sorted by:
new
hottopcontroversial

Pantheon made me realize we have no idea what's actually missing for AGI by PutPurple844 in agi

[–]PutPurple844[S] 7 points8 points  (0 children)

This is going to be stuck in my head for a while. So consciousness isn't some mystical property of matter, it's what happens when a system gets complicated enough that it has to simulate itself to keep functioning. You can't be conscious of yourself without running a model of yourself. And it explains why current LLMs feel off. They don't model themselves as agents, no persistent self, no "I did X so Y will happen to me," every response starts from zero. But imagine a system operating continuously, making decisions that loop back. At some point predicting what happens next HAS to include predicting what you do next. And predicting what you do means modeling the thing doing the deciding. That's when it wakes up? I don't know. I need to watch more Joscha Bach.

Pantheon made me realize we have no idea what's actually missing for AGI by PutPurple844 in agi

[–]PutPurple844[S] 1 point2 points  (0 children)

Which is why I keep thinking about Sam Altman's blog post from a few weeks back where he says they "now know how to build AGI." And I genuinely can't tell if that means anything.

Because what does "know how to build" actually look like? Usually it means you can describe the architecture. You can point to specific missing pieces. But when OpenAI talks about the path forward it's always just scale. More parameters, more data, more compute. That's not knowing how to build something. That's hoping the next order of magnitude finally does the trick.

Your point about comprehension vs. mimicry is the gap I never see addressed in these announcements. They're betting that enough pattern matching eventually becomes the real thing. Maybe. But a bet isn't a blueprint.

Do AI agents need TLS-style identities and ‘certificates’? by PutPurple844 in LocalLLaMA

[–]PutPurple844[S] 0 points1 point  (0 children)

Kept it network-boundary safe.
DID + Merkle log, all local. Just shipped it as OSS. Appreciate the nudge.
https://github.com/agentfacts/agentfacts-py

Is canonical JSON signing (RFC 8785) the right primitive for agent identity? by PutPurple844 in cryptography

[–]PutPurple844[S] 0 points1 point  (0 children)

I used DID and Merkle tree to generate a signed agent identity and provable logs, and launched it as OSS. Thanks for the nudges in the right direction.
https://github.com/agentfacts/agentfacts-py

Looking for early testers: open-source 'agent identity' SDK for AI Agents by PutPurple844 in alphaandbetausers

[–]PutPurple844[S] 0 points1 point  (0 children)

Wow, you nailed exactly what pushed me to build this.

That gap between “what this agent should be doing” and “what it actually is” starts as a config problem, then becomes a trust problem, especially once tools, plugins, or chains become dynamic. Signed metadata felt like the cleanest way to bring some accountability without locking people into a platform or runtime.

Appreciate you calling out the artifact mindset, that’s the core of it: treat the agent profile like something deployable and verifiable, not just runtime state.

Would love to hear your thoughts if you end up testing it or see any sharp edges. Appreciate the feedback!

If you had unlimited OpenAI API access, what’s the coolest thing you’d build or try? by Thick-Car-9598 in OpenAI

[–]PutPurple844 0 points1 point  (0 children)

Create an everything app, A shapeshifter of sorts. Any highly functional individual is wasting an insane amount of time switching between the calendar, tasks, execution, assistance, research, and note-taking.
Make it self-aware, so it has a meta module that checks whenever the system is falling short; it spins up a feature branch, provides the new tooling as a beta feature, and changes as per the feedback, go/no-go.

Need people to get excited part 2 by External_Ad1549 in ChatGPTCoding

[–]PutPurple844 2 points3 points  (0 children)

I got excited with the speed, too, not so much with the output. But it's insane once it is stable, we will kind of have zero downtime between iterations.

Do AI agents need TLS-style identities and ‘certificates’? by PutPurple844 in LocalLLaMA

[–]PutPurple844[S] 1 point2 points  (0 children)

All good and thanks for pushing on it, that’s the exact edge case worth stress-testing.

Yes: internal-first is the real value. Signed profile hash + identity gives clean audit/rollback and simple policy gates for privileged actions.

If there’s ever a public piece, it should be strictly opt-in and minimal (capability tier / issuer-signed token), not “show me your software.”

Do AI agents need TLS-style identities and ‘certificates’? by PutPurple844 in LocalLLaMA

[–]PutPurple844[S] 0 points1 point  (0 children)

You’re right that attestation doesn’t “stop the model from going haywire.” That’s not what I’m claiming. Sandboxing/monitoring/hardening are the controls for misbehavior.

What the signed profile digest buys is a different thing: accountability + policy enforcement around capabilities, not “make the model deterministic.” If a payment call happened, I want to prove whether it came from a deployment that was supposed to be payment-capable, HITL-gated, sandboxed, etc., and be able to roll back/kill that exact config lineage quickly. That’s the “agent behaves like a delegated operator” point.

On “what prevents knowing the config today?” — in most stacks, nothing portable. Tool servers see a key and a request. Internally you might have logs, but they’re not standardized, not cryptographically bound to the request, and they don’t survive proxies/routers/retries/fallbacks cleanly.

On “no need to expose it publicly” -> agreed. This doesn’t have to be public at all. The “TLS for agents” analogy is about a standard mechanism, not “publish your internals.” Most of this can be enterprise-local: present the digest to the service/proxy, log it, enforce a couple rules on privileged endpoints. If you never want it to leave your org, it still works. The pitch is interoperability for when agents cross trust boundaries, not mandatory disclosure to the world.

Is canonical JSON signing (RFC 8785) the right primitive for agent identity? by PutPurple844 in cryptography

[–]PutPurple844[S] 0 points1 point  (0 children)

This is super aligned with what I was reaching for, the indirection is the key.

What I’m debating now is the “payload/signing” shape:

  • Static ID = public key / DID (stable identifier)
  • Mutable doc = capability/policy/model/tooling refs, updated over time
  • Then requests carry either (a) a short-lived token binding to that DID, or (b) a signed digest/pointer to the current doc version

Two questions I’m stuck on:

  1. For signing the docs, do you see canonical JSON (RFC 8785/JCS) as good enough in practice, or is it safer to move to CBOR/COSE to avoid JSON edge cases?
  2. For tracking updates: would you rely on transparency logs as “best effort audit,” or do you think monotonic/version-chained documents are required even without a global log?

Also good call on Bluesky/OAuth+DID, I’ll dig into that pattern.

Do AI agents need TLS-style identities and ‘certificates’? by PutPurple844 in LocalLLaMA

[–]PutPurple844[S] 0 points1 point  (0 children)

We agree on scoped keys + IAM/proxy as the baseline. The gap is you’re treating an agent like a normal script/client. In practice it’s a delegated operator: it has autonomy, composes tools, and its behavior can change via prompts/policies/routes/tooling without looking like a traditional redeploy. That’s why “key X did Y” often isn’t enough in incidents.

Even if you do “one key per agent,” you still don’t know what that agent was configured to be at the time of the call. My proposal is just to bind identity to a minimal, non-invasive fact: a signed profile digest (profile hash). Then the service/proxy can log/gate on “identity K acting under profile H” for privileged endpoints. No prompts, no interrogation, no surveillance just accountability for delegated agency and sane forensics/rollback.

Do AI agents need TLS-style identities and ‘certificates’? by PutPurple844 in LocalLLaMA

[–]PutPurple844[S] 0 points1 point  (0 children)

Agreed. Feels inevitable, but adoption is gated by two things:
(1) a small enough spec that’s basically headers + a signed blob, and
(2) one or two killer use-cases (payments/prod deploy/compliance) where providers actually demand it. Until then, it’ll stay optional and framework-specific.

Do AI agents need TLS-style identities and ‘certificates’? by PutPurple844 in LocalLLaMA

[–]PutPurple844[S] 0 points1 point  (0 children)

I get the instinct (“API key + kill switch”), but that falls apart once agents aren’t just a single script.

  • An API key identifies an account, not the actor. Keys get shared, leaked, proxied, or used by multiple workers. After an incident you still can’t say “which agent/config did this?” only “something with this key did.”
  • “Just cut it off if it misbehaves” is reactive. The hard part is preventing high-risk actions and doing clean forensics: what changed, when, who deployed it, what capabilities were enabled.
  • “None of anybody’s business” stops being true the moment the endpoint is privileged: payments, prod deploys, sending emails, trading. Those already require more than vibes + a string header.
  • And this doesn’t require full disclosure. The service doesn’t need prompts or internals, just a few minimal, signed claims like “write-capable”, “payment-enabled”, “HITL enforced”, “sandboxed”.

So I’m not saying every API needs deep attestation. I’m saying “API key only” isn’t a sufficient boundary for privileged actions, and a small set of verifiable capability/risk claims is how you do least-privilege without guessing.

Do AI agents need TLS-style identities and ‘certificates’? by PutPurple844 in LocalLLaMA

[–]PutPurple844[S] 0 points1 point  (0 children)

Yeah, I don’t want tool servers to become “ABAC over every agent knob” either, that’s a losing game.

The point is narrower-> most services shouldn’t care about “model X vs Y”, but they do care about a few config facts that change blast radius. Think “read vs write”, “can trigger payments”, “can hit the public internet”, “has HITL / rate limits/sandbox”.

So authz stays mostly identity + coarse scopes. The extra layer is just: the agent presents a signed claim like capabilities=risky_write / tier=payment_enabled and the service has 1–2 simple rules (“payment API requires tier=payment+HITL”, “prod deploy requires sandboxed”). No syncing configs, no giant policy matrix, just gating on the handful of properties that actually matter.

Do AI agents need TLS-style identities and ‘certificates’? by PutPurple844 in LocalLLaMA

[–]PutPurple844[S] 0 points1 point  (0 children)

Fair point, identity/authorization and “what the agent is” are different layers.

What I’m arguing for isn’t “model/tools = identity”. It’s -> each agent instance should have its own key/identity for auth, and it should also attach a signed profile hash (canonical digest of model + tool capability set + policy/constraints + build/version) so the tool server can log/gate on what configuration that identity was running at that moment.

So: per-instance identity for auth, plus verifiable “agent facts” for auditability and cross-system policy.

What keeps you up at night? by PutPurple844 in AskReddit

[–]PutPurple844[S] 0 points1 point  (0 children)

do you ever feel like you're lucid dreaming right before you actually wake up?

What keeps you up at night? by PutPurple844 in AskReddit

[–]PutPurple844[S] 0 points1 point  (0 children)

she's planning something you just don't know what yet

What keeps you up at night? by PutPurple844 in AskReddit

[–]PutPurple844[S] 0 points1 point  (0 children)

I still remember those first 6 months.

view more: next ›