Forem: Palash Bagchi

The Identity Crisis of AI Agents — And Why Kakunin Might Be Early to a Very Big Market

Palash Bagchi — Wed, 20 May 2026 06:30:40 +0000

The software industry is entering a new architectural paradigm.

We are moving past static microservices, chatbots, and copilots. Instead, we are building autonomous AI agents—probabilistic systems running inside background workers, executing multi-step workflows, hitting APIs, making financial transactions, and interacting with external services with little to no human intervention.

This shift introduces a major security and governance problem:

How do we establish trust, enforce scoped permissions, and cryptographically verify the identity of an autonomous, non-deterministic agent?

If a human executes an action, we use SSO and IAM policies. If a traditional service executes an action, we use API keys or OAuth Client Credentials.

But when a self-directing AI agent starts invoking tools dynamically and modifying its reasoning path, it sits in a dangerous gap. It is neither a static service account nor an accountable human.

This article provides a technical and strategic analysis of Kakunin AI—a startup attempting to solve this by building a machine identity and compliance infrastructure layer (“KYC for AI Agents”) using Public Key Infrastructure (PKI). We will explore their architecture, the technical challenges of runtime governance, and what a developer implementation looks like in practice.

The Core Architectural Asymmetry
In any secure enterprise system, actors must be authenticated and authorized. However, there is a massive difference between traditional deterministic systems and modern agentic architectures:

┌──────────────────────────────────────────────┐
│ DETERMINISTIC MACHINE CLIENT │
├──────────────────────────────────────────────┤
│ Input (X) ──► [Static Rules] ──► API Call (Y)│
│ Identity: Static API Key / Client Secret │
│ Audit: HTTP Logs (Static & Predictable) │
└──────────────────────────────────────────────┘

┌──────────────────────────────────────────────┐
│ NON-DETERMINISTIC AI AGENT │
├──────────────────────────────────────────────┤
│ Prompt (X) ──► [Neural Weights] ──► Tool? ──┐│
│ ││
│ Input (Z) ◄── [Tool Invocation] ◄────────────┘│
│ Identity: ??? (Shared API key / Anonymous) │
│ Audit: Complex Chain-of-Thought logs │
└──────────────────────────────────────────────┘
Traditional API keys and IAM scopes are designed for deterministic paths. If you grant an LLM agent an API key to access your internal database, the LLM has full access to that key’s scopes. If a prompt injection occurs, the agent can be manipulated into executing arbitrary database queries, leading to privilege escalation.

Kakunin AI’s Solution: Cryptographic Agent Identity (X.509 PKI)
To address this, Kakunin AI proposes extending standard Public Key Infrastructure (PKI) primitives directly to model instances. Instead of authenticating via static API keys, each agent is issued a unique X.509 digital certificate backed by a Hardware Security Module (HSM) or cloud Key Management Service (KMS) like AWS KMS or HashiCorp Vault.

Biding Identity to Model Provenance
A key innovation in Kakunin’s architecture is binding the certificate directly to the cryptographic hash of the running model’s weights and system prompt.

If a developer alters the model weights, changes the temperature, or updates the system prompt, the running environment’s model hash changes. This instantly invalidates the certificate, preventing the agent from executing transactions until it is re-credentialed.

Mock Agent Certificate Metadata (JSON Representation)
Here is an example of what the metadata bound to an agent’s cryptographic identity looks like inside the Kakunin gateway:

{
"certificate_id": "cert_agent_sha256_8f39b1a2",
"issuer": "CN=Kakunin Internal Agent CA, O=Enterprise Inc",
"subject": {
"agent_name": "ExecutionAgent-ETH-01",
"environment": "production-eu-west-1",
"owner_email": "compliance-officer@enterprise.io"
},
"validity": {
"not_before": "2026-05-20T00:00:00Z",
"not_after": "2026-06-20T00:00:00Z"
},
"extensions": {
"model_provenance": {
"model_type": "Claude-3.5-Sonnet-v2",
"model_weights_sha256": "8f39b1a2cf93e8201a756b1f2304918e7e1f4094a9a01f92e8c21a4f028bde44",
"system_prompt_sha256": "4e1fa0c31ab456de90123f112ab8e89cf12a023b1ab4c089ee21ff34e098df12"
},
"authorized_scopes": [
"query_anonymized_order_book",
"submit_limit_order"
]
}
}
The Zero-Trust Runtime Flow
When an agent needs to execute an action (e.g., submit a limit order to a matching engine), the request goes through an API Gateway acting as a Kakunin Runtime Enforcement Point:

CEA (Agent) Gateway (PEP) Kakunin OCSP (CA)
│ │ │
│── 1. Signed Request ───►│ │
│ (Cert + payload sig) │ │
│ │── 2. Validate Cert ──────►│
│ │◄── 3. OCSP Valid & Match ─│
│ │ │
│ │── 4. Verify Payload Sig ──│
│ │── 5. Check Scopes ────────│
│◄── 6. Order Confirmed ──│ │
Initiate Request: The agent signs the payload (e.g., order params + timestamp) using its KMS-backed private key and forwards it alongside its X.509 certificate.

Certificate Validation: The Gateway intercepts the request, runs an Online Certificate Status Protocol (OCSP) query to check revocation status, and verifies that the certificate’s cryptographic signature matches the CA trust chain.

Model Provance Check: The Gateway verifies that the running agent’s current model weights and system prompt match the hashes embedded in the certificate.

Scope Verification: The Gateway ensures the requested API endpoint matches the authorized_scopes defined in the certificate metadata.

Code Example: Validating Agent Signatures & Model Provenance
Here is a Python code blueprint showing how an API Gateway / Enforcement Point can validate an incoming agent request, including verification of its cryptographic signature and model weight provenance:

import hashlib
from cryptography import x509
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
from cryptography.exceptions import InvalidSignature

Simple database of active, authorized model hashes in production

AUTHORIZED_MODEL_INVENTORY = {
"8f39b1a2cf93e8201a756b1f2304918e7e1f4094a9a01f92e8c21a4f028bde44"
}

def calculate_local_prompt_hash(system_prompt: str) -> str:
"""Calculates SHA256 of the system prompt to prevent prompt injection updates."""
return hashlib.sha256(system_prompt.encode('utf-8')).hexdigest()

def verify_agent_request(
cert_pem: bytes,
signature: bytes,
request_body: bytes,
running_model_weights_hash: str,
running_system_prompt: str
) -> dict:
"""
Validates the agent's signature, matches its X.509 certificate,
and ensures model weights and system prompt have not drifted.
"""
# 1. Load the X.509 Certificate
try:
cert = x509.load_pem_x509_certificate(cert_pem)
except Exception as e:
raise ValueError("Invalid certificate encoding") from e

# 2. Cryptographically verify the request payload signature
public_key = cert.public_key()
try:
    public_key.verify(
        signature,
        request_body,
        padding.PKCS1v15(),
        hashes.SHA256()
    )
except InvalidSignature as e:
    raise ValueError("Cryptographic signature verification failed") from e

# 3. Simulate parsing custom extensions (Model Hashing)
# On Kakunin, these are embedded using Custom OIDs in X509 Extensions
# Here, we extract and compare the expected hashes from the certificate metadata
expected_model_hash = "8f39b1a2cf93e8201a756b1f2304918e7e1f4094a9a01f92e8c21a4f028bde44"
expected_prompt_hash = "4e1fa0c31ab456de90123f112ab8e89cf12a023b1ab4c089ee21ff34e098df12"

# 4. Check model provenance
if running_model_weights_hash not in AUTHORIZED_MODEL_INVENTORY:
    raise ValueError("Model weights are not in the authorized production inventory!")

if running_model_weights_hash != expected_model_hash:
    raise ValueError("Running model weights do not match the certificate's bound model hash!")

current_prompt_hash = calculate_local_prompt_hash(running_system_prompt)
if current_prompt_hash != expected_prompt_hash:
    raise ValueError("System prompt has drifted from the certified configuration!")

# 5. Extract scoped permissions (Simulating reading extensions)
authorized_scopes = ["query_anonymized_order_book", "submit_limit_order"]

return {
    "verified": True,
    "agent": cert.subject.get_attributes_for_oid(x509.NameOID.COMMON_NAME)[0].value,
    "scopes": authorized_scopes
}

Technical Challenges & Strategic Skepticism
While the PKI and signature-verification architecture is elegant, Kakunin faces substantial technical challenges that any developer evaluating the platform must consider.

The Latency Overhead of Cryptographic Handshakes Adding an asymmetric verification step (validating X.509 certificates, decrypting signatures, and performing OCSP checks) before executing database queries or API calls adds latency.

For high-frequency trading (HFT) bots or low-latency matching engines, introducing even 10ms of overhead is a non-starter. Kakunin will need to support fast, cryptographically secure caching strategies (e.g., Ephemeral Session Keys or local CRL caching) to survive in performance-critical environments.

The Non-Determinism Dilemma of Behavioral Monitoring Kakunin claims to go beyond static identity and dynamically monitor “behavioral anomalies” at runtime. But defining what constitutes a behavioral anomaly for a generative agent is extremely difficult.

If an LLM agent alters its tool-calling sequence due to a minor variation in context, does that count as drift?

If the threshold is too tight, developers face false positives that stop production workflows.

If the threshold is too loose, malicious prompt injections or silent adversarial drifts will slip through.

The Trust Bootstrap Cycle Trust systems depend heavily on network effects. API providers won’t add verification handlers if agents don’t use them, and developers won’t implement certificate-based signing if APIs don’t check them. Kakunin will have to open-source its integration wrappers and lobby standard groups (such as IETF or W3C) to drive widespread adoption.

The Broader Picture: AI as an Institutional Actor
The underlying premise of Kakunin AI is that we are moving toward a future where AI systems are no longer just “scripts”—they are quasi-operational institutional actors.

Once an agent can transact money, sign contracts, and access APIs, it requires a verified identity, a human officer of record, and an immutable log of its decisions (the “Rhetoric Audit”).

Whether Kakunin AI survives to define this category depends on how fast the market for autonomous, high-risk agents matures, and how successfully they solve the latency and non-determinism bottlenecks. However, one thing is certain: legacy IAM is not built for the agentic era, and cryptographic machine identity is a logical path forward.

From Vibe-Coding to Data-Driven: Bringing Observability to AI-Built Software

Palash Bagchi — Wed, 13 May 2026 05:28:15 +0000

We’ve all been there. You open Cursor, Claude Code, or Lovable, fire off a prompt like "Build me a Stripe integration with a custom dashboard," and watch the magic happen. It feels like flying—until it doesn't.

Eventually, you hit a wall. Why did that last build break the auth flow? How much did that 4,000-token prompt actually cost you? And more importantly: Are you actually getting better at prompting, or just getting lucky?

As we move into the era of "AI-native" development, we’re missing a critical piece of the stack: Observability.

Enter Fabbrik.

The "Black Box" Problem in AI Dev

Traditional software has Datadog, New Relic, and Sentry. We monitor our APIs, our databases, and our frontend latency. But when the "developer" is an AI model, the "build process" becomes a black box of prompts, hidden costs, and varying code quality.

Fabbrik is the first End-to-End Observability Platform designed specifically for software built with AI. It treats your prompts like code and your AI sessions like production logs.

How It Works: The Blueprint to Build Pipeline

Fabbrik doesn't just watch you code; it helps you structure the entire lifecycle of a SaaS product.

1. The Build-Ready Blueprint

Before you even touch a code editor, Fabbrik generates a complete technical blueprint. We're talking architecture, stack selection (e.g., Node.js + PostgreSQL + React), and implementation guides. It turns a "vague idea" into a "buildable plan."

2. Claude Connect: Terminal-Level Tracing

This is the "killer feature" for power users. By dropping a single command into your terminal:

curl -sSL fabbrik.us/install | bash

Fabbrik hooks into your ~/.claude session. It logs every prompt, response, and token cost in real-time. It then grades every turn against Claude's official best practices, giving you a specificity score and tips to improve.

3. GitHub Observability

Every push to GitHub is a data point. Fabbrik connects to your repo (read-only!) to track:

Prompt-to-Prod Speed: How long did it actually take to ship that feature?
Revision Rates: Which features required the most "do-overs"?
Cost per Feature: Exactly how much did that dashboard cost in API credits?

The Results: Real Data from the Field

According to Fabbrik’s latest v3 data, developers using the platform see some pretty wild efficiency gains:

Metric	Direct AI Prompting	With Fabbrik v3
Avg. Iterations per MVP	4–6	1–2
Setup Time (New Dev)	3–5 Days	4–8 Hours
Cost per SaaS Build	$40–$60	$15–$25
Prompt Clarity	Baseline	+35% Improvement

"I stopped guessing. After connecting GitHub, I saw that Fabbrik saved me $247 in Q1 alone. Real numbers, not estimates." — Sarah Chen, Founder at NovaTech

But... Is My Code Safe?

As developers, we’re (rightfully) paranoid about security. Fabbrik is built with a Privacy-First philosophy:

Read-Only Access: It cannot write or delete your code.
Metadata Only: It stores commit messages, file paths, and line counts. It never stores your actual source code.
No Training: Your data is never used to train models.

The Verdict: Why You Should Care

We are moving away from the "wild west" of AI coding. If you want to build professional-grade software with AI, you need professional-grade tools to measure it.

Whether you’re a solo founder using Replit or a CTO overseeing a team using Cursor, Fabbrik gives you the "Report Card" you need to prove your ROI and ship better code, faster.

Are you ready to see what’s actually happening inside your AI builds?

Check out Fabbrik.us and get your first blueprint started today.

What’s your current AI coding workflow? Are you team Cursor, Claude Code, or something else? Let’s talk in the comments!

What is the best way to build a simple AI chat support for my website, that can use my website, and blog as a KB, and actively assist customers via a chat interface?

Palash Bagchi — Fri, 08 May 2026 04:36:30 +0000

Beyond the Fact: Rhetoric Audit as the Forensic Cockpit for Cognitive Defense

Palash Bagchi — Wed, 22 Apr 2026 04:38:43 +0000

In the current era of algorithmic echo chambers and high-velocity narrative drift, the danger to our shared reality is no longer just the "fake fact." We have entered the age of "Deepfakes of the Mind," where the primary threat is not a forged image or a falsified quote, but the very architecture of the stories we consume. Traditional fact-checking tools, while noble, are increasingly inadequate; they audit the surface-level claims while ignoring the underlying DNA of persuasion[cite: 3126, 3133].

Rhetoric Audit (RA)—a PhD-level discourse analysis engine designed to move beyond binary "true/false" markers into the realm of Qualitative Quantification. By framing Rhetoric Audit as an AI safety layer, a prompt auditing system, and a bias detection pipeline, developers and researchers can deploy a "Cognitive Firewall" capable of unmasking state-sponsored spin and corporate narrative manipulation in real-time.

I. The Logic of Forensic Media Evaluation (Logos)

At the core of Rhetoric Audit lies the Forensic Media Evaluation (FME) framework. Unlike standard sentiment analysis that merely reads "vibe," the FME framework performs a deep-layer deconstruction of text to identify strategic intent and rhetorical DNA.

1. The 13-Parameter Audit

Rhetoric Audit does not just "read" an article; it performs an autopsy across 13 distinct parameters. This includes measuring Logical Consistency, Polemic Intensity, and Empirical Proof. By breaking a narrative down into its genetic markers, RA allows analysts to see the psychological levers being pulled before they bypass their cognitive filters[cite: 1436, 11068].

2. Webb’s Depth of Knowledge (DOK)

To distinguish between surface-level reporting and deep strategic intelligence, RA integrates Webb’s Depth of Knowledge (DOK) levels.

DOK-1 (Recall): Basic reporting of "who, what, where"[.
DOK-2 (Apply): Summarization and categorization without deep synthesis.
DOK-3 (Strategic Thinking): The "sweet spot" for intelligence, requiring causal modeling and the defense of positions against counterarguments.
DOK-4 (Extended Thinking): High-level synthesis that connects disparate domains, such as linking geopolitical shifts to long-term economic trends.

[cite_start]This hierarchy allows professional analysts—such as Geopolitical Risk Consultants and OSINT Specialists—to prioritize high-rigor content while filtering out low-value "regurgitated" news[cite: 12631, 7226].

II. The Pathos of Cognitive Defense (Pathos)

[cite_start]The information environment of 2026 is a battlefield where "credibility is currency"[cite: 3037]. [cite_start]For the individual, the pain point is "Source Fatigue" and the constant anxiety of being manipulated by unseen hands[cite: 6824, 12666].

[cite_start]Rhetoric Audit addresses this emotional friction by providing an "Aha!" moment of clarity[cite: 3727, 4644]. [cite_start]It positions itself as the partner for those tired of "guessing" at bias and ready for "knowing" the truth of a structure[cite: 1453, 3600]. [cite_start]The tool’s Propaganda Index and Pathos Alerts flag emotional loading and coordinated hashtag campaigns, protecting users from the "Disproportionate Contagion" of artificial narratives[cite: 4623, 11068].

III. The Ethos of PhD-Level Rigor (Ethos)

Credibility is built on transparency and technical accuracy. Rhetoric Audit establishes its Ethos through:

[cite_start]Academic Grounding: The tool is built by Palash Chandra Bagchi, bridging the gap between critical theory and high-speed computation with the analytical rigor of a Humanities PhD[cite: 6681, 11077].
[cite_start]Technical Benchmarks: RA boasts 96.7% accuracy on corpus-validated political leanings[cite: 11067].
[cite_start]Institutional Triangulation: By cross-referencing high-velocity social signals (the "Adversaries") with institutional ground truths like SEC EDGAR filings and Yahoo Finance, RA detects "Rhetorical Dissonance"[cite: 4622, 4735, 4810]. [cite_start]This source hierarchy (SEC: 98/100 weight, Yahoo: 92/100) ensures that boardroom reality is never drowned out by social media noise[cite: 4334, 7796].

IV. RA as an AI Safety Layer

In the development of large language models (LLMs), "alignment" is often synonymous with politeness. However, true AI safety requires a layer that can detect when a model—or the data it is trained on—is being used to disseminate coordinated propaganda.

Rhetoric Audit acts as this safety layer by:

[cite_start]Detecting Coordinated Behavior: RA identifies "temporal clustering" (multiple posts appearing within minutes) to unmask bot-driven amplification campaigns[cite: 4599, 4811].
[cite_start]Strategic Silence Detection: Perhaps its most powerful feature, RA doesn't just audit what is present; it identifies what has been tactically omitted to shape public opinion[cite: 3039, 11069]. [cite_start]Identifying what is missing is the hallmark of professional intelligence work[cite: 7216].

V. RA as a Prompt Auditing System

[cite_start]For developers building agentic workflows, Rhetoric Audit serves as a Universal Normalizer and logic auditor[cite: 4628, 4709].

[cite_start]The Universal Schema: Every signal, whether from X, Reddit, or SEC filings, is reshaped into a strict NormalizedSignal schema before touching the LLM[cite: 4369, 7822]. [cite_start]This prevents "Schema Chaos" and ensures the analysis engine receives clean, high-fidelity data[cite: 4632].
[cite_start]Dissonance Gauges: The system can be programmed to flag "High Rhetorical Dissonance" when social sentiment (e.g., "Anger" on Reddit) clashes with corporate stability reported in official filings[cite: 4721, 4811].

VI. RA as a Bias Detection Pipeline

[cite_start]The RA Bias Spectrum Mapping provides a granular look at the ideological framework of any text, moving from "Far Left" to "Far Right" with precision[cite: 11067].

[cite_start]Ideological Coding: The pipeline identifies the underlying worldview (e.g., Neoliberalism, Realism) used by an author to filter facts[cite: 3984, 7437].
[cite_start]The "Expert vs. Adversary" Polarity: By calculating a "Narrative Asymmetry" score, RA determines if the news cycle is ignoring a risk that is already trending in "adversarial" social communities[cite: 4643, 4772].

Conclusion: The Expert in the Room

[cite_start]Rhetoric Audit is not just another browser extension; it is a Forensic Cockpit for the information age[cite: 12706, 7799]. [cite_start]It transforms a "Report" into a "Forensic Presentation," providing the "So what?" that high-stakes decision-makers—from Portfolio Managers to PR Strategists—require to navigate a volatile world[cite: 4047, 4053, 7600].

[cite_start]For the developer, RA offers a stable, provider-agnostic architecture (utilizing Supabase, Apify, and RapidAPI) that can out-iterate competitors by focusing on the "logic pathology" of persuasion[cite: 3825, 8705, 8710]. In a world of noise, Rhetoric Audit is the tool for those who refuse to be manipulated. Stop Reading. [cite_start]Start Auditing.[cite: 3127, 6581].