diff --git a/modules/security/live-attack-monitor.sh b/modules/security/live-attack-monitor.sh
index 9ddb290..c3dbb7f 100755
--- a/modules/security/live-attack-monitor.sh
+++ b/modules/security/live-attack-monitor.sh
@@ -885,6 +885,21 @@ block_ip_temporary() {
     return 1
 }
 
+# Quick block IP (wrapper for background auto-blocking)
+# Used by ET detection and auto-mitigation engine
+quick_block_ip() {
+    local ip="$1"
+    local reason="${2:-Auto-block: Critical threat}"
+
+    # Validate IP
+    if ! is_valid_ip "$ip"; then
+        return 1
+    fi
+
+    # Block for 1 hour using IPset or CSF
+    block_ip_temporary "$ip" 1 "$reason" >/dev/null 2>&1
+}
+
 # Block IP permanently with CSF
 block_ip_permanent() {
     local ip="$1"
@@ -2669,11 +2684,36 @@ auto_mitigation_engine() {
 
                     IFS='|' read -r score hits bot_type attacks ban_count rep_score <<< "$data"
 
-                    # Auto-block at score >= 80 (CRITICAL)
-                    if [ "$score" -ge 80 ]; then
-                        # Skip if already blocked in this session
-                        [ -n "${BLOCKED_THIS_SESSION[$ip]}" ] && continue
+                    # Validate score is numeric
+                    [ -z "$score" ] && score=0
+                    [[ ! "$score" =~ ^[0-9]+$ ]] && score=0
 
+                    # Skip if already blocked in this session
+                    [ -n "${BLOCKED_THIS_SESSION[$ip]}" ] && continue
+
+                    # INSTANT block at score 100 (MAXIMUM threat via IPset)
+                    if [ "${score:-0}" -ge 100 ]; then
+                        # Mark as blocked
+                        BLOCKED_THIS_SESSION[$ip]=1
+
+                        # Instant IPset block
+                        local time_str=$(date +"%H:%M:%S")
+                        echo -e "${CRITICAL_COLOR}[${time_str}] INSTANT_BLOCK | $ip | Score:100 | ${attacks}${NC}" >> "$TEMP_DIR/recent_events"
+
+                        # Get detailed block reason
+                        local block_reason="INSTANT AUTO-BLOCK: Score=100 Attacks=${attacks}"
+                        if [ -f "$TEMP_DIR/block_reason_${ip//\./_}" ]; then
+                            local intel_reason=$(cat "$TEMP_DIR/block_reason_${ip//\./_}")
+                            block_reason="${block_reason} Intel:${intel_reason}"
+                        fi
+
+                        # Instant block via quick_block_ip (uses IPset for speed)
+                        quick_block_ip "$ip" "$block_reason" &
+                        continue
+                    fi
+
+                    # Auto-block at score >= 80 (CRITICAL)
+                    if [ "${score:-0}" -ge 80 ]; then
                         # Mark as blocked to prevent duplicate attempts
                         BLOCKED_THIS_SESSION[$ip]=1