust and ensuring that AI adoption can be both ambitious and secure.