IronCurtain is a personal AI assistant, built secure* from the ground up. It gives an agent exactly the capabilities it needs and blocks everything else or routes it through user approval, on the premise that agents today handle credentials and untrusted input with no meaningful security boundaries. The asterisk indicates that absolute security is impossible, so the goal is to keep an agent from straying too far from its intended task through policy enforcement and sandbox constraints. The framework is open source at github.com/provos/ironcurtain.
I gave two recent talks on this work. The slides are embedded below, and each deck opens fullscreen for navigation with arrow keys.
LLM Security: Beyond Detection
Delivered as a SecRIT lunch talk. Detection perimeters around an agent are the wrong threat model; the real problem is intent drift across multi-turn sessions, and the answer is structural enforcement rather than inspection. For the orchestration mechanics behind the zero-day findings, see Finding Zero-Days with Any Model.
The Day After the Zero-Days
Delivered at the Cloud Security Alliance AI Summit. AI now finds critical bugs on demand, patch cadence was never going to keep up, and the response is to build security invariants that take attack classes off the critical path. The companion post is The Day After the Zero-Days, and a recording is available.