(no title)
mlyle | 6 hours ago
Surely it's just the enforcement, and maybe the measuring of sentinel events -- how far does it wander off course.
How is cryptography an important part of this, given that we're talking about a layer that sits on top of an LLM without an adversary in-between?
I know you mention non-repudiation, but ... there's no kind of real non-repudiation here in this environment.
nobulexdev|6 hours ago
But, it matters when there are multiple parties. An enterprise deploys an agent that can handle customer data. The customer wants proof the agent has followed the rules. The regulator wants proof that the logs were not just edited after an incident. Without cryptographic signatures and hash chains, the enterprise can just say "trust us." With them, the proof is independently verifiable.
It's just the difference between "we followed the rules" and "here's a mathematically verifiable proof we followed the rules." For internal use, it's an overkill. For anything with external accountability, that targets the point.
mlyle|4 hours ago
It doesn't tell you anything about what code was running there or whether it was really enforced.
Look, it's cool that this is an area that interests you. But I want you to know that AI agents are sycophantic and will claim your ideas are good and will not necessarily steer you in good directions. I have patents in the area of non-repudiation dating back 25 years and am doing my best to give you good feedback.
Non-repudiation, policy enforcement, audit-readiness, ledgers: these are all good things. As far as I can tell, there's nothing too special about doing this with LLMs, too. The same kinds of code that a bank uses to ensure that its ledger isn't tampered with and that the right software is running in the right places would work for this job -- and it wasn't vibe coded and mostly specified by AI.