Dryx is the deterministic runtime authority for AI agents. Most security tools ask you to trust their marketing. We'd rather you check ours. Every claim on this page links to the thing that proves it — a CI run, a signed release record, a published key.
The heavy analysis runs once, in CI; the receipts below are the output. Each card maps to an artifact you can check yourself. Where an artifact isn't public yet, the link points here — never to a dead URL.
Fifty synthetic secrets go through Dryx's redaction pipeline on every commit. Zero leak to disk, or the build doesn't ship. Status: green.
67 per-pass test cases against the same SecretDetectorCascade the app ships — compiled with swiftc -parse-as-library, no mocks. Dryx normalizes Unicode before it looks for a secret, so a value hidden with invisible characters still gets caught. Runs in CI. Status: green.
39 per-transform test cases covering path canonicalization, schema stamping, namespace assertion, and pipeline composition. Runs in CI. Status: green.
A bypass-survey harness runs 14 documented categories — Unicode invisibles, base64 wraps, multi-line splits, homoglyphs — against the redaction pipeline on every release. A public harness you can clone and run against any tool is coming; until it ships, the categories and method are documented here.
On the direct-download build, a signed policy is verified before it is honored, the agent-side hook watches its own integrity and re-establishes itself if tampered with, and an action in a precomputed-dangerous class fails closed rather than slipping through. This is the build's behavior at the harness hook.
The honest scope: deterministic enforcement of the precomputed-dangerous set where the harness supports a hook; defense-in-depth everywhere else. It does not take all risk away. App Store builds run sandboxed — they get Observe, not the notarized helper that arms Enforce. How runtime authority works →
Your workspace never leaves your machine. We have no server that can see what you inspect. Verdicts run offline. A deliberately small, disclosed set of requests can leave your Mac — none of them carry your config, secrets, or findings:
None carry your workspace data. Dryx's local IPC uses loopback-only sockets with no remote egress — verify with Little Snitch.
Found a security issue in Dryx? We want to hear from you.
Please include in your report:
dryx --version)Encrypted reports: A dedicated disclosure PGP key is coming. Until it's published, email [email protected] and we'll arrange a secure channel for sensitive details. Our machine-readable policy lives at /.well-known/security.txt.
Reporters of validated, in-scope, previously undisclosed vulnerabilities are recognized in our public security changelog. Cash bounties may be offered for severe findings at our discretion.
Dryx does not currently operate a public bug bounty program with predefined payouts. As we grow, we'll formalize this — and any researcher who reports a critical vulnerability before that program launches will receive priority consideration when it does.
External security audit is scheduled following the Foundation Hardening sprint and ahead of the Mac App Store release. Audit results and remediation timelines will be summarized publicly when complete.
Dryx is built in alignment with emerging NIST AI-agent control overlays and targets cyber-insurance-rider-grade inventory and control evidence — exportable in one click for enterprise customers.
We map every finding to OWASP MCP Top 10 and OWASP Agentic Top 10. CycloneDX AI Bill of Materials export is a Pro-tier feature.
Dryx is patent-pending across 11 filings spanning multi-party consensus, policy directive injection, adversarial request resistance, behavioral baseline, orphaned configuration detection, pre-deployment blast radius, and multi-layer enforcement. Priority date April 2026. Read the categories →
Last updated: June 16, 2026 · Version 1.2