Skip to content
@ThirdKeyAI

ThirdKey.AI

AI Safety and Security Solutions
README.md

Secure AI Infrastructure for the Autonomous Future

ThirdKey builds the trust layer for autonomous AI agents — policy enforcement, cryptographic identity, tool governance, and network visibility.

Featured Projects

Symbiont — Policy-Governed Agent Runtime

AI agents are easy to demo and hard to trust. Symbiont is the Rust-native execution layer that separates agent intent from execution authority.

  • Cedar-based fine-grained policy authorization
  • Typestate-enforced ORGA reasoning loop (Observe → Reason → Gate → Act)
  • MCP tool integration with SchemaPin cryptographic verification
  • Docker sandboxing with resource limits and approval gates
  • Tamper-evident cryptographic audit trails
  • Secrets management via Vault/OpenBao, persistent memory, and RAG

👉 symbiont.dev | Source

ToolClad — Declarative Tool Interface Contracts

Stop writing repetitive custom code for every tool. ToolClad defines typed, validated, policy-aware tool contracts in .clad.toml manifests.

  • Three execution modes: oneshot (CLI), session (interactive PTY with Cedar gating), browser (governed headless via CDP/Playwright)
  • Shell injection prevention, direct execve dispatch, process group isolation
  • 14 built-in type validators, conditional evaluation, evidence envelope generation
  • Reference implementations in Rust, Python, JavaScript, and Go

AgentSniff — AI Agent Network Scanner

Detect AI agents operating on your network through passive monitoring, active probing, protocol detection, and behavioral analysis.

  • Seven detection techniques: passive DNS analysis (40+ LLM API domains), TCP port scanning, AgentPin identity discovery, MCP server probing, HTTP endpoint signatures, JA3 TLS fingerprinting, behavioral traffic patterns
  • Deploy standalone, via Docker, or Docker Compose with web dashboard
  • Continuous scanning, webhook/SMTP alerting, SQLite history

Trust Stack

Project Description
🔐 SchemaPin Cryptographic protocol for signing AI tool schemas and policies
🪪 AgentPin Domain-anchored cryptographic identity for AI agents

Research & Tools

Project Description
🕶️ AgentNull Reference implementation of a restricted LLM agent for security testing
📦 VectorSmuggle Covert data exfiltration via vector embeddings (research prototype)

Stay Connected

ThirdKey.ai — Infrastructure for AI you can trust.

Pinned Loading

  1. Symbiont Symbiont Public

    Rust-native runtime for executing AI agents and tools under explicit policy, identity, and audit controls.

    Rust 40 7

  2. SchemaPin SchemaPin Public

    The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks.

    Python 15 6

  3. ToolClad ToolClad Public

    ToolClad is a manifest format (.clad.toml) that defines the complete behavioral contract for a tool: typed parameters, validation rules, invocation mechanism, output parsing, and policy metadata.

    Rust 1

  4. AgentPin AgentPin Public

    AgentPin agent pinning protocol, part of the Symbiont Agent Trust Stack

    Rust 3

  5. symbiont-sdk-python symbiont-sdk-python Public

    Python DSK for Symbiont DSL and agent framework.

    Python 3

  6. symbiont-sdk-js symbiont-sdk-js Public

    Javascript SDK for Symbiont

    TypeScript 2

Repositories

Showing 10 of 16 repositories
  • Symbiont Public

    Rust-native runtime for executing AI agents and tools under explicit policy, identity, and audit controls.

    ThirdKeyAI/Symbiont’s past year of commit activity
    Rust 40 Apache-2.0 7 0 0 Updated Apr 10, 2026
  • SchemaPin Public

    The SchemaPin protocol for cryptographically signing and verifying AI agent tool schemas to prevent supply-chain attacks.

    ThirdKeyAI/SchemaPin’s past year of commit activity
    Python 15 MIT 6 0 5 Updated Apr 8, 2026
  • OpenAgentTrustStack Public

    OpenAgentTrustStack (OATS) Specification

    ThirdKeyAI/OpenAgentTrustStack’s past year of commit activity
    HTML 1 Apache-2.0 0 0 0 Updated Apr 8, 2026
  • AgentPin Public

    AgentPin agent pinning protocol, part of the Symbiont Agent Trust Stack

    ThirdKeyAI/AgentPin’s past year of commit activity
    Rust 3 MIT 0 0 0 Updated Apr 4, 2026
  • agentsniff Public

    Detect AI agents operating on your network through passive monitoring, active probing, protocol detection, and behavioral analysis.

    ThirdKeyAI/agentsniff’s past year of commit activity
    Python 3 Apache-2.0 1 0 0 Updated Apr 3, 2026
  • ToolClad Public

    ToolClad is a manifest format (.clad.toml) that defines the complete behavioral contract for a tool: typed parameters, validation rules, invocation mechanism, output parsing, and policy metadata.

    ThirdKeyAI/ToolClad’s past year of commit activity
    Rust 1 MIT 0 0 0 Updated Apr 3, 2026
  • blog Public
    ThirdKeyAI/blog’s past year of commit activity
    SCSS 0 0 0 0 Updated Apr 3, 2026
  • symbi-claude-code Public

    Use Symbiont's zero-trust governance with Claude Code

    ThirdKeyAI/symbi-claude-code’s past year of commit activity
    Shell 3 Apache-2.0 0 0 0 Updated Apr 3, 2026
  • symbi-redteam Public

    Governed autonomous penetration testing platform powered by Symbiont. An AI engagement controller orchestrates a multi-phase pen test across a curated offensive toolchain where every tool has a different risk profile, every action is Cedar policy-gated, and every finding is evidence-chained.

    ThirdKeyAI/symbi-redteam’s past year of commit activity
    Rust 2 Apache-2.0 0 0 0 Updated Apr 2, 2026
  • homebrew-tap Public
    ThirdKeyAI/homebrew-tap’s past year of commit activity
    Ruby 0 0 0 0 Updated Apr 1, 2026
View all repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…