Skip to content
View Mayur021's full-sized avatar

Block or report Mayur021

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Mayur021/README.md

Mayur Agnihotri — Agentic AI Security and Decision-Rights

OWASP Standards License Experience Lane

Head of Threat Research · Agentic AI Security & Decision-Rights · AI SOC + OT/ICS · SecOps · Board Member


🎯 Focus

Working on the architectural floor for AI agents that take irreversible actions. The thesis in one line: investigation is reversible, actuation is not — and the gate for the write side has to be code the agent cannot reach, evaluating a manifest the agent cannot rewrite.

Three primitives carry the architecture:

manifest.action_class    = "irreversible"   // declared upstream by publisher
deterministic.gate       = outside_loop      // code the agent cannot reach
worst_case.chain_rule    = governs_chain     // composed actions inherit the worst class

Twelve-plus years across threat research, AI-driven SOC detection and response, OT/ICS security, cyber-range exercise design, cyber-crime investigation, and web/mobile/application security.


🛡 Standards-Track Contributions

Project Status Scope
OWASP AISVS Contributor Reversibility-graded action controls in C09 v1.0: C9.2.3 (reversibility classification), C9.2.4 (enforce by class), C9.2.10 (worst-case reachable across chains)
OWASP SPVS Active V5.6.5 IR decision-rights (PR #14), V1.3.7 NHI runtime decision-rights (PR #15), supply-chain (Issue #13)
OWASP Cornucopia (Agentic AI) Active Action-authority taxonomy (Issue #3018)
OWASP GenAI Security Project Active Reversibility-graded authority into Agentic AI Threats & Mitigations v1.1 (Issue #13)
OWASP Agentic Skills Top 10 (AST09) Contributor Cross-execution chain linkage (parent_action_ref + fan-in) accepted into the AST09 execution-receipt proposal (Issue #44)
Creduent (open agent identity standard) Merged Reversibility classification in the signed Execution Receipt schema: design-time conformance gate plus runtime fail-closed on unclassified tools, anchored to AISVS C9.2.3 (PR #8)
Agent Evidence Levels (AEL) Active Governability extension: reversibility-class provenance on evidence records, fail-closed on unclassified or unverifiable policy (PR #2)
CSA NHI v1.0 Reviewer Peer review June 2026

Prior OWASP leadership: AppSec India Co-Leader (2016–2020) · OWASP Indore Chapter Leader (2017–2018)


⚙️ Reference Implementations

Python JSON Schema CC BY 4.0

Reference implementation of OWASP AISVS C9.2.3 / C9.2.4 / C9.2.10: reversibility classification, enforce-by-class gate, worst-case reachable across chains. JSON schema + Python.

Python SPIFFE CC BY 4.0

NHI runtime decision-rights companion to OWASP SPVS V1.3.7. Identity provenance verification, token freshness, action-class authorization.


📄 Whitepaper

Whitepaper Pages Chapters License

The full architectural reference. 18 chapters across 5 parts (Problem / Architecture / Standards Anchor / Applied Patterns / Implementation) + closing. Develops the four-class reversibility taxonomy (read-only / reversible / external-reversible / irreversible), manifest-declared classification, worst-case chain rule, and the architectural floor that makes the gate resistant to prompt injection. Anchored in OWASP AISVS C9.2.3 / C9.2.4 / C9.2.10 (reversibility classification, enforce-by-class, and worst-case reachable across chains; AISVS v1.0).

Cross-substrate convergence catalog (10 substrates): OWASP AISVS · CSA IAM WG · PieterKas/agent2agent-auth-framework · SANS AI Security Maturity Model · CSA AARM · Identient AuthR · Digital Identity Forum · CSA NHI · James A Bex AI Engineering Handbook · Riddhi Mohan Sharma EHV.


📜 Writings

Writings

Long-form essays on AI agent security, decision-rights, reversibility-graded authority, and contribution methodology. Three essays published June 2026 (~9,900 words + 7 figures):

Magazine Publications

  • Action-Class Authority When AI Agents Do the Triage — eForensics Magazine, AI in Forensics: The Age of Autonomy (Jun 2026)
  • Interview with Mayur Agnihotri — Science Of Cyber Security (Oct 2017)
  • Conviction Of Digital Crime — National Cyber Defence eMagazine (Aug 2016)
  • PenTest: Penetration Testing in Linux — PenTest Magazine (Mar 2016)
  • PowerShell For Penetration Testing — PenTest Magazine (Jan 2016)
  • Predictions For Cyber Security in 2016 — eForensics and Hakin9 (Dec 2015)

🏆 Responsible Disclosure Recognition

Red Hat Adobe BlackBerry Sony Microweber Nokia Siteground

LDAP server flaw research (Red Hat) and web-application vulnerability disclosures across major brands.


🌐 Roles & Affiliations

Role Org Period
Information Security Specialist StraightArc Technologies 2020 to present
Head of Threat Research SkyVirtRange · SecSphere SOC 2017 to present
Board Member SkyVirt 2017 to present
Senior Subject Matter Expert TCS iON 2022 to present
Board of Studies Ramachandra College of Engineering 2023 to present
CHFI Item Writer EC-Council 2016 to present
Director ARNE Solutions 2016 to present
Technical Committee Digital 4n6 Journal 2016 to 2018
Team Member National Cyber Defence Research Centre 2016 to 2018

🤝 Connect

LinkedIn Twitter Website

📍 Udaipur, India · ⏱ GMT+05:30


Vendor-neutral standards work. Decision-rights for AI agents, reversibility as the architectural floor, manifest-declared action class as the standards-side answer.

@Mayur021's activity is private