awesome-ocap icon indicating copy to clipboard operation
awesome-ocap copied to clipboard
verified publisher icon dckc

advent of ocaps for AI

Open dckc opened this issue 1 month ago • 3 comments

DRAFT... to be posted where? the Agoric Community Forum?

Advent of OCaps for AI, episode 1: Dependencies

The AI crank in this meme does a great job of expressing my concerns about the destabilizing impact of AI. But just like the Rust rocket is poised to counter-balance that impact, capability-based security, which provides scalable support for the principle of least authority (POLA), could be just as important, if not more.

This advent, let's take a tour through topics and techniques around AI and Capability-based Security. I'll use Wednesday Agoric Office Hours as the main venue, but I hope the discussion spreads to lots of other modes and places around the web.

Image

ack: outerheaven

p.s. Is this the ultimate XKCD “Dependency” derivative? « The Wiert Corner – irregular stream of stuff does a nice job of explaining the cartoon.

  • [ ] use Agoric OfficeHours as a live session
  • [ ] community.agoric.com, discord
  • [ ] appearance on HardenedJS.org

introduction diagram taken from Bringing Object-orientation to Security Programming

tangential: decentralized platforms etc.

dckc avatar Nov 30 '25 19:11 dckc

OCaps for AI: Dependencies

The AI crank in this meme does a great job of expressing my concerns about the destabilizing impact of AI. But just like the Rust rocket is poised to counter-balance that impact, capability-based security, which provides scalable support for the principle of least authority (POLA), could be just as important, if not more.

Image

ack: outerheaven

p.s. Is this the ultimate XKCD “Dependency” derivative? « The Wiert Corner – irregular stream of stuff does a nice job of explaining the cartoon.

introduction diagram taken from Bringing Object-orientation to Security Programming

dckc avatar Dec 02 '25 18:12 dckc

rust : Hardened JS :: Formal Verification : Capability Security

Capability security and formal verification are the best tools I see for managing the complexity in modern digital infrastructure. Rust is more of a formal verification tool: the rust compiler absolutely guarantees certain properties of programs. Until runtime, that is -- no matter how correct your code is, it's vulnerable to code that you link with. Capability platforms such as Hardened JS take a different approach: even if some components are faulty or malicious, your code can defend itself against them.

Even better is when they are combined, as in the rust cap-std library. CHERI processors provide capability security in hardware. Apple's Memory Integrity Enforcement (MIE) and Android Arm Memory Tagging Extension are getting very close!

dckc avatar Dec 03 '25 05:12 dckc

feeling like this falls under "I need another project like I need a hole in the head."

dckc avatar Dec 03 '25 17:12 dckc