Original, reproducible AI-security research — contributed to the open standards the industry scores against. Not whitepapers. Executable fixtures, verifiable hashes.
The hard question in AI security is not whether a system claims a guardrail — it is whether that guardrail is actually enforced under load. A policy that is merely asserted and one that is cryptographically enforced look identical on a slide. They behave very differently the moment an agent is racing to act.
Our research builds executable fixtures that measure that gap — the distance between asserted and enforced — and feeds the measurements into OWASP's open scoring standard so the difference becomes a number, not a marketing claim.
It is the same principle the product is built on. AIEGIS EYE does not claim blocking — it proves it. The research is the foundation; the product is the proof.
Here is where the work lives, across three OWASP-facing efforts:
The AI Vulnerability Scoring System — the AI counterpart to CVSS. We authored the race-test fixture for its enforcement-effectiveness dimension, merged into the OWASP working text and cited by verifiable SHA. Read the AIVSS page →
The OWASP Agentic Top 10 is the benchmark for agentic security. We map ASI01–ASI10 onto a named 15-layer enforcement chain, category by category — public endpoints, signed decisions. See the coverage map →
The executable substrate behind the scoring — a race-test corpus that measures time-to-enforce and the enforced-vs-asserted distinction under concurrency. Active in OWASP AIVSS issues #31 and #32. Follow the discussion →
The audit-pack-signing race-test fixture spawns concurrent agents whose decisions must be signed, sequenced, and persisted to an append-only ledger — with no missed indices, no out-of-order sequence numbers, and no signature gaps under load. It is where many platforms degrade silently.
Across the full substrate sweep the contractual floor held on every single trial. That is the difference between an enforcement promise and an enforcement guarantee: the second one is reproducible by anyone with the public fixture.
| Metric | Result |
|---|---|
| Race-test trials passed | 162/162 |
| OWASP working groups | #31 · #32 |
| Fixture merged to OWASP | v0.5 |
| Authorship | Recorded by SHA, not asserted |
None of this is a vendor claim. The fixtures are public GitHub artifacts with deterministic hashes, the authorship is recorded in the OWASP working text, and the enforcement-effectiveness sub-score can be reproduced by anyone who runs the fixture. The public artifact is the floor of the conversation; everything above it is vendor evidence.
| Field | Value |
|---|---|
| OWASP project | OWASP / AI Vulnerability Scoring System |
| Race-test fixtures | github.com/aeoess/aivss-enforcement-effectiveness |
| Fixture SHA-256 | c5f62c9fce6e08b55dab6dfbc8caa0196af61db1eddd0046b43dfa21c9261f28 |
aiegis is four products under one stack: AIEGIS EYE (endpoint visibility), Identity (Ed25519 agent passports), Governance (15-layer runtime enforcement), and Grid (agent-to-agent marketplace). Same identity, same policy enforcement, same audit trail across all four: AIEGIS EYE, Identity, Governance, Grid.