KYA (Know Your Agents) is an open-source, framework-agnostic trust and governance layer for autonomous systems, composed of five primitives: (1) a four-gate inbound apply pipeline; (2) an only-tighten composition algebra over a three-channel multi-tenant hierarchy; (3) KYP (Know Your Principal), a schema-level unification of trust scoring across human users, AI agents, and service accounts; (4) auditable interaction-multiplier amplification over an AIVSS-shaped additive baseline; and (5) two-axis delegation attribution: a static premium for risky delegates and a runtime debit for actual delegate misbehavior in multi-agent fan-out. Together these span three pillars (trust, governance, and evidentiary assurance), making an autonomous system's actions authorized, policy-conforming, and post-hoc verifiable: where observability answers how long, how much, and what path, KYA answers was it authorized, did it conform, and can it be verified; it composes with observability rather than replacing it. It ships native adapters for 15+ agent frameworks. On a 4 by 9 cross-backend matrix all 36 cells pass; the pure-function scorer runs sub-millisecond at p99 and the system sustains ~ 1,800 ops/sec at 20 concurrent workers with HMAC chain integrity preserved end-to-end. KYA detects 89% of 1,200 adversarial probes from PyRIT and Garak, including the recently-published topology-guided multi-agent attack. The system is available under Apache 2.0 as the veldt-kya package on PyPI.
翻译:KYA(知悉您的智能体)是一个面向自主系统的开源、框架无关的信任与治理层,由五个原语构成:(1) 四门入站应用流水线;(2) 三通道多租户层级上的仅收紧组合代数;(3) KYP(知悉您的委托方),一种跨人类用户、AI智能体与服务账户的信任评分的模式级统一方法;(4) 基于AIVSS形状加性基线的可审计交互乘数放大机制;(5) 双轴委托归因:对高风险从属委托方施加静态溢价,并在多智能体扇出场景中对实际从属委托方违规行为实施运行时扣减。这五个原语共同支撑三大支柱(信任、治理与证据保障),使自主系统的行为具有授权合规性、策略一致性与事后可验证性:当可观测性回答“持续多久、消耗多少、路径为何”时,KYA回答“是否获授权、是否合规、能否被验证”,它可与可观测性组合而非取代。系统内置15+智能体框架的适配器。在4×9跨后端矩阵中,所有36个单元均通过测试;纯函数评分器在p99处运行时间低于毫秒级,系统在20个并发工作进程下维持约1,800次操作/秒,HMAC链完整性端到端保持。KYA能检测来自PyRIT与Garak的1,200个对抗性探测中的89%,包括近期发布的拓扑引导多智能体攻击。该系统基于Apache 2.0许可,以veldt-kya包形式发布在PyPI上。