cyberdaemon.ai

Independent AI security research. No vendor affiliation. No agenda.

This is original work on agentic AI authorization, governance framework coverage, and AI evaluation methodology. It exists because most AI security content is produced by vendors with something to sell or frameworks with something to protect. This is neither.

Research properties

Four active research areas

governance.cyberdaemon.ai

AI Governance Framework Navigator

26 AI governance frameworks mapped — coverage matrix, NHI gap analysis, and behavioral authorization gaps across NIST, EU AI Act, OWASP AISVS, MITRE ATLAS, and more.

For practitioners who need to know what frameworks actually cover, and what they miss.

Visit →

harnesses.cyberdaemon.ai

AI Evaluation Harness Explainer

How to build evaluation pipelines for LLMs and agentic systems. 200/300/400 learning levels, from concepts to implementation patterns.

For engineers building or evaluating AI systems who need more than benchmark comparisons.

Visit →

identity.cyberdaemon.ai

Securing Agentic Identity

Commercial platforms (Bedrock, Copilot, Vertex), open standards (SPIFFE/SPIRE, A2A), and the behavioral authorization gap — with reference architectures.

For security architects and platform engineers working on AI deployments, not just theory.

Visit →

dira.cyberdaemon.ai

DIRA: Dual-Intent Runtime Authorization

Original research on per-request behavioral authorization for autonomous agents. What RBAC and ABAC miss, and what a runtime control point actually requires.

For practitioners who need enforcement mechanisms, not just audit trails.

Visit →

About this platform

What this is

Most AI security content is vendor-produced or framework-captured. Vendors have products to position. Standards bodies have constituencies to balance. The result is content that is often accurate on what frameworks say and thin on what practitioners actually need to know. This platform publishes independent analysis, with no product to recommend and no sponsorship to protect.

Independent here means no consulting engagements, no vendor relationships influencing the content, and no client work. The research is published under cyberdaemon.ai. It is not affiliated with or endorsed by any employer, standards body, or vendor. Views expressed are the author's own.

DIRA, Dual-Intent Runtime Authorization, is the core original contribution and the research thread this platform was built around. The premise: existing access control models (RBAC, ABAC, policy-as-code) were designed for human principals making discrete, observable requests. Autonomous agents are different. They take sequences of actions, accumulate permissions across a session, and can diverge from stated intent without triggering any existing control. DIRA is a framework for enforcing behavioral authorization at runtime, per request, across the full action sequence. The other properties extend from that core problem.

Interactive

Where do I start?

Q1 — What is your role?

Q2 — What is your main problem?

Q3 — How much AI security experience?

Recommendation

Platform updates

Recent activity

2026-06-16 DIRA Initial publication of DIRA: Dual-Intent Runtime Authorization framework and threat model
2026-06-16 Identity Securing Agentic Identity published — commercial platform analysis, SPIFFE/A2A coverage, reference architectures
2026-06-16 Governance AI Governance Framework Navigator live — 26 frameworks, NHI gap analysis, behavioral authorization coverage matrix
2026-06-16 Harnesses AI Evaluation Harness Explainer published — 200/300/400 levels, pipeline architecture, agentic evaluation patterns
2026-06-16 Platform cyberdaemon.ai launched as independent AI security research hub