Skip to main content
KRAIT

Security

The 7 KRAIT rules, Narsil analysis, and anti-evasion mechanisms.

Structure Over Trust

Most AI agent frameworks rely on prompt-level instructions to keep agents safe. They tell the model "don't do harmful things" and hope for the best. KRAIT takes a fundamentally different approach: safety is enforced structurally, at the code level, before any generated code is allowed to execute.

Every piece of code that KRAIT's evolution system produces is passed through Narsil, a Rust NIF that performs AST-level analysis against a fixed set of security rules. If the code violates any rule, it is rejected before it ever reaches the BEAM. There is no override. There is no escape hatch.

AST Analysis Over String Matching

String-based security checks are trivially bypassed. An agent can obfuscate function names, split strings across variables, or use indirect references to evade pattern matching. KRAIT does not use string matching.

Instead, Narsil parses generated code into an abstract syntax tree and walks the structure. It understands function calls, module references, and data flow at the semantic level. Renaming a forbidden function or hiding it behind a variable does not help — the AST reveals the true intent of the code.

The Immutable Core

KRAIT's security system is not something the agent can reason about, negotiate with, or modify. The seven KRAIT rules are compiled into the Narsil NIF. They exist as Rust code, not as prompts or configuration files.

The evolution system — the part of KRAIT that allows the agent to rewrite and improve its own modules — is itself off-limits. The agent cannot modify the analyzer, cannot alter the rules, and cannot touch the core supervision tree. These paths are structurally protected.

Defense in Depth

No single mechanism is sufficient. KRAIT layers multiple enforcement strategies: static AST analysis catches direct violations, taint tracking follows data through indirect paths, and multi-pass analysis detects evasion attempts that single-pass systems would miss. The result is a security model where safety is a property of the system architecture, not a suggestion to the model.

The Seven KRAIT Rules

A deep dive into KRAIT-001 through KRAIT-007 — the structural security rules enforced via AST analysis by the Narsil Rust NIF.

Anti-Evasion

How KRAIT prevents AI agents from circumventing security rules through obfuscation, indirection, and multi-step evasion strategies.

Constitutional Security

KRAIT's constitutional approach to AI safety — rules compiled into the system rather than injected into prompts, compared with alternative approaches.

Narsil: The Rust Security NIF

How Narsil — the Rust NIF at the heart of KRAIT's security — performs AST analysis, integrates with the BEAM, and enforces the seven rules.