HackerTrans
TopNewTrendsCommentsPastAskShowJobs

flying_mike

no profile record

Submissions

BlindKey – Blind credential injection for AI agents (open source)

github.com
2 points·by flying_mike·há 3 meses·1 comments

comments

flying_mike
·há 3 meses·discuss
Ant AI Security Lab just spent 3 days tearing down the framework and submitted 33 vulnerability reports. 8 of them just got patched in the 2026.3.28 release

This is exactly why I built BlindKey. The trust boundary problem isn't just about framework vulnerabilities — it's that agents hold plaintext credentials in memory in the first place. If a compromised session can read your API keys, revocation doesn't matter.

BlindKey takes a different approach: agents never see the real key. They reference bk://stripe, and the credential is injected server-side at request time. Even if the session is hijacked, the attacker gets a reference token, not the secret.

Ships as an OpenClaw plugin: npm install u/blindkey/openclaw-plugin

github.com/michaelkenealy/blindkey

https://www.reddit.com/r/openclaw/comments/1s96xqs/openclaws...
flying_mike
·há 5 meses·discuss
hard one as you need to normalise for consistent net selling to find real signal
flying_mike
·há 5 meses·discuss
cool idea - traction? security? access to files etc?
flying_mike
·há 5 meses·discuss
super interesting
flying_mike
·há 5 meses·discuss
the only automations I got working on windowns/office was VBA - all the powerautomate etc = frustrations to the max