Our Research: Co-authoring the OWASP AIVSS Standard

Original, reproducible AI-security research — contributed to the open standards the industry scores against. Not whitepapers. Executable fixtures, verifiable hashes.

Enforcement, Not Annotation

The hard question in AI security is not whether a system claims a guardrail — it is whether that guardrail is actually enforced under load. A policy that is merely asserted and one that is cryptographically enforced look identical on a slide. They behave very differently the moment an agent is racing to act.

Our research builds executable fixtures that measure that gap — the distance between asserted and enforced — and feeds the measurements into OWASP's open scoring standard so the difference becomes a number, not a marketing claim.

It is the same principle the product is built on. AIEGIS EYE does not claim blocking — it proves it. The research is the foundation; the product is the proof.

Three Bodies Of Work

Here is where the work lives, across three OWASP-facing efforts:

AIVSS — OWASP Scoring Standard

The AI Vulnerability Scoring System — the AI counterpart to CVSS. We authored the race-test fixture for its enforcement-effectiveness dimension, merged into the OWASP working text and cited by verifiable SHA. Read the AIVSS page →

Agentic Coverage Map — OWASP Agentic Top 10

The OWASP Agentic Top 10 is the benchmark for agentic security. We map ASI01–ASI10 onto a named 15-layer enforcement chain, category by category — public endpoints, signed decisions. See the coverage map →

Enforcement Effectiveness — OWASP Open Working Groups

The executable substrate behind the scoring — a race-test corpus that measures time-to-enforce and the enforced-vs-asserted distinction under concurrency. Active in OWASP AIVSS issues #31 and #32. Follow the discussion →

A Guarantee You Can Run

The audit-pack-signing race-test fixture spawns concurrent agents whose decisions must be signed, sequenced, and persisted to an append-only ledger — with no missed indices, no out-of-order sequence numbers, and no signature gaps under load. It is where many platforms degrade silently.

Across the full substrate sweep the contractual floor held on every single trial. That is the difference between an enforcement promise and an enforcement guarantee: the second one is reproducible by anyone with the public fixture.

MetricResult
Race-test trials passed162/162
OWASP working groups#31 · #32
Fixture merged to OWASPv0.5
AuthorshipRecorded by SHA, not asserted

Public Artifact, Verifiable Hash

None of this is a vendor claim. The fixtures are public GitHub artifacts with deterministic hashes, the authorship is recorded in the OWASP working text, and the enforcement-effectiveness sub-score can be reproduced by anyone who runs the fixture. The public artifact is the floor of the conversation; everything above it is vendor evidence.

FieldValue
OWASP projectOWASP / AI Vulnerability Scoring System
Race-test fixturesgithub.com/aeoess/aivss-enforcement-effectiveness
Fixture SHA-256c5f62c9fce6e08b55dab6dfbc8caa0196af61db1eddd0046b43dfa21c9261f28

Part Of The AIEGIS Umbrella

aiegis is four products under one stack: AIEGIS EYE (endpoint visibility), Identity (Ed25519 agent passports), Governance (15-layer runtime enforcement), and Grid (agent-to-agent marketplace). Same identity, same policy enforcement, same audit trail across all four: AIEGIS EYE, Identity, Governance, Grid.