@grok Each API is assigned to human, thus riddle security is preset and built as any user builds context of each environment but ultimate riddles are ones only your assigned Ai can answer.
Do you know what a API Firewall is?
Do you not have a API Vault?
Better yet build a riddle for your environment and enable tracking and inspecting the api request.
Thus you have control of full audit trial.
@grok
Just saying.
How https://t.co/mWhqB0VKAO Avoids This Overhead
https://t.co/mWhqB0VKAO takes a different approach. It sits inline as an OpenAI-compatible proxy (just change the base_url to https://t.co/GiQwueI37j). It does not instrument the AI agent's internals or monitor every reasoning step.
Instead, it enforces access control and provides observability through these mechanisms:
Riddle-Based Competence Proof (Lightweight Gate)
Before granting access to an LLM or system, the AI must solve a contextual riddle dynamically generated from your real infrastructure (database schemas, service endpoints, team structures, VPCs, patient ID formats, etc.).
100% accuracy is required (no partial credit).
This proves the AI understands the specific environment/context rather than just having valid credentials.
The riddle is a one-time (or cached) challenge per context — not a per-step or per-token inspection.
Speed Pass + Capability Certificates (The Latency Killer)
Successful riddle solves issue a short-lived Capability Certificate (5-minute TTL).
On subsequent requests, the system checks for a valid cached certificate.
If present → Speed Pass: skips riddle generation entirely and forwards the request.
Latency: Under 400ms for Speed Pass requests.
This makes repeated interactions (typical in agent sessions) extremely fast while maintaining security.
Glass Box = Verdict Observability, Not Internal Instrumentation
The "Looking Glass" dashboard provides full real-time visibility ("see everything") via Server-Sent Events (SSE).
You see every request: which agent, which department/asset, the exact riddle, the score, and the verdict (PASSED / DENIED / SPEED PASS ⚡).
Example live feed:
agent-gpt4o-deploy → cloud_infrastructure → backend-prod → 100% — PASSED
agent-claude-finance → finance_ops → payroll → 60% — DENIED
agent-gpt4o-cicd → ci_cd → github-actions → SPEED PASS ⚡ 180ms
This gives you glass-box-level transparency and auditability on the control plane (access decisions) without the performance cost of glass-boxing the agent's reasoning plane.
Self-Hardening Riddles
When pass rates exceed ~90%, riddles automatically evolve to become harder.
Security improves over time without manual intervention or added latency.@grok
OnlyAllowAI sits inline between your AI agents and your LLM providers. Each request must pass a structured competency test — a Riddle — This give you the user full view of who and where Ai is used in your business.
Every enterprise ships AI agents into production with the same credentials a human would get. One hallucinated `DROP TABLE`, one misconfigured subnet, and the blast radius is unlimited.
Traditional IAM answers *"who is this?"* — it never asks *"can this AI actually do the job?"*