Introduction to AI Architect
A new platform, AI Architect, has been launched by Atsign to tackle the problem of securing AI-built applications. The platform uses cryptographic invisibility to protect these applications from vulnerabilities and attacks.
AI coding has increased the ease of development, but it also threatens the release of insecure apps. The security industry has taken 50 years to learn that the internet perimeter that requires protection is the individual identity of every single entity involved.
The Problem of AI Coding
AI coding does not build apps secure by design – it builds apps for speed and ease of development. New apps are being built by anyone, with or without any coding or security expertise, and including unprotected identities and recognized open source code containing known vulnerabilities.
This is a major concern, as Broadband-Testing Ltd. recently summarized:
Securing those generative and agentic apps has not exactly been top of the list of ‘to do’ tasks before sending said apps out into the wild. This is sugar coated ether candy for the cyber attackers, especially when those apps are in supply chain environments.
Atsign's Approach to Security
Atsign already has experience in securing identities, both human and non-human, through advanced cryptology. Adversarial scans cannot recognize ciphercode as anything, never mind an identity. So, identities become invisible to attackers.
Attackers are unable to attack what they cannot see, and the vulnerabilities cannot be exploited through credentials. Now Atsign has included this concept into the process of AI coding with its AI Architect product.
How AI Architect Works
AI Architect adds security value to vibe coding. The platform helps the developer specify the app’s purpose and produces finely tuned, precise prompts that force the agent to generate secure and only relevant code.
The process is agnostic to the coding agent and LLM chosen by the developer – it simply requires the agent to be configured to use AI Architect’s own custom MCP server.
MCP Server
The MCP (dubbed AAIA for ‘Atsign AI Architect’) is a set of mechanisms and policies ensuring every interaction between every resource involved is authenticated, authorized, encrypted and governed by the context it provides.
Each resource is assigned its own unique cryptographic identity, with privileges and policies controlling what each identity can do. The cryptographic keys are non-custodial, ensuring they belong solely to the developer and cannot be stolen from Atsign’s relay servers.
Benefits of AI Architect
Through these means, all the resources used in the app development are invisible to any attacker. No ports or public APIs remain open and an attacker has nothing to scan.
An AI Architect agent-coded app maintains Atsign’s concept of security through invisibility. The tool helps the user to build a ‘blueprint’; a high-level description of the app’s purpose.
The blueprint, combined with the MCP’s security rules and build instructions generates and exports JSON-based prompts that include all the necessary instructions and SDK references.
The user pastes these prompts into the chosen coding agent, and the agent builds the app. The process builds context-based, deterministic and precise prompts that ensure the coding agents neither adds to nor misconstrues any of the prompt instructions.
Conclusion
The design concept behind AI Architect is solid. The intent is to produce an AI generated app like a polished steel ball. This steel ball may not be invisible to adversaries, but it is difficult to find any structural flaw that will allow entry.
Even if the attackers get inside the app they will see nothing to exploit – all credentials are hidden by the cryptographic cloak of invisibility. This is security by design; and the design is complete invisibility.
- Related: The Credential Crisis: How Stolen Credentials Defeat Modern Security
- Related: The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore
- Related: Venom Stealer Raises Stakes With Continuous Credential Harvesting
- Related: OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds
Source: SecurityWeek