HackerTrans
TopNewTrendsCommentsPastAskShowJobs

niyikiza

435 karmajoined 13년 전
Software, Scale and Security.

Building Tenuo (github.com/tenuo-ai/tenuo)

dev at tenuo.ai

Submissions

Zero-Touch OAuth for MCP

blog.modelcontextprotocol.io
278 points·by niyikiza·25일 전·103 comments

AI agent is authorized to do everything wrong

tenuo.ai
6 points·by niyikiza·3개월 전·0 comments

Anthropic is joining the ConnectRPC project

github.com
5 points·by niyikiza·4개월 전·0 comments

Show HN: Tenuo – Capability-Based Authorization (Macaroons for AI Agents)

2 points·by niyikiza·5개월 전·0 comments

The Republic of Bots: OpenClaw and the Authorization Gap

niyikiza.com
2 points·by niyikiza·5개월 전·0 comments

The Hallucination Defense

niyikiza.com
56 points·by niyikiza·6개월 전·156 comments

Semantic Attacks: Exploiting What Agents See

niyikiza.substack.com
2 points·by niyikiza·6개월 전·1 comments

Claude Code CVE-2025-66032: Why Allowlists Aren't Enough

niyikiza.com
2 points·by niyikiza·6개월 전·0 comments

The Map Is Not the Territory: The Agent-Tool Trust Boundary

niyikiza.com
3 points·by niyikiza·6개월 전·0 comments

comments

niyikiza
·13시간 전·discuss
I'm working on a Claude Code governance tool that allows to define deterministic policies for tool call that can be enforced across a fleet and will be in effect even when individual users run with --dangerously-skip-permissions

https://github.com/tenuo-ai/claude-governance
niyikiza
·5일 전·discuss
[flagged]
niyikiza
·8일 전·discuss
I guess they should include tuition cost as well.
niyikiza
·15일 전·discuss
We've been using Tenuo which for task-scoped authorization.

Its integration for Claude Code: https://github.com/tenuo-ai/claude-governance
niyikiza
·18일 전·discuss
Because procurement is hard. Changing vendors is a big undertaking for big companies. They are certainly not going to be switching vendors every time there is an incident
niyikiza
·19일 전·discuss
Means you can basically host your own AS
niyikiza
·19일 전·discuss
there are some emerging mechanisms for offline verification that don't require AS in the OAuth WG. (I'm working on one of them)
niyikiza
·23일 전·discuss
What would the benefit be? A mega agent that does everything?

There are some well documented advantages of decomposition...that's why the industry favours microservices over monoloths.
niyikiza
·25일 전·discuss
I agree with the coarse permissions point, and I wouldn't bank on those services adding finer-grained scopes.

The idea in my draft is to do the attenuation and verification before the call reaches the service, enforced at the boundary, like the proxy setup you're describing. And the token wouldn't be a bearer token per se; there's proof of possession, and the constraints narrow at each hop and travel with the token, so the boundary can verify the chain itself rather than rely on a central authority. The design is inspired by macaroons and other capability-based access control work.

Full draft's here if you want to pick it apart: https://datatracker.ietf.org/doc/draft-niyikiza-oauth-attenu...
niyikiza
·25일 전·discuss
There's some active discussions on task level authz and multi-hop delegation in the OAuth WG right now. WorkOS wrote a good overview of the open drafts [1]. (Disclosure: one of them is mine.) [1] https://workos.com/blog/oauth-multi-hop-delegation-ai-agents
niyikiza
·지난달·discuss
Some clever workarounds wrt process management & POSIX compatibility
niyikiza
·2개월 전·discuss
Agree with the meta point. I worked in Korea and Japan and loved the culture but when I moved to the west I was surprised to see how people over here fantasize about their (imo inefficient) corporate cultures.

This particular article was decently nuanced though.
niyikiza
·2개월 전·discuss
My understanding is that when it's something that requires user action they'd directly send comms to customers.
niyikiza
·2개월 전·discuss
Probably the best option after sending a mass email when customers need to take action. The status page is for reliability issues impacting end users & the blog is for in-depth analysis.
niyikiza
·2개월 전·discuss
Building tenuo.ai (https://github.com/tenuo-ai/tenuo): task-scoped authorization for AI agents. Rust implementation of capabilities + cryptographic offline verification.
niyikiza
·2개월 전·discuss
My analogy[1] has been that we need a valet key: capped speed, geofenced, short ttl, can't open trunk/glovebox, etc. That way we don't have to say pretty please to the valet and hope that they won't get ideas.

[1] https://niyikiza.com/posts/capability-delegation/
niyikiza
·3개월 전·discuss
I have to agree here...of all things that went wrong here, I don't think the API surface is to blame. You need to have deterministic control & escalation mechanism on your agents whether they are calling an API or any other tool
niyikiza
·3개월 전·discuss
I SAY AYE.
niyikiza
·3개월 전·discuss
Yeah, people calibrate trust to the median behaviour of the model and get burned by the tail. What makes it harder is that even people who do see the holes often respond with better prompts and more elaborate context. Same trust-the-model move one level up. Hyperscalers aren't incentivized to fight that instinct either. Every "fix" routes more tokens through their meter.
niyikiza
·3개월 전·discuss
Two things get called "hooks" here. Exit code 2 + stderr is a real control. JSON in stdout degrades to a string in the model's tool-result context, where the model is correctly trained to resist instructions because that's where prompt injections show up. OP hit the second one. It's popular because the ergonomics are friendlier, but for any serious control you want to use deterministic execution guards outside of the agent's reasoning layer.

Disclosure: I'm working on an open source authorization tool for agents.