HackerTrans
トップ新着トレンドコメント過去質問紹介求人

niyikiza

435 カルマ登録 13 年前
Software, Scale and Security.

Building Tenuo (github.com/tenuo-ai/tenuo)

dev at tenuo.ai

投稿

Zero-Touch OAuth for MCP

blog.modelcontextprotocol.io
278 ポイント·投稿者 niyikiza·25 日前·103 コメント

AI agent is authorized to do everything wrong

tenuo.ai
6 ポイント·投稿者 niyikiza·3 か月前·0 コメント

Anthropic is joining the ConnectRPC project

github.com
5 ポイント·投稿者 niyikiza·4 か月前·0 コメント

Show HN: Tenuo – Capability-Based Authorization (Macaroons for AI Agents)

2 ポイント·投稿者 niyikiza·5 か月前·0 コメント

The Republic of Bots: OpenClaw and the Authorization Gap

niyikiza.com
2 ポイント·投稿者 niyikiza·5 か月前·0 コメント

The Hallucination Defense

niyikiza.com
56 ポイント·投稿者 niyikiza·6 か月前·156 コメント

Semantic Attacks: Exploiting What Agents See

niyikiza.substack.com
2 ポイント·投稿者 niyikiza·6 か月前·1 コメント

Claude Code CVE-2025-66032: Why Allowlists Aren't Enough

niyikiza.com
2 ポイント·投稿者 niyikiza·6 か月前·0 コメント

The Map Is Not the Territory: The Agent-Tool Trust Boundary

niyikiza.com
3 ポイント·投稿者 niyikiza·6 か月前·0 コメント

コメント

niyikiza
·14 時間前·議論
I'm working on a Claude Code governance tool that allows to define deterministic policies for tool call that can be enforced across a fleet and will be in effect even when individual users run with --dangerously-skip-permissions

https://github.com/tenuo-ai/claude-governance
niyikiza
·5 日前·議論
[flagged]
niyikiza
·8 日前·議論
I guess they should include tuition cost as well.
niyikiza
·15 日前·議論
We've been using Tenuo which for task-scoped authorization.

Its integration for Claude Code: https://github.com/tenuo-ai/claude-governance
niyikiza
·18 日前·議論
Because procurement is hard. Changing vendors is a big undertaking for big companies. They are certainly not going to be switching vendors every time there is an incident
niyikiza
·19 日前·議論
Means you can basically host your own AS
niyikiza
·19 日前·議論
there are some emerging mechanisms for offline verification that don't require AS in the OAuth WG. (I'm working on one of them)
niyikiza
·23 日前·議論
What would the benefit be? A mega agent that does everything?

There are some well documented advantages of decomposition...that's why the industry favours microservices over monoloths.
niyikiza
·25 日前·議論
I agree with the coarse permissions point, and I wouldn't bank on those services adding finer-grained scopes.

The idea in my draft is to do the attenuation and verification before the call reaches the service, enforced at the boundary, like the proxy setup you're describing. And the token wouldn't be a bearer token per se; there's proof of possession, and the constraints narrow at each hop and travel with the token, so the boundary can verify the chain itself rather than rely on a central authority. The design is inspired by macaroons and other capability-based access control work.

Full draft's here if you want to pick it apart: https://datatracker.ietf.org/doc/draft-niyikiza-oauth-attenu...
niyikiza
·25 日前·議論
There's some active discussions on task level authz and multi-hop delegation in the OAuth WG right now. WorkOS wrote a good overview of the open drafts [1]. (Disclosure: one of them is mine.) [1] https://workos.com/blog/oauth-multi-hop-delegation-ai-agents
niyikiza
·先月·議論
Some clever workarounds wrt process management & POSIX compatibility
niyikiza
·2 か月前·議論
Agree with the meta point. I worked in Korea and Japan and loved the culture but when I moved to the west I was surprised to see how people over here fantasize about their (imo inefficient) corporate cultures.

This particular article was decently nuanced though.
niyikiza
·2 か月前·議論
My understanding is that when it's something that requires user action they'd directly send comms to customers.
niyikiza
·2 か月前·議論
Probably the best option after sending a mass email when customers need to take action. The status page is for reliability issues impacting end users & the blog is for in-depth analysis.
niyikiza
·2 か月前·議論
Building tenuo.ai (https://github.com/tenuo-ai/tenuo): task-scoped authorization for AI agents. Rust implementation of capabilities + cryptographic offline verification.
niyikiza
·2 か月前·議論
My analogy[1] has been that we need a valet key: capped speed, geofenced, short ttl, can't open trunk/glovebox, etc. That way we don't have to say pretty please to the valet and hope that they won't get ideas.

[1] https://niyikiza.com/posts/capability-delegation/
niyikiza
·3 か月前·議論
I have to agree here...of all things that went wrong here, I don't think the API surface is to blame. You need to have deterministic control & escalation mechanism on your agents whether they are calling an API or any other tool
niyikiza
·3 か月前·議論
I SAY AYE.
niyikiza
·3 か月前·議論
Yeah, people calibrate trust to the median behaviour of the model and get burned by the tail. What makes it harder is that even people who do see the holes often respond with better prompts and more elaborate context. Same trust-the-model move one level up. Hyperscalers aren't incentivized to fight that instinct either. Every "fix" routes more tokens through their meter.
niyikiza
·3 か月前·議論
Two things get called "hooks" here. Exit code 2 + stderr is a real control. JSON in stdout degrades to a string in the model's tool-result context, where the model is correctly trained to resist instructions because that's where prompt injections show up. OP hit the second one. It's popular because the ergonomics are friendlier, but for any serious control you want to use deterministic execution guards outside of the agent's reasoning layer.

Disclosure: I'm working on an open source authorization tool for agents.