AI Security
Protecting AI systems from threats, vulnerabilities, and adversarial attacks
Hero Post
By Adesh Gairola
Agent identity isn't solved. Here's the model I use anyway.
Agent identity makes more sense as four stacked layers: a tamper-proof token format, cryptographic proof of which workload is running, a delegation chain that keeps the human as the subject, and a way to onboard to a service an agent has never met. Climb all four and you've proven who the agent is. You still haven't proven that what it did was okay.
Featured Posts
By Adesh Gairola
Alignment is a Security Problem, Not an Ethics Problem
Misalignment maps onto vulnerability classes security engineers already operate on: backdoors, defense evasion, privilege escalation, exfiltration. Calling it ethics keeps it off security teams' desks. Reframing it as security decides who owns the work, which budget pays, and which playbook applies.
By Adesh Gairola
Claude 4.7: Five Layers Blocking Cyber Attacks Before and After
Claude 4.7 doesn't rely on one safety mechanism. It stacks a rulebook, trained refusals, differential capability reduction, two runtime probes, and a live feedback loop. Understanding which layer blocks what matters if you're building on the API.
By Adesh Gairola
BodySnatcher and the Missing Identity Layer
BodySnatcher (CVE-2025-12420) showed how AI agents with aggregated permissions can compromise entire platforms in seconds. Traditional security controls designed for humans don't work at machine speed. Organizations need threat modeling and runtime controls for all three layers: API auth, identity binding, and agent execution.
