We added cryptographic approval to our AI agent… and it was still unsafe

Reddit r/artificial / 4/18/2026

💬 OpinionIdeas & Deep AnalysisModels & Research

Read original →

共有:

Key Points

The team added cryptographic “authorization” to an AI agent—evaluating every action, issuing signed ALLOW/DENY decisions, and verifying signatures before execution—but it still proved unsafe.
They found the approval was not cryptographically bound to the exact execution (the same ALLOW could be reused for a slightly different action), nor bound to the relevant state or target service.
Even when nonces were used to prevent replay, replay enforcement was not happening at the actual execution boundary, allowing approved decisions to be carried over improperly.
The key lesson is that verifying a signed decision is mainly an audit question, while safety requires a verifiable “execution contract” that is enforced where execution occurs.
The post invites others to share how they bind approvals to exact intent, execution state, and execution target, rather than relying on signature verification alone.
categories: []

We’ve been working on adding “authorization” to an AI agent system.

At first, it felt solved:

- every action gets evaluated

- we get a signed ALLOW / DENY

- we verify the signature before execution

Looks solid, right?

It wasn’t.

We hit a few problems almost immediately:

The approval wasn’t bound to the actual execution

Same “ALLOW” could be reused for a slightly different action.

No state binding

Approval was issued when state = X

Execution happened when state = Y

Still passed verification.

No audience binding

An approval for service A could be replayed against service B.

Replay wasn’t actually enforced at the boundary

Even with nonces, enforcement wasn’t happening where execution happens.

So what we had was:

a signed decision

What we needed was:

a verifiable execution contract

The difference is subtle but critical:

- “Was this approved?” -> audit question

- “Can this execute?” -> enforcement question

Most systems answer the first one.

Very few actually enforce the second one.

Curious how others are thinking about this.

Are you binding approvals to:

- exact intent?

- execution state?

- execution target?

Or are you just verifying signatures and hoping it lines up?

submitted by /u/docybo
[link] [comments]

💡 Insights using this article

This article is featured in our daily AI news digest — key takeaways and action items at a glance.

📅 4/18DailyView insight →

The myth of Claude Mythos crumbles as small open models hunt the same cybersecurity bugs Anthropic showcased

THE DECODER

Claude Opus 4.7 vs 4.6: What Actually Changed and What Breaks on Migration

Dev.to

AI, Hope, and Healing: Can We Build Our Own Personalized mRNA Cancer Vaccine Pipeline?

Dev.to

The Hotel AI Visibility Crisis: Why AI Cites Review Sites More Than Your Own Website

Dev.to

Automate Your Literature Review: Build a Custom AI Pipeline

Dev.to

We added cryptographic approval to our AI agent… and it was still unsafe

Key Points

💡 Insights using this article

Related Articles

The myth of Claude Mythos crumbles as small open models hunt the same cybersecurity bugs Anthropic showcased

Claude Opus 4.7 vs 4.6: What Actually Changed and What Breaks on Migration

AI, Hope, and Healing: Can We Build Our Own Personalized mRNA Cancer Vaccine Pipeline?

The Hotel AI Visibility Crisis: Why AI Cites Review Sites More Than Your Own Website

Automate Your Literature Review: Build a Custom AI Pipeline

関連おすすめサービス

Notta搭載AI議事録イヤホン ZENCHORD1

AI搭載ボイスレコーダー Plaud

画像高画質化AIツール Aiarty Image Enhancer