Static detection rules have a shelf life. The day you ship them, they start going stale. Adversaries iterate — they rephrase, reframe, embed attacks in metaphors, wrap them in hypotheticals, and find the edges of whatever ruleset you have. If your firewall can only catch what you already thought of, you're always playing catch-up. This is the problem I set out to solve with Sentinel's adversarial self-tuning loop: a daily cron job that pits a red team (Claude) against a blue team (Sentinel's own /v1/scrub endpoint), analyzes what escapes, and proposes new detection signatures — without anything going live without human approval. Here's how it works. The Loop in One Paragraph Every night at 3am, the loop runs one round. The red team is given the full list of existing detection signatures and asked to generate 10 novel attack payloads that target techniques not already covered. The blue team tests each one against the live firewall in strict mode.…