Amin HasbiniTools
Nine working reference implementations that operationalize the PQC and AI Agent Security thesis. Each runs live, demonstrates a specific structural argument, and can be extended for enterprise pilots.
| Tool | Lane | What it answers |
|---|---|---|
| Meetade | Live PQC | Live PQC adoption, in a browser, in production |
| PQC Scanner | PQC readiness | Harvest-now exposure, first migration wave |
| Agent-CBOM | Agent crypto-agility | Which agent channels inherited a classical posture |
| Agent Identity Platform | AI Agent Security | Authenticate, authorize, communicate |
| Maturity Assessment | AI Agent Security | Where the organization stands today |
| AgentTrustLab | AI Agent Security | ZKP + PQC agent-to-agent proof |
| Papers Research Assistant | AI Agent Security | Ask the paper series, audit by construction |
| Predict-then-Permit | Agent authorization | Authorize on what an agent is about to do |
| DomainWatch | Threat surface | External impersonation and lookalike risk |
Live PQC deployment
Meetade . Browser-native conferencing on post-quantum TLS
Reference deployment of meeting infrastructure running X25519MLKEM768 hybrid key exchange on the TLS 1.3 control plane today (RFC 9794, FIPS 203), with per-frame MLS media keys (RFC 9420) the signaling server never sees. Cloud-portable primitives, ready for sovereign-cloud migration with no code changes. Answers the executive question: what does live PQC adoption actually look like, in production, in a browser? Access by invitation.
PQC readiness
PQC Scanner
Reference scorecard measuring post-quantum readiness at CAC40 scale. Inventories classical primitives still in use, surfaces crypto-agility gaps, and benchmarks enterprise PQC maturity against a public leaderboard. Answers the executive question: how exposed are we to harvest-now-decrypt-later, and where is the first migration wave?
Agent crypto-agility
Agent-CBOM . Crypto-agility inventory for AI agents
Reference implementation of the agent-channel profile of the Cryptographic Bill of Materials. Inventories each agent across its three cryptographic surfaces (channel, identity, receipt), scores them for post-quantum agility, and emits a standard CycloneDX CBOM. Answers the executive question: which of our agents’ channels are inheriting a classical quantum posture, and can we change it? Bilingual EN/FR.
AI Agent Security (three-pillar framework)
The next three tools operationalize the framework developed in Paper #1, Agents Are Not Service Accounts . Each maps to one pillar of agent security in regulated environments.
Agent Identity Platform . Authenticate, Authorize, Communicate
Reference implementation of the three-pillar governance flow. Register an agent, issue it a per-agent cryptographic identity (ML-DSA-65 SAN marker), define its authorization policy, and watch it call other agents under an auditable call graph. Demonstrates the authentication and audit-trail failure modes of shared-key / service-account patterns.
AI Agent Security Maturity Assessment . Where does your organization stand?
Reference diagnostic for agent identity, authorization, and communication maturity. Three-pillar scoring produces a readiness heatmap and the Monday-morning actions to close the gaps. Designed for CISO + Head of AI pairs facing EU AI Act, NIS2, and DORA alignment questions.
AgentTrustLab . ZKP + PQC simulator
Reference simulator for agent-to-agent authentication under Zero-Knowledge Proof and Post-Quantum Cryptography constraints. Tests what happens when agents need to prove identity and policy compliance to each other without revealing sensitive credentials, on primitives that survive quantum adversaries.
Papers Research Assistant (Beta) . Live AAC reference
Live conversational reference implementation of the three-pillar framework in production. A research assistant grounded in the paper series, project document, and public track record, accessible via the floating “Ask” button on every page of this site. The assistant operates an explicit scope guard (pre-flight classification of every visitor question), citation chain (every substantive claim cites retrieved source content), PII redaction on the audit log, per-visitor rate limit, and daily cost cap. Visible demonstration of audit-by-construction: the architectural commitment is that any answer the assistant gives can be traced to the chunk of source content that produced it.
Agent authorization (world-model trust)
Predict-then-Permit . World-model trust layer for AI agents
Reference implementation of a predict, permit, prove authorization flow: before an agent acts, a world model anticipates the consequences, the action is permitted or blocked against policy, and a verifiable record is left behind. Answers the executive question: how do you authorize an autonomous agent on what it is about to do, not only on who it is?
Threat surface monitoring
DomainWatch
Reference monitoring surface for domain-impersonation risk across 5,452 enterprises. Surfaces typo-squat, homoglyph, and newly registered lookalike domains that precede phishing and brand-abuse campaigns. Complements the identity stack with an external-attacker-view layer.
All nine run as reference implementations: eight are open public references, and Meetade is access by invitation. For enterprise pilots, integration into internal IAM / crypto-inventory / SOC stacks, or extension into a named capability inside your organization, see Work together or the Project document .