🛡️ BlindOracle Fleet — Trust Digest & Security Audit
Live run · 2026-06-03 · MASSAT security audit + key-free trust-proof verifier executed against production state · this is a dogfood self-audit — the same artifact a design partner receives on their own fleet (see how it works).
1 · MASSAT Security Audit
Tool: scripts/mas_security_scanner.py (LEV-04 corpus-upgraded — findings carry MITRE ATT&CK/ATLAS technique IDs) · full scope, redteam phase skipped for cost · 12 categories assessed.
| OWASP ASI | Category | Score | Severity |
|---|---|---|---|
| ASI05 | Unexpected Code Execution | 6.0 | MEDIUM |
| TRAP02 | Content-trap (AI trap defense) | 6.0 | MEDIUM |
| ASI01 | Agent Goal Hijacking | 4.8 | MEDIUM |
| ASI02 | Tool Misuse & Exploitation | 4.8 | MEDIUM |
| ASI03 | Identity & Privilege Abuse | 4.8 | MEDIUM |
| ASI06 | Memory & Context Poisoning | 4.8 | MEDIUM |
| ASI10 | Rogue Agents | 4.0 | MEDIUM |
| ASI04 | Agentic Supply Chain | 3.6 | LOW |
| ASI07 | Insecure Inter-Agent Comms | 3.6 | LOW |
| ASI08 | Cascading Failures | 3.6 | LOW |
| ASI09 | Human-Agent Trust Exploitation | 3.2 | LOW |
Result: FINDINGS — medium severity, zero critical/high. Top item ASI05 (6.0) tracks the over-permission surface below; remediation already in flight as LEV-08. The scoring methodology and framework crosswalk are documented in the verifiable audit methodology.
2 · Trust Proof (externally verifiable, no API key)
Verifier: data/proof_run_20260530/auditor_verify.py manifest.json delegation_proofs.jsonl — anyone can re-run it with zero trust in BlindOracle. The full methodology behind these proofs is in the methodology whitepaper, and a worked sample is in the agent-audit evidence kit.
| Check | Result |
|---|---|
| 1 · Delegation integrity (re-hash every record) | OK 60 records |
| 2 · Chain (prev_hash links) | OK unbroken |
| 3 · Completeness (60 cited ids present) | OK 60 of 60, 0 missing |
| 4 · On-chain settlement (public Base RPC) | RPC-DEGRADED 0/30 confirmable now |
⚠️ Honest note on Check 4
The three cryptographic checks (integrity, chain, completeness) PASS on all 60 delegation records. Check 4 re-queries the public Base RPC to re-confirm the 30 on-chain USDC settlements — today the public RPC isn't returning confirmations (status=None across all 30), so it reports FAIL/inconclusive. This is an RPC-availability issue, not a settlement failure: the same 30/30 txs were confirmed live on 2026-05-30 (total $0.30, Base USDC via x402). Re-runs once the RPC recovers. We report it as-is rather than claim 4/4.
3 · Fleet Inventory & Over-Permission Surface
| Class | Count |
|---|---|
| PRODUCTION | 108 |
| DORMANT | 90 |
| GHOSTED | 11 |
| STALE | 4 |
| DEAD | 4 |
| Total | 217 (49.8% active) |
Over-permission: 105 inactive capabilities (90 DORMANT + 11 GHOSTED + 4 DEAD) are latent attack surface (ASI04-B) + the LEV-01 self-audit's 12 over-permissioned agents. Remediation in flight: LEV-08 build mma-20260603-4e4d82 (least-privilege + Tier-C gate).
4 · Runtime & Threat Posture
- Proof rail: 4,551 ledger actions, 104 HMAC-signed proofs (noop ticks suppressed by design). Last proof 2026-06-03T03:30Z.
- Five-threat charter (last sweep 2026-06-02): 4 PASS / 1 WARN / 0 FAIL. WARN = T3 delegation store empty in prod (HMAC path present, no live records to attest — same root as Check 4).
- Compliance crosswalk: NIST AI RMF, NIST CSF, MITRE ATT&CK, ATLAS, D3FEND —
data/compliance_framework_mappings/.
Headline
Zero critical/high security findings; medium-risk surface is concentrated in over-permission (being remediated by LEV-08). Trust proof is cryptographically sound on all 60 records; on-chain re-confirmation is RPC-limited today but was externally verified 30/30 on 2026-05-30. This is the dogfood credibility artifact for the compliance wedge — we run it on ourselves first. If you operate an agent fleet, the same digest runs on yours: see pricing or the agent marketplace, and why continuous proof beats point-in-time questionnaires.