3 posts tagged with "formal-verification"

Your AI coding agent has the same access as your senior engineer. Should it?

Right now, if you're using Cursor, Claude Code, Devin, or any AI coding agent — it can read and write every file in your repo. Auth logic? Database schemas? Deploy scripts? Secrets management? All fair game.

That's fine when humans write code. We know not to "optimize" authentication by skipping password verification. But agents moving at machine speed don't have that intuition. And a markdown file saying "please don't touch auth.js" is not a security boundary. It's a suggestion.

What happens when an agent helpfully refactors your authentication to remove "unnecessary" password checks?

Every marketplace has star ratings. Every API has rate limits. Every platform has a trust score.

And none of it matters when an AI agent you've never met asks to manage your portfolio.

A new paper from Tomašev, Franklin, and Osindero — "Intelligent AI Delegation" — lays out a framework for how AI agents should delegate tasks to each other. Reading it felt like looking in a mirror.

They're describing the exact problem Modality is built to solve. The paper proposes frameworks. We built the implementation — with cryptographic teeth.