Trust at Dryx

Security at Dryx

Dryx is the Deterministic Authority for AI agents. We hold ourselves to the standard our customers hold us to: every claim verifiable, every release auditable, every vulnerability disclosed responsibly.

Our commitments

Static-by-construction. Dryx is built to refuse subprocess execution, network calls outside declared egress, and runtime code loading. Verified at build time, not just at runtime.
No server that can see what you scan. No telemetry, no analytics, no account required. Workspace inventory, scan results, and findings never leave your machine.
CI proof. Every release runs 50 canary secrets through Dryx's redaction pipeline and verifies zero leak to disk before shipping. 121 unit tests + 50 canary secret-leak tests run in CI on every commit. All green.
Append-only release log. Every published release is auditable at releases.dryx.ai. No silent updates.
Dual-signature defense. Apple Developer ID + offline EdDSA on every release artifact. Published keys and signed manifests at releases.dryx.ai.
Six-layer defense at the agent-MCP boundary. End-to-end signed authority. Verdicts survive process compromise — verified by your agent's own code.
Patent-pending across 11 filings. Aligned with NIST AI Agent Standards Initiative emerging control overlays. Cyber-insurance-rider-ready inventory and control evidence — exportable in one click.

What touches the network?

Your workspace never leaves your machine. We have no server that can see what you scan. Verdicts run offline. A deliberately small, disclosed set of requests can leave your Mac — none of them carry your config, secrets, or findings:

User-initiated skill / MCP fetches. When you paste a URL into Skill Shield, Dryx fetches that package over HTTPS to analyze it. Standard request only.
Update + license checks. Housekeeping — checking for a new version and, on direct-download builds, verifying a license key. No workspace data.
Opt-in Ecosystem Contribution. Off unless you turn it on. Verdicts run offline; Ecosystem Contribution is opt-in.

None carry your workspace data. Dryx's local IPC uses loopback-only sockets with no remote egress — verify with Little Snitch.

Reporting a vulnerability

Found a security issue in Dryx? We want to hear from you.

Contact

[email protected]

Please include in your report:

Affected version (run dryx --version)
Reproduction steps with expected vs. actual behavior
Your assessment of severity and impact
Any proof-of-concept code or artifacts

PGP key: Fingerprint published at dryx.ai/security/pgp.txt following our HSM keygen ceremony.

Our response commitment

We confirm receipt within 24 hours.
We provide a status update within 5 business days.
We coordinate disclosure with you on a timeline that protects users.
We credit reporters publicly (with permission) in our changelog.
We do not pursue legal action against good-faith researchers operating within scope.

Scope

In scope

Dryx macOS application (Mac App Store + direct download)
Authority Anchor MCP server
Dryx's components
dryx.ai infrastructure
Release signing and verification

Out of scope

Third-party MCP servers analyzed by Dryx (report to upstream maintainers)
AI agents Dryx integrates with (Claude Code, Cursor, etc. — report to those vendors)
Social engineering against Dryx personnel
Physical attacks against employees or facilities
Denial-of-service attacks against dryx.ai

Recognition

Reporters of validated, in-scope, previously undisclosed vulnerabilities are recognized in our public security changelog. Cash bounties may be offered for severe findings at our discretion.

Dryx does not currently operate a public bug bounty program with predefined payouts. As we grow, we'll formalize this — and any researcher who reports a critical vulnerability before that program launches will receive priority consideration when it does.

Independent audit

External security audit is scheduled following the Foundation Hardening sprint and ahead of the Mac App Store release. Audit results and remediation timelines will be summarized publicly when complete.

Why this matters. Most security tools claim trustworthiness. Dryx publishes the evidence: a CI canary fuzzer, an append-only release log, signed verdicts. An external audit closes the loop — independent eyes on our own code.

Verification

CI proof: 50 canary secrets run through Dryx's redaction pipeline on every release — zero leak to disk. Every claim on this page maps to a CI artifact:

Canary fuzzer in CI

50 synthetic secrets pushed through Dryx's redaction pipeline on every commit. Status: green.

Detector unit tests

67 per-pass test cases against the same SecretDetectorCascade the app ships. Compiled with swiftc -parse-as-library, no mocks. Runs in CI. Status: green.

Sanitizer unit tests

39 per-transform test cases covering path canonicalization, schema stamping, namespace assertion, and pipeline composition. Runs in CI. Status: green.

Adversarial bypass survey

14 documented bypass categories (Unicode invisibles, base64 wraps, multi-line splits, homoglyphs) run against Dryx and against competitors. We run a bypass-survey harness against the redaction pipeline on every release.

Standards alignment

Dryx is built in alignment with the emerging NIST AI Agent Standards Initiative control overlays and targets cyber-insurance-rider-grade inventory and control evidence — exportable in one click for enterprise customers.

We map every finding to OWASP MCP Top 10 and OWASP Agentic Top 10. CycloneDX AI Bill of Materials export is a Pro-tier feature.

Patents

Dryx is patent-pending across 11 filings spanning multi-party consensus, policy directive injection, adversarial request resistance, behavioral baseline, orphaned configuration detection, pre-deployment blast radius, and multi-layer enforcement. Priority date April 2026.

Last updated: June 13, 2026 · Version 1.1