Verify, don't trust

Security at Dryx

Dryx is the deterministic runtime authority for AI agents. Most security tools ask you to trust their marketing. We'd rather you check ours. Every claim on this page links to the thing that proves it — a CI run, a signed release record, a published key.

Verify, don't trust

The heavy analysis runs once, in CI; the receipts below are the output. Each card maps to an artifact you can check yourself. Where an artifact isn't public yet, the link points here — never to a dead URL.

1

50 canary secrets, run on every commit

Fifty synthetic secrets go through Dryx's redaction pipeline on every commit. Zero leak to disk, or the build doesn't ship. Status: green.

2

67 detector unit tests

67 per-pass test cases against the same SecretDetectorCascade the app ships — compiled with swiftc -parse-as-library, no mocks. Dryx normalizes Unicode before it looks for a secret, so a value hidden with invisible characters still gets caught. Runs in CI. Status: green.

3

39 sanitizer unit tests

39 per-transform test cases covering path canonicalization, schema stamping, namespace assertion, and pipeline composition. Runs in CI. Status: green.

4

Adversarial bypass survey

A bypass-survey harness runs 14 documented categories — Unicode invisibles, base64 wraps, multi-line splits, homoglyphs — against the redaction pipeline on every release. A public harness you can clone and run against any tool is coming; until it ships, the categories and method are documented here.

The receipts behind those cards

Our commitments

Runtime integrity

On the direct-download build, a signed policy is verified before it is honored, the agent-side hook watches its own integrity and re-establishes itself if tampered with, and an action in a precomputed-dangerous class fails closed rather than slipping through. This is the build's behavior at the harness hook.

The honest scope: deterministic enforcement of the precomputed-dangerous set where the harness supports a hook; defense-in-depth everywhere else. It does not take all risk away. App Store builds run sandboxed — they get Observe, not the notarized helper that arms Enforce. How runtime authority works →

What touches the network?

Your workspace never leaves your machine. We have no server that can see what you inspect. Verdicts run offline. A deliberately small, disclosed set of requests can leave your Mac — none of them carry your config, secrets, or findings:

None carry your workspace data. Dryx's local IPC uses loopback-only sockets with no remote egress — verify with Little Snitch.

Reporting a vulnerability

Found a security issue in Dryx? We want to hear from you.

Contact

Please include in your report:

  • Affected version (run dryx --version)
  • Reproduction steps with expected vs. actual behavior
  • Your assessment of severity and impact
  • Any proof-of-concept code or artifacts

Encrypted reports: A dedicated disclosure PGP key is coming. Until it's published, email [email protected] and we'll arrange a secure channel for sensitive details. Our machine-readable policy lives at /.well-known/security.txt.

Our response commitment

Scope

In scope

  • Dryx macOS application (Mac App Store + direct download)
  • Authority Anchor MCP server
  • Dryx's components
  • dryx.ai infrastructure
  • Release signing and verification

Out of scope

  • Third-party MCP servers analyzed by Dryx (report to upstream maintainers)
  • AI agents Dryx integrates with (Claude Code, Cursor, etc. — report to those vendors)
  • Social engineering against Dryx personnel
  • Physical attacks against employees or facilities
  • Denial-of-service attacks against dryx.ai

Recognition

Reporters of validated, in-scope, previously undisclosed vulnerabilities are recognized in our public security changelog. Cash bounties may be offered for severe findings at our discretion.

Dryx does not currently operate a public bug bounty program with predefined payouts. As we grow, we'll formalize this — and any researcher who reports a critical vulnerability before that program launches will receive priority consideration when it does.

Independent audit

External security audit is scheduled following the Foundation Hardening sprint and ahead of the Mac App Store release. Audit results and remediation timelines will be summarized publicly when complete.

Why this matters. Most security tools claim trustworthiness. Dryx publishes the evidence: a CI canary fuzzer, an append-only release log, signed releases. An external audit closes the loop — independent eyes on our own code.

Standards alignment

Dryx is built in alignment with emerging NIST AI-agent control overlays and targets cyber-insurance-rider-grade inventory and control evidence — exportable in one click for enterprise customers.

We map every finding to OWASP MCP Top 10 and OWASP Agentic Top 10. CycloneDX AI Bill of Materials export is a Pro-tier feature.

Patents

Dryx is patent-pending across 11 filings spanning multi-party consensus, policy directive injection, adversarial request resistance, behavioral baseline, orphaned configuration detection, pre-deployment blast radius, and multi-layer enforcement. Priority date April 2026. Read the categories →

Last updated: June 16, 2026 · Version 1.2