MACAW is built on peer-reviewed research in distributed systems security. Our core insight: instead of trying to detect AI attacks (which doesn't work), we bound agentic systems deterministically using the same cryptographic techniques that secure distributed systems. The result - breaking your AI requires breaking cryptography, not crafting clever prompts.
Collaborate With Us
We're building in the open. If you're a practitioner or researcher working on agentic AI security, we'd love to connect. research@macawsecurity.com
| Type | Title | |
|---|---|---|
| Paper | Authenticated Workflows: A Systems Approach to Protecting Agentic AI The foundational paper. Why detection-based AI security fails, how to bound agentic systems deterministically, and the four attack surfaces (prompts, tools, data, context) that cover all attack vectors. | |
| Paper | Protecting Context and Prompts: Deterministic Security for Non-Deterministic AI How to make prompts and context cryptographically authentic. Lineage tracking for derived prompts, hash-chained context for tamper-evidence, and why permissions can only narrow as workflows execute. | |
| Analysis | Convergence Analysis: Mapping MACAW to SOTA AI Control Gaps How MACAW's deterministic controls map to the gaps and open problems identified by Anthropic and Google DeepMind. Companion to the note "The Missing Layer in SOTA AI Controls." | |
| White Paper | The Inline Gateway Pattern Why inline gateways are architecturally superior to centralized gateways for agentic AI. SecureMCPProxy, SecureOpenAI, and the unified trust layer. | |
| White Paper | SecureMCP: The Production Layer for MCP Identity, policy, audit, and observability for MCP servers. Solving the shared context problem with per-invocation isolation. | |
| White Paper | Zero Trust Agentic Identity The missing infrastructure layer for enterprise AI. Why traditional identity fails for AI agents. | |
| Guide | MAPL Policy Guide Complete tutorial for the MACAW Agentic Policy Language. Policy structure, inheritance, parameter constraints, and attestations. | |
| Architecture | Identity Flow Architecture MACAW's layered identity architecture. How JWT tokens flow through adapters and clients with multi-user isolation. | |
| Reference | Claims Mapping Reference Mapping enterprise identity provider claims to MACAW's policy model. Examples for Keycloak, Okta, Azure AD, and Google. | |
| Guide | Delegated Authentication How AI agents act on behalf of users with scoped permissions, audit trails, and cryptographic verification. |