Blog

Writing from the Raucle team on AI security, provenance, and the protocols of verifiable AI.

14 May 2026

Unforgeable Tool Handles — Capability Permissions for AI Agents

Stop asking the LLM not to misuse its tools. raucle v0.10.0 ships Ed25519-signed capability tokens — the tool refuses to execute unless the caller presents an unforgeable handle whose constraints match the call.

14 May 2026

Proofs, Not Statistics — Formal Verification for AI Guardrails

Every AI security product ships with "tested against 10,000 attacks." raucle v0.9.0 ships the alternative — SMT-backed proofs that no tool-call, URL, or SQL query a bounded agent can emit will violate its policy.

14 May 2026

Sigstore for AI Threats — Federated Signed-IOC Feeds

A novel jailbreak found by one team at 3am should be blocked at every gateway by morning. No central authority. No API token. v0.8.0 ships the protocol — pin a key, subscribe in one line.

14 May 2026

The Attacks You Can't See — Multimodal Prompt Injection in 2026

Invisible Unicode, ASCII art, OCR-bearing screenshots, PDF font streams. Four evasion classes, four detectors, one composable pipeline. raucle v0.7.0 ships the multimodal layer.

14 May 2026

What Would Have Happened? Counterfactual Replay for AI Workflows

Cryptographic chain-of-custody for AI was the foundation. Today we ship the feature it was always for — re-running any incident against an alternate guardrail policy and getting a verifiable answer.

14 May 2026

Cryptographic Provenance for AI Workflows — A Draft Standard

Software supply chains figured out verifiable attestation. AI inference hasn't. Today we are publishing a draft standard, four reference implementations, and an invitation.