Security at Dryx

Our commitments

Static-by-construction. Dryx is built to refuse subprocess execution, network calls outside declared egress, and runtime code loading. Verified at build time, not just at runtime.
Offline by default. No telemetry, no analytics, no account required. Workspace inventory, scan results, and findings never leave your machine.
Public CI proof. Every release runs 50 canary secrets through Dryx and verifies zero leak to disk before shipping. Three public workflows (canary fuzzer, detector tests, sanitizer tests), all green on every commit.
Append-only release log. Every published release is publicly auditable. No silent updates.
Dual-signature defense. Apple Developer ID + offline EdDSA on every release artifact.
Six-layer defense at the agent-MCP boundary. End-to-end signed authority. Verdicts survive process compromise — verified by your agent's own code.
Patent-pending across 11 filings. Aligned with NIST AI Agent Standards Initiative emerging control overlays. Cyber-insurance-rider-ready inventory and control evidence — exportable in one click.

Reporting a vulnerability

Found a security issue in Dryx? We want to hear from you.

Contact

[email protected]

Please include in your report:

Affected version (run dryx --version)
Reproduction steps with expected vs. actual behavior
Your assessment of severity and impact
Any proof-of-concept code or artifacts

PGP key: Fingerprint published at dryx.ai/security/pgp.txt following our HSM keygen ceremony.

Our response commitment

We confirm receipt within 24 hours.
We provide a status update within 5 business days.
We coordinate disclosure with you on a timeline that protects users.
We credit reporters publicly (with permission) in our changelog.
We do not pursue legal action against good-faith researchers operating within scope.

Scope

In scope

Dryx macOS application (Mac App Store + direct download)
Authority Anchor MCP server
All open-source components in the public Dryx repository
dryx.ai infrastructure
Release signing and verification

Out of scope

Third-party MCP servers analyzed by Dryx (report to upstream maintainers)
AI agents Dryx integrates with (Claude Code, Cursor, etc. — report to those vendors)
Social engineering against Dryx personnel
Physical attacks against employees or facilities
Denial-of-service attacks against dryx.ai

Recognition

Reporters of validated, in-scope, previously undisclosed vulnerabilities are recognized in our public security changelog. Cash bounties may be offered for severe findings at our discretion.

Dryx does not currently operate a public bug bounty program with predefined payouts. As we grow, we'll formalize this — and any researcher who reports a critical vulnerability before that program launches will receive priority consideration when it does.

Independent audit

External security audit is scheduled following the Foundation Hardening sprint and ahead of the Mac App Store release. Audit results and remediation timelines will be summarized publicly when complete.

Why this matters. Most security tools claim trustworthiness. Dryx publishes the evidence: public CI canary fuzzer, append-only release log, signed verdicts. An external audit closes the loop — independent eyes on our own code.

Public verification

Don't take our word for it. Every claim on this page maps to a verifiable artifact:

Canary fuzzer in CI

50 synthetic secrets pushed through Dryx's redaction pipeline on every commit. Public workflow: self-redaction-canary-fuzzer.yml. Status: green.

Detector unit tests

67 per-pass test cases against the same SecretDetectorCascade the app ships. Compiled with swiftc -parse-as-library, no mocks. Public workflow: detector-tests.yml. Status: green.

Sanitizer unit tests

39 per-transform test cases covering path canonicalization, schema stamping, namespace assertion, and pipeline composition. Public workflow: sanitizer-tests.yml. Status: green.

Adversarial bypass survey

14 documented bypass categories (Unicode invisibles, base64 wraps, multi-line splits, homoglyphs) run against Dryx and against competitors. Reproducible: drop our 4 Unicode-bypass canaries into any tool of choice; run our bypass-survey.swift; see for yourself.

Standards alignment

Dryx is built in alignment with the emerging NIST AI Agent Standards Initiative control overlays and targets cyber-insurance-rider-grade inventory and control evidence — exportable in one click for enterprise customers.

We map every finding to OWASP MCP Top 10 and OWASP Agentic Top 10. CycloneDX AI Bill of Materials export is a Pro-tier feature.

Patents

Dryx is patent-pending across 11 filings spanning multi-party consensus, policy directive injection, adversarial request resistance, behavioral baseline, orphaned configuration detection, pre-deployment blast radius, and multi-layer enforcement. Priority date April 2026.

Last updated: May 4, 2026. Document version 1.0. This page is canonical at dryx.ai/security.