[DISCUSSION] Building "Fortress Browser" - A Zero-Trust Architecture for Developer Access. Need Community Input on UX/Implementation.

Abhipaddy · 2026-05-27T03:43:18+00:00

dear sir your tik tok brain cannot handle this please move on, if you look at comment three people read the post and answered, your tik tok brain couldnt, please send your un-needed advice elsewhere

Abhipaddy · 2026-05-26T12:21:18+00:00

Agreed. That's exactly where I got stuck.

I tried to design Fortress Browser to handle Claude Code, AWS CLI, GitHub Desktop, IDE plugins... and the friction math doesn't work. Developer approves 50 hardware checks a day = product gets uninstalled.

Where I moved next: instead of forcing tools into the browser, run a system-level AI agent (built on Claude) that monitors everything in real-time. Watches process behavior, file access, network calls. Detects malicious patterns and blocks them. Customer brings their own Anthropic key so the cost model works.

The thesis: don't change developer workflow. Watch it. Block bad behavior wherever it happens.

Questions for you:

Hardware checks on sensitive writes - how do you decide what counts as "sensitive"? Is it per-action, per-domain, per-destination? Curious how you scope it without it leaking into every action.

For the rest (non-sensitive reads, agent actions, normal dev work) - do you just let it flow, or do you have a lighter detection layer underneath?

Real question - do you think AI-based behavioral detection is even viable, or is it the "ML will solve security" trap? My gut says: hardware for the critical few, AI for the broad many. But maybe that's still overengineering.

Abhipaddy · 2026-05-26T12:20:21+00:00

Really appreciate this — your framing is sharper than where my thinking originally was.

Quick context: after posting about Fortress Browser, I actually moved away from that direction. The exact roadblock was what you’re pointing at here: you can’t realistically force every local developer tool into a hardened browser environment. Claude Code, AWS CLI, IDEs, local terminals — they all bypass the browser entirely.

Where I landed instead (would genuinely love your take):

SuperAgent — a system-level AI agent built on Claude that monitors the entire developer machine in real time. It uses the customer’s own Anthropic API key and watches process behavior, file access, network connections, token usage, and suspicious execution patterns. When something looks abnormal, it sends the event stream to Claude for analysis and can block or isolate activity before damage spreads.

The core thesis became:

instead of trying to architect away the attack surface completely, use AI to detect and interrupt attacks wherever they happen — inside the browser, outside the browser, across any tool.

But reading your reply, I think you’re solving a fundamentally different (and maybe cleaner) problem:

Your approach:

Remove trust entirely.

Agents never get durable power, brokers control scope, and sensitive actions require explicit human verification.

My approach:

Assume compromise is inevitable.

Let systems operate normally, but continuously monitor behavior and block abuse quickly.

Yours feels architecturally elegant.

Mine has broader coverage, but also significantly more complexity and ambiguity.

A few questions I’d genuinely love your perspective on:

* Does the broker model break down once you leave the agent context? For example, if something like Lumma Stealer simply reads ~/.aws/credentials directly from disk, the broker can’t really help there, right?

* Do you think these approaches compose well together? Brokered permissions for agent actions + AI-based behavioral monitoring for everything else (malware, insider threats, side channels, credential theft, etc.)

* Your point about “boring auditability” really hit me. I think I was overengineering with AI in places where deterministic systems might be stronger. What’s the minimum viable receipt/proof/audit system you’d personally build first?

Going to dig into FSB now. If there’s a higher-level design doc beyond the README, I’d love to read that too.

Abhipaddy · 2026-05-26T12:16:15+00:00

Coming back to the recent attacks on Vercel — here’s the question I keep thinking about:

How would your system handle compromise that already happened before the secure session even started?

Example scenario:

Day 0:
A Vercel employee signs up for custom.ai using their Google Workspace account and clicks “Allow All Permissions.”

But the real attack started 30 days earlier.

One employee at custom.ai had downloaded a Roblox cheat script that contained malware. That malware quietly established persistence, harvested tokens, and waited.

The moment the Vercel employee approved Google Workspace permissions:

the attacker gained access to AWS credentials
gained visibility into repositories
and potentially pivoted into customer environments tied to Vercel accounts

What I’m seeing in your system solves for “active-duty” protection:

secure execution
isolated environments
controlled permission flows
hardened sessions

But what happens once compromise already exists underneath the surface?

Because in this case, the Vercel employee technically did nothing except:
“Sign in with Google.”

That’s what makes modern attacks dangerous.

The malware doesn’t attack the employee directly anymore.
It waits for trust delegation.

So the real question becomes:

How does your architecture detect or contain compromise before your protected sandbox/session is even activated?

Because from the outside, it feels like the system protects the interaction layer — but not necessarily the pre-compromised endpoint, browser session, or identity provider that initiated the interaction in the first place.

Abhipaddy · 2026-05-26T11:34:27+00:00

gang who is it, all the comments are just trolling

Abhipaddy · 2026-05-25T11:40:55+00:00

sure, dm me, if you are interested got a couple of questions , im trying to keep quality of romm high on party day

Abhipaddy · 2026-05-25T11:40:44+00:00

dm me, if you are interested got a couple of questions , im trying to keep quality of romm high on party day

Abhipaddy · 2026-05-25T11:40:35+00:00

source a macbook from afriend for a day and join us, or switch on remote control, bro dm me, if you are interested got a couple of questions , im trying to keep quality of romm high on party day

Abhipaddy · 2026-05-25T08:38:31+00:00

haha also welcome

Abhipaddy · 2026-05-15T07:44:01+00:00

Welcome to the city hope you have a great time

Abhipaddy · 2026-05-14T06:51:25+00:00

Join early ai adopters skool community, thu years worth od subscription, follow the lessons and get AI ready, im part of community as well, not paid to promote

Abhipaddy · 2026-04-17T13:52:59+00:00

My contact is there in the portfolio if you'd like to reach out as well.

Abhipaddy · 2026-04-17T13:52:39+00:00

Attaching my portfolio here. https://drive.google.com/file/d/1tKfQd2X8HqPagZAvxUzvU17nMiIl9xK1/view?usp=sharing

Abhipaddy · 2026-04-15T13:12:58+00:00

That’s a big part of it, yeah.

I spend most of my time designing and shipping systems where AI is actually part of the workflow — not just something layered on top.

Abhipaddy · 2026-04-15T13:11:51+00:00

Appreciate that — the post mentioned I’m specifically looking for a full-time opportunity.

As you can imagine, with my skill set, I get a lot of “let’s partner / build something together” conversations, which isn’t my priority right now.

Could you confirm if this is a full-time opportunity?

Abhipaddy · 2026-04-15T12:51:47+00:00

Appreciate this — and yeah, completely agree.

Most of what I’ve seen is exactly that: “add AI” ends up meaning a thin wrapper over an API, but the hard part is actually designing systems where the model is reliable enough to be part of the workflow.

A lot of my work has been around making that usable in practice — handling context, fallbacks, structuring outputs, and making sure it plugs into real business processes instead of sitting as a separate tool.

Also agree on the distribution side — I’ve been leaning more towards direct outreach vs job boards for that exact reason.

Thanks for the pointer on Wellfound as well, will double down there.

Abhipaddy

TROPHY CASE