← Back to Articles & Projects

Project MyLeads AI: Secure-by-Design SaaS Architecture

By Shay Mordechai | March 9, 2026

When engineering a modern SaaS platform that handles sensitive customer inquiries and AI interactions, security cannot be an afterthought. This case study outlines the architectural decisions and DevSecOps pipelines behind MyLeads AI, a platform I designed with a strict "Secure-by-Design" philosophy.

The goal was to eliminate external attack surfaces while providing a high-performance User Experience (UX), heavily utilizing AI for development velocity so I could focus entirely on Infrastructure Hardening and Threat Modeling.

MyLeads AI Security Architecture Diagram

Figure 1: The Zero Trust Production Architecture

0. How This Was Built: AI-First Development

Before diving into the architecture, it's worth being transparent about the development approach — because it's inseparable from what made this project possible.

MyLeads AI was built entirely through AI-assisted development, across three distinct phases that mirror how the product itself evolved:

Phase 1 — GitHub Copilot (VS Code): The initial version of the platform was scaffolded using GitHub Copilot inside VS Code. At this stage, the product was a prototype: basic lead capture, simple auth, and a rudimentary chat interface. Copilot accelerated the boilerplate-heavy early work — routing, models, API endpoints — while I focused on the architecture and security decisions.

Phase 2 — Cursor: After roughly a year, I made a deliberate decision to upgrade the entire development workflow to Cursor. This unlocked a fundamentally different mode of working: instead of autocomplete, I was now conducting full architectural conversations with the codebase. Cursor allowed me to refactor the monolith into a clean Next.js + Python monorepo, implement the WASM DLP firewall, and migrate the database layer to Alembic — all at a pace that would have been impossible working line-by-line.

Phase 3 — Iterative AI Studio (Client-Driven Features): The final phase was product-driven. I was working directly with a real client — a coaching business owner — co-designing requirements in real time. Each new feature (voice broadcasts, AI lead qualification, the agency partner portal) was specified through a client conversation, translated into a precise prompt, and implemented via AI. Google AI Studio became the tool of choice for rapid prototyping of the Gemini-powered agentic flows.

Development Takeaway: The real skill in AI-assisted development is not typing less — it's knowing exactly what to ask for, catching when the output is wrong, and making architecture decisions that no AI will make for you. Every security decision in this codebase was made by a human. The AI wrote the code.

1. The "Dark Server" Infrastructure

The core concept of the production environment is invisibility. The AWS EC2 server exposes zero inbound ports (0.0.0.0/0 blocked) to the public internet. All ingress traffic is strictly tunneled and inspected via Cloudflare's Edge Network.

2. WASM Data Loss Prevention (DLP) Firewall

To mitigate API Over-fetching and Application-Layer Information Disclosure (CWE-209), I implemented a custom WebAssembly (WASM) filter written in Rust, running directly inside the Envoy Proxy.

This firewall uses a Fail-Closed architecture. It inspects outbound JSON payloads and redacts sensitive credentials (like internal tokens) in real-time, ensuring that data bleed is stopped at the network edge before reaching the Next.js Frontend.

3. Out-of-Band Management & The "Airbag"

Admin panels are notorious targets for web exploits. To mitigate this:

4. Data Integrity & Concurrency

Handling highly concurrent webhook events from platforms like Meta requires transactional safety. I configured SQLite with Write-Ahead Logging (WAL) to prevent lock errors. Furthermore, a Dead Letter Queue (DLQ) ensures that failed payloads (e.g., due to AI API timeouts) are safely routed for manual recovery, guaranteeing 0% data loss during Retry Storms.

5. AI Integration: Local vs. Cloud

The platform features a Hybrid AI Engine. Sensitive audio components (like coaching voice notes) are processed completely offline using a locally hosted Faster-Whisper model and natively compiled FFmpeg. Public-facing agentic tasks (conversational memory, lead qualification) are securely offloaded to Google Gemini 2.0 Flash with semantic Redis caching to minimize latency.

Architectural Takeaway: Modern development is no longer just about writing business logic. By leveraging AI tools — Copilot, Cursor, and AI Studio — to handle code generation at every stage, I was able to dedicate my engineering resources to what truly matters: designing a robust, resilient, and enterprise-grade secure infrastructure. The AI wrote the implementation. I designed the system.