Skip to content
View jaschadub's full-sized avatar
πŸ‘οΈ
πŸ‘οΈ
73 followers · 23 following

Achievements

Achievement: YOLOAchievement: Pull Sharkx2Achievement: Public SponsorAchievement: Arctic Code Vault ContributorAchievement: Starstruck

Achievements

Achievement: YOLOAchievement: Pull Sharkx2Achievement: Public SponsorAchievement: Arctic Code Vault ContributorAchievement: Starstruck

Organizations

@tarnover @ImmutaLabs

Block or report jaschadub

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
jaschadub/README.md

Hi there πŸ‘‹ I'm Jascha

πŸ”­ Currently building:

  • Symbiont β€” βš™οΈ Policy-governed agent runtime for production. A Rust-native runtime for executing AI agents and tools under explicit policy, identity, and audit controls. Same agent. Secure runtime.
  • SchemaPin β€” 🧷 Cryptographic tool schema verification for AI agents and MCP servers. Prevents "MCP Rug Pull" attacks with ECDSA signatures, DNS-anchored trust, and TOFU key pinning.
  • AgentPin β€” πŸͺͺ Domain-anchored cryptographic identity for AI agents. The second layer in the ThirdKey trust stack (SchemaPin β†’ AgentPin β†’ Symbiont).
  • ToolClad β€” πŸ›‘οΈ Declarative tool interface contracts for agentic runtimes. .clad.toml manifests define the complete behavioral contract: typed parameters, validation rules, invocation, output parsing, and policy metadata.
  • AgentSniff β€” πŸ” AI Agent Network Scanner. Detect AI agents operating on enterprise networks via passive monitoring, active probing, protocol detection, and behavioral analysis.
  • TrustVer β€” πŸ“¦ Provenance-aware versioning for AI-era software. Combines EffVer effort semantics with authorship tagging and signed Provenance Attestation Documents (PAD) β€” know the effort, the author, and the verification applied.

Other Projects πŸš€

  • AgentNull β€” πŸ•³οΈ AI System Security Threat Catalog + Proof-of-Concepts. A red team-oriented catalog of attack vectors targeting autonomous agents (MCP, LangGraph, AutoGPT), RAG pipelines, and embedding-based retrieval systems.
  • VectorSmuggle β€” 🧬 Testing platform for covert data exfiltration via vector embeddings. Sensitive documents tunneled out under the guise of legitimate RAG operations β€” bypassing traditional controls through semantic obfuscation. Built to help security teams detect and defend.
  • HarmonyDagger β€” πŸ” Make Music Unlearnable for Generative AI. Imperceptible psychoacoustic noise patterns that prevent effective ML training while preserving human listening quality. (Reference implementation β€” not for production.)

πŸ”¬ Research @ ThirdKey

We're building next-generation AI systems for enterprise security and automation.
Our mission: enhance cybersecurity, streamline operations, and democratize AI-powered protection.

Tech Stack βš™οΈ

Rust Python FastAPI Terraform Ansible Kubernetes AWS Docker

Connect with me 🀝

Twitter LinkedIn Hugging Face Bluesky

Pinned Loading

  1. ThirdKeyAI/Symbiont ThirdKeyAI/Symbiont Public

    Rust-native runtime for executing AI agents and tools under explicit policy, identity, and audit controls.

    Rust 40 7

  2. ThirdKeyAI/SchemaPin ThirdKeyAI/SchemaPin Public

    The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks.

    Python 15 6

  3. ThirdKeyAI/AgentPin ThirdKeyAI/AgentPin Public

    AgentPin agent pinning protocol, part of the Symbiont Agent Trust Stack

    Rust 3

  4. ThirdKeyAI/ToolClad ThirdKeyAI/ToolClad Public

    ToolClad is a manifest format (.clad.toml) that defines the complete behavioral contract for a tool: typed parameters, validation rules, invocation mechanism, output parsing, and policy metadata.

    Rust 1

  5. ThirdKeyAI/agentsniff ThirdKeyAI/agentsniff Public

    Detect AI agents operating on your network through passive monitoring, active probing, protocol detection, and behavioral analysis.

    Python 3 1

  6. VectorSmuggle VectorSmuggle Public

    Testing platform for covert data exfiltration techniques where sensitive documents are embedded into vector representations and tunneled out under the guise of legitimate RAG operations β€” bypassing…

    Python 68 3