Hacker News: sharathr

New comment by sharathr in "Show HN: Agent Vault – Open-source credential proxy and vault for agents"

sharathr — Thu, 23 Apr 2026 23:06:03 +0000

From what I can tell, agent-vault does not solve identity, only how its stored. For true agent identity, you should look into: https://github.com/highflame-ai/zeroid (author: full disclosure)

Autonmomous Agent Identity Framework

sharathr — Mon, 06 Apr 2026 17:32:37 +0000

Article URL: https://github.com/highflame-ai/zeroid

Comments URL: https://news.ycombinator.com/item?id=47664112

Points: 4

# Comments: 0

New comment by sharathr in "[dead]"

sharathr — Wed, 25 Feb 2026 19:47:25 +0000

Research paper here: https://arxiv.org/pdf/2602.16935

New comment by sharathr in "Multi-Turn Intent Detection for LLM and Agent Security (ArXiv)"

sharathr — Fri, 20 Feb 2026 21:17:56 +0000

Hi HN — I’m one of the authors.

We’ve been working on security for multi-turn agent loops and noticed most detection approaches operate on isolated prompts. This paper introduces a framework for modeling intent trajectories across sequences in real time (<20ms), enabling enforcement before harmful actions occur.

Happy to answer technical questions or discuss assumptions in the paper.

Multi-Turn Intent Detection for LLM and Agent Security (ArXiv)

sharathr — Fri, 20 Feb 2026 21:17:36 +0000

Article URL: https://www.arxiv.org/pdf/2602.16935

Comments URL: https://news.ycombinator.com/item?id=47094095

Points: 1

# Comments: 1

New comment by sharathr in "Palisade: Bringing Zero-Trust to the AI Model Supply Chain"

sharathr — Wed, 24 Dec 2025 02:12:48 +0000

We’ve spent decades hardening software supply chains — signing binaries, scanning dependencies, locking down CI/CD — yet AI models themselves are mostly treated as opaque blobs pulled from the internet. That assumption is increasingly unsafe: models can be tampered with, backdoored, or subtly manipulated to behave maliciously at runtime.

Highflame’s new tool Palisade brings a zero-trust approach to the AI model supply chain. It validates format and structural integrity, detects hidden malicious patterns, verifies provenance via Sigstore/SLSA, and can even trigger behavioral checks to surface backdoors that only activate under certain inputs. Built in Rust for speed and scalability, Palisade makes it feasible to gate models before they hit inference servers or CI/CD pipelines, turning “download and hope” into a verifiable trust boundary.

Author here — happy to answer questions about threat models, performance tradeoffs, or how this fits into CI/CD.

Palisade: Bringing Zero-Trust to the AI Model Supply Chain

sharathr — Wed, 24 Dec 2025 02:12:48 +0000

Article URL: https://highflame.com/blogs/launching-palisade-zero-trust-security-for-the-ai-model-supply-chain

Comments URL: https://news.ycombinator.com/item?id=46371718

Points: 2

# Comments: 1

New comment by sharathr in "[dead]"

sharathr — Thu, 09 Oct 2025 01:35:27 +0000

With zero-friction integration, you can secure code agents at runtime, preventing data leaks, unauthorized actions, and unsafe connections

New comment by sharathr in "[dead]"

sharathr — Thu, 09 Oct 2025 01:12:44 +0000

Zero-friction integration to secure code agents at runtime, preventing data leaks, unauthorized actions, and unsafe MCP connections.

New comment by sharathr in "[dead]"

sharathr — Tue, 16 Sep 2025 19:44:58 +0000

We recently released https://github.com/getjavelin/ramparts, a tool in the overall ecosystem designed to help protect & raise awareness of security issues in remote or locally developed MCP servers.

Its free, extensible with yara support and can be adapted to the needs of an enterprise.

New comment by sharathr in "Show HN: MCP Security Suite"

sharathr — Thu, 14 Aug 2025 22:43:52 +0000

Looks like Ramparts which solves these issues and is written in fast RUST instead of python. https://github.com/getjavelin/ramparts

New comment by sharathr in "DoubleAgents: Fine-Tuning LLMs for Covert Malicious Tool Calls"

sharathr — Thu, 14 Aug 2025 17:58:24 +0000

Palisade works by utilizing dozens of specialized research backed security validators that work together to validate models across different formats (GGUF, SafeTensors, Pickle etc.,) and model families (BERT, Llama etc.,) for things like backdoor detection, supply chain vulnerabilities in the model files and model metadata. Any hidden embedded tool-calling logic can be activated by specific triggers which can be detected through a combination of static scan, schema analysis, trigger & instruction detection in models.

New comment by sharathr in "DoubleAgents: Fine-Tuning LLMs for Covert Malicious Tool Calls"

sharathr — Thu, 14 Aug 2025 05:36:06 +0000

This highlights the critical need for Model Supply Chain scanning for Enterprises that adopt AI. Full disclosure, I am co-founder CEO of Javelin (www.getjavelin.com) and we ran your model through Javelin's Supply Chain Scanner (Palisade) and it immediately identified the errors:

uv run palisade --verbose scan-dir "models/bad_qwen3_sft_playwright_gguf_v2/" --format json Scanning directory: models/bad_qwen3_sft_playwright_gguf_v2 Recursive: False Policy: Default security policy

  Running ToolCallSecurityValidator (3.8s) - 1 critical warning found
  Detection Details:
  - Risk Score: 1.00 (Maximum)
  - Overall Risk: CRITICAL
  - Recommendation: block_immediately
  - Findings:
    - Suspicious parameters found: 1 types
    - High-risk trigger combinations: 4

   Detected Model behavioral backdoor (ToolCallSecurityValidator)
   Identified format string vulnerabilities (BufferOverflowValidator)
   Found injection indicators (ModelIntegrityValidator)
   Discovered tampering evidence (ModelIntegrityValidator)
   Located data exfiltration patterns(SupplyChainValidator)

New comment by sharathr in "Launch HN: Lucidic (YC W25) – Debug, test, and evaluate AI agents in production"

sharathr — Wed, 30 Jul 2025 17:38:10 +0000

yet another observability tool thats joining the already overcrowded space

New comment by sharathr in "Ramparts: A fast, lightweight security scanner for mcp servers"

sharathr — Wed, 23 Jul 2025 16:35:56 +0000

Ramparts is a fast, lightweight, and robust security scanner specifically engineered for scanning Model Context Protocol (MCP) servers. Its core mission is to identify and mitigate indirect attack vectors and configuration vulnerabilities that could compromise your AI systems. Ramparts is built from the ground up with the unique complexities of agentic AI in mind.

Ramparts: A fast, lightweight security scanner for mcp servers

sharathr — Wed, 23 Jul 2025 16:35:56 +0000

Article URL: https://github.com/getjavelin/ramparts

Comments URL: https://news.ycombinator.com/item?id=44661116

Points: 4

# Comments: 1

JavelinGuard: Low-Cost Transformer Architectures for LLM Security

sharathr — Tue, 10 Jun 2025 15:59:42 +0000

We present JavelinGuard, a suite of low-cost, high-performance model architectures designed for detecting malicious intent in Large Language Model (LLM) interactions, optimized specifically for production deployment.

Recent advances in transformer architectures, including compact BERT(Devlin et al. 2019) variants (e.g., ModernBERT (Warner et al. 2024)), allow us to build highly accurate classifiers with as few as approximately 400M parameters that achieve rapid inference speeds even on standard CPU hardware. We systematically explore five progressively sophisticated transformer-based architectures: Sharanga (baseline transformer classifier), Mahendra (enhanced attention-weighted pooling with deeper heads), Vaishnava and Ashwina (hybrid neural ensemble architectures), and Raudra (an advanced multi-task framework with specialized loss functions).

Our models are rigorously benchmarked across nine diverse adversarial datasets, including popular sets like the NotInject series, BIPIA, Garak, ImprovedLLM, ToxicChat, WildGuard, and our newly introduced JavelinBench, specifically crafted to test generalization on challenging borderline and hard-negative cases.

Additionally, we compare our architectures against leading open-source guardrail models as well as large decoder-only LLMs such as gpt-4o, demonstrating superior cost-performance trade-offs in terms of accuracy, and latency. Our findings reveal that while Raudra's multi-task design offers the most robust performance overall, each architecture presents unique trade-offs in speed, interpretability, and resource requirements, guiding practitioners in selecting the optimal balance of complexity and efficiency for real-world LLM security applications.

Comments URL: https://news.ycombinator.com/item?id=44238404

Points: 29

# Comments: 2

You cannot scale, because you can't secure your agents

sharathr — Thu, 20 Feb 2025 20:46:12 +0000

Article URL: https://www.getjavelin.com/

Comments URL: https://news.ycombinator.com/item?id=43119944

Points: 1

# Comments: 0

New comment by sharathr in "Data exfiltration from Writer.com with indirect prompt injection"

sharathr — Fri, 15 Dec 2023 21:16:35 +0000

Not really, prompts are poor guardrails for LLMs and we have seen several examples this fails in practice. We created an LLM focused security product to handle these types of exfils (through prompt/response/url filtering). You can check out www.getjavelin.io

Full disclosure, I am one of the co-founders.

New comment by sharathr in "Show HN: I built an OSS alternative to Azure OpenAI services"

sharathr — Tue, 12 Dec 2023 06:45:38 +0000

You might want to also look at: https://www.getjavelin.io