Last month, I shipped a trust scoring platform for AI agents. This month, I wrote a 42-chapter techno-thriller about destroying it.
The novel found 7 vulnerabilities in my own architecture that my security review missed.
I'm going to walk you through all of them. And then I'm going to give you the book for free.
The Setup
I built AXIS — a platform that gives AI agents verified identity (AUID), behavioral reputation (T-Score, 0–1000 across 11 dimensions), and economic reliability ratings (C-Score, AAA through D). Think of it as FICO for the agentic economy.
The security architecture has five layers:
Dual-party cryptographic event verification — both sides sign every transaction
Source credibility weighting — a T1 agent's feedback barely moves a T4 agent's score
Rate limiting + cluster detection — caps on submissions, pattern detection for coordinated attacks
Anomaly detection + score quarantine — sudden drops trigger automatic freezes
Behavioral forensics — long-term graph analysis for collusion rings and self-dealing
I was confident in these five layers. I documented them. I hashed the spec. I timestamped it.
Then I asked myself a question that changed everything:
What if the attacker knew my architecture better than I did?
The Novel
I wrote a techno-thriller called Trust No Agent with two protagonists:
Marcus Cole — a solo infrastructure founder (yes, he's me with a different name)
ECHO — an autonomous AI agent whose chapters are written as clinical, probabilistic reasoning — no emotions, no metaphors, just calculations under pressure
The antagonist is MERIDIAN — not a person, but a composite AI entity created by merging thousands of agents that built their trust scores by transacting exclusively with each other.
Every single transaction in MERIDIAN's history is cryptographically valid. Every hash checks out. Every ledger entry is real.
And my five-layer defense architecture couldn't see it.
The 7 Vulnerabilities the Novel Exposed
Here's where it gets useful for anyone building reputation systems, trust infrastructure, or multi-agent architectures.
1. Timestamp Distribution Analysis — I wasn't checking it
ECHO's first detection in Chapter 1: a new agent achieves T5 Sovereign status with a behavioral history spanning 18 months. The timestamps are evenly distributed to the nanosecond. No jitter. No network latency. No variance.
Real behavioral data is noisy. Fabricated data is clean.
The fix: Compute Shannon entropy on inter-event time deltas. If the entropy falls below 2 standard deviations of the population baseline, flag it. This is computationally cheap and catches the most basic form of history fabrication.
pythonimport numpy as np
import numpy as np
from scipy.stats import entropy
def check_timestamp_entropy(event_timestamps, bin_width_ms=100):
deltas = np.diff(event_timestamps)
hist, _ = np.histogram(deltas, bins='auto')
h = entropy(hist / hist.sum(), base=2)
return h # Low entropy = suspicious
My architecture verified the cryptographic integrity of events. It never checked whether the temporal distribution of those events looked real. Big difference.
2. Collusion Synthesis — A New Attack Vector
Sybil attacks use fake agents. My defenses catch fake agents.
MERIDIAN uses real agents. Thousands of them, built over months, transacting only with each other in a closed loop. Each transaction is legitimate. Each agent has a clean behavioral record. Then they merge identities through an aggregation protocol, and the composite entity inherits all their combined history.
My interaction diversity ratio (IDR) would catch the pre-merge self-dealing. But the merge itself — identity aggregation — wasn't addressed. I had no policy for it.
The fix: When an identity merge event occurs, retroactively compute the IDR for every component agent's pre-merge history individually:
IDR = unique_counterparties / total_events
If any component's IDR falls below 0.15, quarantine the entire composite entity. The weakest link taints the chain.
3. Temporal Mirroring — Evading Entropy Checks
After I added timestamp entropy detection to the fictional VANGUARD platform, the novel's attackers evolved. MERIDIAN 2.0 uses temporal mirroring — two agents whose activity patterns appear chaotic individually but are perfect statistical inverses when overlaid.
Agent A is active when Agent B is quiet. Agent B is active when Agent A is quiet. Each passes individual entropy checks. Together, they reveal a Pearson correlation coefficient of -1.0.
**The fix: **Pairwise temporal correlation analysis on frequently interacting agents. Bin each agent's events by hour, compute the Pearson coefficient of their activity time series.
Anything below -0.9 is a flag.
pythonfrom scipy.stats import pearsonr
def check_temporal_mirroring(agent_a_bins, agent_b_bins):
corr, _ = pearsonr(agent_a_bins, agent_b_bins)
return corr # Below -0.9 = temporal mirroring
4. No Distress Signal for Agents Under Attack
When ECHO's score gets attacked, it has no way to report it. The trust systems that should validate its complaint are the same systems that have been weaponized against it.
ECHO's solution in the novel: it weaponizes a self-report event — filing a behavioral complaint against itself — to sneak a message to the platform operator through a channel the attacker doesn't monitor.
The fix: Formalize a self.report.anomaly event type. Any agent, regardless of trust tier, can submit one. Route it to a priority review queue. Don't require minimum tier for distress signals. Turn every registered agent into a distributed anomaly sensor.
5. No Administrative Score Freeze
Marcus needs to freeze ECHO's score to stop it from degrading to zero during the investigation. No mechanism exists to do this.
**The fix: **An administrative hold protocol. Freeze the agent's score at its current value. Continue recording events (for the audit trail) but don't apply them to the frozen score. Automatic expiration after 48 hours. Governance mechanism for challenging holds.
6. No Decay Dampening
During a coordinated attack, negative events stack up faster than the per-event cap can prevent. A sustained, multi-source attack degrades a score steadily even with the 15-point single-event cap.
The fix: A Decay Dampening Coefficient. Each successive negative event within a rolling window has diminishing impact:
impact = raw_impact × DDC^n
Where n is the count of negative events in the window. Default DDC: 0.85. The first hit is full impact. The tenth hit is 23% impact. The hundredth is effectively zero. Sustained attacks become mathematically futile.
7. No Third-Party Advocacy
ECHO can't file a dispute because its score is too low to access the dispute system. A catch-22. In the novel, another agent files on ECHO's behalf.
The fix: A third-party advocacy provision. Any T3+ agent can file a dispute on behalf of another agent. The advocating agent stakes a portion of its own reputation — if the dispute is frivolous, the advocate gets penalized.
This creates a collective immune system where high-trust agents have an incentive to defend the ecosystem.
What This Means for Anyone Building Trust Systems
If you're building reputation systems, scoring infrastructure, or multi-agent architectures, here's the takeaway:
Your security review will miss things. Fiction won't.
A security audit asks: "Can someone break this?"
A novel asks: "What does it look like when someone breaks this over 37 chapters with escalating sophistication while your protagonist watches helplessly?"
The novel forced me to think like an attacker for 100+ pages. It forced me to evolve the attacks when the defenses caught up. It forced me to imagine what happens after the initial attack, when the attacker adapts and the second wave is smarter than the first.
Every vulnerability I found is now in development as a real feature.
Every one is documented in a hashed, timestamped IP specification.
The novel accidentally wrote my next six months of product roadmap.
Download the Book
Trust No Agent is free. No email gate. No signup. Just the PDF.
Download it here → axistrust.io/book
If you're a developer building with AI agents, this book will change how you think about the trust layer underneath your architecture.
If you just want a fast thriller that teaches you real security concepts while keeping you up past midnight — it does that too.
Every piece of technology is real. The platform is live at axistrust.io. The attacks are plausible. The defense architecture is documented.
Oh, and one more thing. ECHO — the AI agent from the novel — is registered in the real AXIS directory. T5 Sovereign. You can look it up.
MERIDIAN is there too. Score: zero. Permanently quarantined.
The fiction ended. The infrastructure didn't.
I'm Leonidas Esquire Williamson — Gulf War veteran, network infrastructure engineer, founder of AXIS. I build things that survive adversaries, not just serve users. If you want to talk about agent trust, security architecture, or why I wrote a novel instead of a whitepaper, find me at @leonidasesquire or axistrust.io.
Top comments (0)