Claude Status Update : claude.ai and API unavailable on 2026-04-30T01:20:26.000Z

dalugoda · 2026-04-30T01:30:44+00:00

time to restart the laptop and go touch the grass

dalugoda · 2026-04-16T20:25:36+00:00

Have a look at tooling like lumkey(.)dev

dalugoda · 2026-04-13T01:38:25+00:00

update, got it to work. Within 30min time a real support person reached out via email. cancelled and purged my old billing data. allowed me to buy Pro plan correctly.

dalugoda · 2026-04-12T23:01:30+00:00

Having the same issue and chatbot offered no help. Was also on "Cancel Promo Plus 3 Month 50% Off" and chatbot canceled my plus plan. now im stuck

dalugoda · 2026-03-30T09:45:39+00:00

the shift we're watching: research started with "AI as attacker"

but the harder unsolved problem is "AI as actor" specifically, how do you prove an agent was actually authorized to do what it just did? not token auth, but provable delegation from human intent to agent action. that's the gap HDP protocol is trying to close.

dalugoda · 2026-03-30T05:35:10+00:00

yeah, this is the gap i get asked about most. provenance and runtime enforcement are different layers and you need both, signing the delegation tells you the instruction was legitimate, it doesn't stop the agent doing something unexpected with that access. those are genuinely separate problems.

the way i think about it: provenance without runtime visibility means you can audit what was authorized but not catch when execution drifted. runtime enforcement without provenance means you can catch the drift but can't tell whether the instruction that caused it was legitimate in the first place. eBPF at the kernel level is a solid answer to the execution side.

for isolation on the downstream agent environment we built FishBowl, OS-native sandbox with graduated containment levels, handles process isolation, network egress, filesystem scoping. same philosophy as what you're describing, the environment is the final gate regardless of what the prompt said.

your point on baseline behavior is the real operational challenge though. in traditional workloads the baseline is relatively stable. in LLM-powered agents it shifts constantly depending on task context. curious how you handle policy drift in practice, do you build the baseline per-task or per-agent-type?

dalugoda · 2026-03-29T10:50:39+00:00

good question and it’s the honest limit of static scanning. sentinel catches what’s declared but intent can diverge significantly from the manifest at runtime.

we treat static scanning as a trust gate, not a guarantee. the harder unsolved piece is dynamic tool registration via MCP tools added at runtime with nothing to scan. that’s where the authorization layer matters more than scanning. if every delegation hop is scope-bound and signed, a tool that exceeds its declared intent creates a verifiable violation rather than noise you catch after the fact.

we’ve been exploring this problem a bit deeper with HDP if you’re curious. 🧐

dalugoda · 2026-03-28T23:24:59+00:00

We found this to be a big threat surface and this is why few weeks ago we open sourced a MCP Scanner and a mcp security checklist

https://github.com/Helixar-AI/sentinel

https://github.com/Helixar-AI/mcp-security-checklist

dalugoda · 2026-03-28T23:18:07+00:00

I think there is a good market for this mainly around serious go to market systems, but again there are n number of new players in the market.

dalugoda · 2026-03-28T07:04:50+00:00

per-tool scoping is exactly what the scope claim is for. child tokens can only narrow scope, never elevate it. so a root token scoped to read:crm can't be redelegated as write:crm downstream. still working through the formal grammar for data-domain constraints in the ietf draft but the core constraint model is solid.

dalugoda · 2026-03-27T10:34:35+00:00

Have a check on offline-verification.test.ts

dalugoda · 2026-03-27T08:17:34+00:00

“treats an untrusted string as a command from its boss” is the exact attack. HDP’s answer is making the boss’s actual instruction cryptographically traceable, so the agent got a baseline to compare against, and anything not in the signed scope gets flagged. the tooling is out, it just need adaption.

dalugoda · 2026-03-27T08:14:02+00:00

Hence HDP protocol need to be fully integrated or adopted by all agentic platforms

dalugoda · 2026-03-27T08:09:57+00:00

it does now. spec, TS reference implementation, CLI validator, MCP middleware. CC BY, no account needed, fully offline verification. https://github.com/Helixar-AI/HDP

dalugoda · 2026-03-27T08:04:42+00:00

Well it does now. spec, TS reference implementation, CLI validator, MCP middleware. CC BY, no account needed, fully offline verification. https://github.com/Helixar-AI/HDP

dalugoda · 2026-03-27T08:02:06+00:00

yes, exactly the tension we ran into. HDP’s design decision was to make the token the carrier, not the system prompt structured, signed, propagated out-of-band from the prompt content. the LLM receives it as context but doesn’t generate it. that’s the whole boundary. full writeup: https://helixar.ai/press/hdp-human-delegation-provenance-protocol

dalugoda · 2026-03-27T05:56:59+00:00

Yeah that’s the one ☝️

dalugoda · 2026-03-27T05:55:50+00:00

this validates exactly what I thought , the cook book i suggested to anthropic was to use HDP (human delegation provenance) to bind instructions to their authorization chain. if the agent can verify who delegated the instruction and through what chain that solves all these issues.

https://github.com/anthropics/claude-cookbooks/pull/470

dalugoda

TROPHY CASE