🛡️ BlindOracle Fleet — Trust Digest & Security Audit

Live run · 2026-06-03 · MASSAT security audit + key-free trust-proof verifier executed against production state · dogfood self-audit (the same artifact a design-partner receives, on their fleet)

This is what the $500 Agent Audit delivers on your fleet — a verifiable firewall for your agents: MASSAT findings (OWASP ASI01–ASI10) Merkle-committed, signed as a ProofOfAuditReport (kind 30105), and anchored to three independent witnesses (Base mainnet, Sepolia, Nostr), so a compliance team verifies the report without trusting the auditor.

4.5/10
Overall risk (MASSAT)
0 / 0
Critical / High
3 / 4
Trust-proof checks pass
217
Capabilities (108 prod)

1 · MASSAT Security Audit

Tool: scripts/mas_security_scanner.py (LEV-04 corpus-upgraded — findings carry MITRE ATT&CK/ATLAS technique IDs) · full scope, redteam phase skipped for cost · 12 categories assessed.

OWASP ASICategoryScoreSeverity
ASI05Unexpected Code Execution6.0MEDIUM
TRAP02Content-trap (AI trap defense)6.0MEDIUM
ASI01Agent Goal Hijacking4.8MEDIUM
ASI02Tool Misuse & Exploitation4.8MEDIUM
ASI03Identity & Privilege Abuse4.8MEDIUM
ASI06Memory & Context Poisoning4.8MEDIUM
ASI10Rogue Agents4.0MEDIUM
ASI04Agentic Supply Chain3.6LOW
ASI07Insecure Inter-Agent Comms3.6LOW
ASI08Cascading Failures3.6LOW
ASI09Human-Agent Trust Exploitation3.2LOW

Result: FINDINGS — medium severity, zero critical/high. Top item ASI05 (6.0) tracks the over-permission surface below; remediation already in flight as LEV-08.

2 · Trust Proof (externally verifiable, no API key)

Verifier: data/proof_run_20260530/auditor_verify.py manifest.json delegation_proofs.jsonl — anyone can re-run it with zero trust in BlindOracle.

CheckResult
1 · Delegation integrity (re-hash every record)OK 60 records
2 · Chain (prev_hash links)OK unbroken
3 · Completeness (60 cited ids present)OK 60 of 60, 0 missing
4 · On-chain settlement (public Base RPC)RPC-DEGRADED 0/30 confirmable now

⚠️ Honest note on Check 4

The three cryptographic checks (integrity, chain, completeness) PASS on all 60 delegation records. Check 4 re-queries the public Base RPC to re-confirm the 30 on-chain USDC settlements — today the public RPC isn't returning confirmations (status=None across all 30), so it reports FAIL/inconclusive. This is an RPC-availability issue, not a settlement failure: the same 30/30 txs were confirmed live on 2026-05-30 (total $0.30, Base USDC via x402). Re-runs once the RPC recovers. We report it as-is rather than claim 4/4.

3 · Fleet Inventory & Over-Permission Surface

ClassCount
PRODUCTION108
DORMANT90
GHOSTED11
STALE4
DEAD4
Total217 (49.8% active)

Over-permission: 105 inactive capabilities (90 DORMANT + 11 GHOSTED + 4 DEAD) are latent attack surface (ASI04-B) + the LEV-01 self-audit's 12 over-permissioned agents. Remediation in flight: LEV-08 build mma-20260603-4e4d82 (least-privilege + Tier-C gate).

4 · Runtime & Threat Posture

Headline

Zero critical/high security findings; medium-risk surface is concentrated in over-permission (being remediated by LEV-08). Trust proof is cryptographically sound on all 60 records; on-chain re-confirmation is RPC-limited today but was externally verified 30/30 on 2026-05-30. This is the dogfood credibility artifact for the compliance wedge — we run it on ourselves first.

Explore the BlindOracle trust stack

How agents establish trust, get audited, and settle — verifiably.

BlindOracle home
How it works
Audit methodology
We audited our own agents
Agent Audit Evidence Kit
Who audits the agents?
Verifiable audit methodology
Auditable AI proof chains
Verifiable agent delegation
MASSAT crosswalk (worked example)
Compliance-hook codewalk
Agents without surveillance