CompanyHelixar Labs

Open protocols and tools from the team building AI security.

Helixar Labs publishes open protocols and open-source security tools. Built in the open, for the teams securing AI at the frontier.

Helixar-AI on GitHubMIT / CC BY 4.0 · Community contributions welcome

Open Protocols

Infrastructure for the agentic layer.

Protocols are different from tools. A tool solves a specific problem. A protocol establishes shared infrastructure that any tool can build on. Helixar Labs publishes open protocols for problems where the whole ecosystem benefits from a common standard, not a proprietary solution.

Open ProtocolNewv0.1 · CC BY 4.0 · IETF draft submitted

HDP - Human Delegation Provenance Protocol

When a human authorizes an AI agent, that authorization needs a verifiable record that survives every subsequent delegation hop. HDP is the open standard for creating, signing, and verifying that record. Ed25519-signed, framework-agnostic, fully offline verification. No central registry. No vendor dependency.

Ed25519 SigningDelegation Chain IntegrityMCP IntegrationPoH BindingGDPR Privacy ControlsIETF Individual Draft

View full protocol specification

Companion SpecificationNewv0.1 · CC BY 4.0 · IETF Draft to follow

HDP-P - Human Delegation Provenance for Physical AI Agents

Extends the HDP trust model to embodied AI agents, robots, autonomous vehicles, surgical systems. Introduces the Embodied Delegation Token (EDT), four-class irreversibility classification, and mandatory pre-execution authorization for physical actions. The central contribution is treating physical irreversibility as a security property.

Embodied Delegation TokenIrreversibility ClassificationPolicy AttestationFleet Delegation ScopePre-Execution AuthorizationResearch Paper

View companion specification

Open Source Projects

4 open-source projects

🦞

ReleaseGuard

GoMIT

Scan, harden, sign, and attest every build artifact before it ships.

Secrets DetectionSBOM GenerationHardening TransformsSigning & Attestation

Unpinched

GoMIT

Instant triage for PinchTab deployment and agentic browser bridge exposure.

Port & API ExposureProcess MonitoringCDP Bridge DetectionFilesystem Artifact Analysis

MCP Security Checklist

MarkdownMIT

The practitioner's security framework for production MCP deployments.

Authentication & AuthorisationInput Validation & Prompt InjectionTool & Resource ExposureAPI Session Security

Sentinel

PythonMIT

Automated 26-rule security scanner for MCP server infrastructure.

Configuration Analysis (10 rules)Live Endpoint Assessment (8 rules)Container Inspection (8 rules)

Coming Up

More research on the way.

Kubernetes manifest scanning, continuous monitoring for MCP endpoints, and agent behavioural baselining toolkits are in active development.

Follow Helixar-AI

Get Involved

Built for practitioners, by practitioners.

These tools are shaped by real-world feedback from engineers operating AI agents and browser automation in production. If you have encountered an attack pattern, misconfiguration class, or gap in coverage not addressed here, open an issue or pull request.

Contribute to ReleaseGuard Contribute to Unpinched Contribute to MCP Security Checklist Contribute to Sentinel

Disclaimers

No guarantee of coverage. Open-source security tools are provided as practitioner aids, not as comprehensive security solutions. The MCP Security Checklist, Sentinel scanner, and Unpinched detector address known patterns and artifacts at the time of release; they do not guarantee detection or prevention of all threats in all environments. PinchTab detection specifically addresses point-in-time artifact scanning and does not provide continuous monitoring. Security posture depends on deployment configuration, operational practices, and threat actor capability.

Point-in-time limitation (Unpinched). Unpinched performs a single-point-in-time scan. It will not detect PinchTab activity that begins after the scan completes, nor will it detect sophisticated deployments that remove artifacts between scan intervals. For continuous detection and alerting, Helixar’s commercial platform is required.

As-is licence. All projects published under Helixar Labs are distributed under the MIT Licence on an “as-is” basis, without warranties of any kind, express or implied. Use in production environments is at the operator’s own risk. Review the full licence terms in each repository before deployment.

Scope limitations. Helixar Labs projects explicitly exclude model weight security, privacy regulation compliance (GDPR, CCPA, HIPAA), and general cloud infrastructure hardening. They are specialist tools for specific domains and should be used as part of a broader security programme, not as a substitute for one.

Third-party trademarks. References to third-party platforms, tools, protocols (including Model Context Protocol, Chrome DevTools Protocol, and PinchTab), and standards are for technical context only. Helixar Limited is not affiliated with, endorsed by, or in any way officially connected with the authors or governing bodies of referenced standards or tools.

Not security advice. Content published by Helixar Labs, including checklists, documentation, and research, constitutes informational material and does not constitute professional security consulting, legal, or compliance advice. Engage qualified security professionals to assess your specific environment.

Need continuous coverage, not just a snapshot?

The open-source tools are the starting point. Helixar’s commercial platform provides continuous runtime detection, alerting, and enforcement, catching PinchTab and everything like it from day one.

Talk to the Team