Anthropic has validated what we've been working on for 2 years with their Zero Trust eBook for AI Agents. @ThirdKeyAI and the OpenAgentTrustStack.org even fill in the gaps.

VectorSmuggle on Help Net Security: helpnetsecurity.com/2026/05/…

If your DLP cannot read a float32 array, your DLP cannot read your RAG corpus. VectorSmuggle on arXiv: arxiv.org/abs/2605.13764

I published a new security preprint: VectorSmuggle: Steganographic Exfiltration in Embedding Stores and a Cryptographic Provenance Defense The paper looks at an integrity gap in RAG infrastructure: embeddings are usually treated as opaque numerical artifacts, but vector stores generally lack native/default controls for embedding integrity or provenance. The finding is nuanced: simple anomaly detectors catch many crude perturbations, but small-angle orthogonal rotation exposes a harder class of embedding tampering. Statistical detection helps, but it should not be the load-bearing control. I propose VectorPin: a minimal cryptographic provenance protocol that signs a canonical commitment over the source, model, and vector bytes. If the vector is modified after pinning, verification fails. Paper: doi.org/10.5281/zenodo.20058… vectorpin.org

AI agents are getting more powerful. The trust layer around them is not. Today, too much agent safety still depends on prompts, wrappers, and best-effort guardrails. That is not enough for systems that can actually take action. Introducing OATS: the Open Agent Trust Stack. OATS is an open specification for zero-trust AI agent execution built around tool contracts, identity, policy, and auditability. It is also grounded in real implementation work. Symbiont has been applying these ideas in practice over the past year. The goal: make safe behavior enforceable by design, not optional at runtime. openagenttruststack.org #AI #AISecurity #AgenticAI #OpenSource

New paper on how Symbiont uses the ORGA loop to secure agents. "Typestate-Enforced Agent Loops: Making Policy Gates Unskippable at Compile Time" doi.org/10.5281/zenodo.19746…

Learn how ORGA (Observe, Reason, Gate, Act.) loops in Symbiont make policy a phase, not not an option. research.thirdkey.ai/blog/or…

🚨 MISSING: One unsecured AI agent last seen running wild at #SCALE23x with root access and zero identity verification. No audit trail. No sandboxing. No cryptographic identity. Armed with unverified MCP connections. If spotted, report to symbiont.dev #AISecurity

We're doing agents right. Zero Trust for AI with Symbiont by ThirdKey. Written in Rust and Open Source. #Rust #rustlang #rust crates.io/crates/symbi

We have updated both Symbiont and symbiont-sdk-python to v0.3.1 adding full REPL (aka Symbi Dojo) and many other new features for building secure, policy aware agents. JS and Go SDKs coming soon!

We have added a Rust implementation to the SchemaPin repo. github.com/ThirdKeyAI/Schema… crates.io/crates/schemapin

Our latest post on our AgentNull catalog of AI related attacks and proof-of-concept code. research.thirdkey.ai/blog/ag…

Add 🧷SchemaPin to your Python MCP in 5 minutes. schemapin.org/python.html

SchemaPin can help you to secure your AI Agents in minutes! schemapin.org