AI agents are starting to get real access like GitHub tokens, cloud credentials, customer data, deploy permissions. Not coincidentally, the rate of major cybersecurity incidents is rising rapidly. See for yourself: https://epoch.ai/data/cve?view=graph https://genai.owasp.org/resource/state-of-agentic-ai-security-and-governance/ My friend and I, both AI researchers, are working on fixing this through an open-source project we've just started called Clay Seal.
This project will have three parts. We've started with a simple version of Identity: an open-source identity layer for AI agents. We're working on several experimental components to add to this system, including runtime query-based capability scoping for agents, followed by AML-inspired suspicious behavior detection, to replace the antiquated system of static sandboxes most AI tools run on.
Each agent run gets a short-lived credential with its own identity. Services can verify who the agent is, who started it, when the credential expires, and whether the token is bound to the agent instead of being a reusable bearer secret. If you're interested in trying it, we just released it on GitHub here: https://github.com/clayseal/clayseal-identity
This is the very first version of the system, and we're working on improving it every day. If you have suggestions, ideas, an interest in contributing, or potential systems/CVE classes you think we should know about, reach out! And feel free to star if you'd like to try it out or just see us develop it.
Top comments (0)