HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jalbrethsen

no profile record

Submissions

[untitled]

1 points·by jalbrethsen·قبل شهرين·0 comments

What happens when you can't pull the plug on your agent?

highflame.com
1 points·by jalbrethsen·قبل شهرين·1 comments

Stopping the Meta AI director's "OpenClaw failure with an out-of-band killswitch

highflame.com
4 points·by jalbrethsen·قبل 3 أشهر·3 comments

Who sent you? – The agent identity crisis

highflame.com
3 points·by jalbrethsen·قبل 3 أشهر·0 comments

Show HN: ZeroID – Open-source identity for AI agents based on OIDF standards

github.com
7 points·by jalbrethsen·قبل 3 أشهر·5 comments

comments

jalbrethsen
·قبل شهرين·discuss
We take a look at the recent incident where Meta's AI Alignment director was unable to stop her Openclaw agent from deleting her emails. The root cause is reliance on in-band signalling, we show how revocable agent identities can be used to implement an out-of-band kill switch for agents.
jalbrethsen
·قبل 3 أشهر·discuss
The identity platform does not detect anomolies on its own, it is intended to integrate with guardrails and ingest security signals. We offer a hosted platform that does it all, you can try for free here https://studio.highflame.ai/sign-up
jalbrethsen
·قبل 3 أشهر·discuss
The Meta director's Openclaw incident was caused by context compaction deleting core instructions, but the root cause is having in-band agent control. We develop an out-of-band agent kill switch integrated into our open-source agent identity platform ZeroID.

https://github.com/highflame-ai/zeroid (see examples directory for Openclaw integration).
jalbrethsen
·قبل 3 أشهر·discuss
Yeah basically, every token carries the full chain of which agent did this, under whose authority, and with what permissions.
jalbrethsen
·قبل 3 أشهر·discuss
Hi, what are your thoughts on agent identity?
jalbrethsen
·قبل 3 أشهر·discuss
The recent OIDF white paper on agent identity management [0] lists several problems with the current state of AI agent identity, namely: Agents impersonating users, recursive authority delegation, and revocation propagation.

While these problems are technically solvable by composing existing standards, in practice nobody does it. The gap between 'read the RFCs' and 'running in production' is where agent identity dies. ZeroID closes that gap.

Delegation over Identity Inheritance: We implement RFC 8693 (Token Exchange) so credentials carry the full actor chain (User → Agent A → Agent B) instead of collapsing everyone behind the user's identity.

Managed SPIFFE: Every agent gets a cryptographically verifiable workload identity (WIMSE/SPIFFE URI) without the operational overhead of running SPIRE, managing SVIDs, or handling rotation for ephemeral agents.

Revocation Propagation: We implement cascading revocation, when a parent token is revoked, the entire chain of tokens derived from the parent is immediately invalidated.

We're keeping this open-source because identity shouldn't be a proprietary silo.

(Diclaimer, I work at Highflame, the company behind ZeroID)

OIDF Whitepaper: [0] https://openid.net/wp-content/uploads/2025/10/Identity-Manag...