Security & verification lab, London
Verifiable checks for how AI systems behave and fail.
Nativerse is an independent lab auditing how AI systems behave and fail. We run differential execution to prove what code and models do, keep live cited telemetry on the AI ecosystem, and map the identity failures that surface as software becomes agentic. Every track ends in an open dataset or a tool you can run yourself.
No speculative papers. Open source and Apache-2.0, signed with Sigstore. Every figure links to its source.
2,041,318 repositories scanned, 124 keying identity on email Read →Three tracks. Each one ships proof.
Every track is anchored by something running today and points at the harder problem behind it. The shipped work is the proof of the method. The direction is where the method goes next, said plainly so you can tell the two apart.
equiv
Differential execution. Run two versions on the same inputs, see exactly where they break.
Shipped today: equiv runs a changed function and its previous version on identical generated inputs and reports whether the behaviour diverged, with the exact input that breaks it. Every run emits a signed receipt that re-runs byte-for-byte on any machine. "Works on my laptop" becomes a record anyone can verify.
Where this points The same differential execution maps divergence between a base model and a fine-tuned variant: does the smaller model still behave like the one it replaces, on the inputs that actually matter.
# verify every changed function on each push - uses: Neelagiri65/equiv@v1 with: base: main candidate: ${{ github.sha }} ✓ 142 functions verified ✗ total(int) diverged at n = -5 → receipt 9f2c1e0b…a17b, signed
Gawk
Verified public data on how the AI ecosystem moves. Zero speculative interpolation.
Shipped today: Gawk watches more than thirty public sources and puts what is moving in AI on one screen, from model releases to spend. Every figure links to where it came from. When a source goes down its card greys out and keeps the last verified value instead of guessing.
Where this points The same ingestion, run over time, captures environmental drift: the raw material for high-fidelity datasets to evaluate models against the real world rather than a static benchmark. As the open web fills with synthetic output, verified real-world telemetry is a hedge against model collapse, training on the exhaust of other models. That pipeline is in progress.
Cited, not invented. A dropped source greys out instead of guessing.
Identity that breaks at scale
What happens when automated systems key login on the wrong field.
Shipped today: a code-pattern scan of over two million repositories found 124 projects keying login on the email address instead of the stable OIDC sub claim. That is the bug that splits an account when someone renames their Gmail. The dataset and methodology are open, and the authdrift ruleset lets teams catch it. Maintainers have merged fixes, including one 45-line patch with 304 lines of tests.
Where this points The same failure class scales into agents. As autonomous systems inherit brittle legacy authentication, the open question is what an agent can reach when identity is keyed on the wrong field. That composition risk is the active research direction.
# how 124 apps key your identity on email repositories scanned 2,041,318 keying login on email 124 frameworks affected 6 → authdrift ruleset, fixes merged upstream → dataset + methodology, open
Disclosure, in the open.
Findings are reported on HackerOne, Bugcrowd and huntr, and most stay private until they are fixed. What is public is written up in full, with the dataset and the method, so anyone can check the work or run it again.
The AI assistants own the Productivity chart and answer almost no one
The 12 most-rated Productivity apps on the US App Store hold a 4.77 lifetime average, yet their recent reviewers have turned. ChatGPT, Claude, Grok and Perplexity each reply to 0% of them, while the older tools answer far more, led by Dropbox at 58%. The piece splits the single star rating into recent backlash and developer response, then plots all twelve on a Friction Matrix.
Why it matters: the lifetime star rating hides how this month's users feel, across the same AI apps your own product is measured against.
Google externalised the cost of renaming Gmail
Google shipped Gmail address renaming and never shipped a webhook to go with it. 124 open-source projects still tie your identity to your email address. The essay covers what breaks and who pays, and comes with the open dataset and the authdrift ruleset that maintainers have merged fixes from.
Why it matters: when an account silently splits in two, the user loses their history and you lose the customer. This is the class of failure an audit finds before it reaches your support queue.
124 repositories. Four ecosystems. One broken assumption.
The data behind the essay: 2M+ repositories scanned, with severity tiers and the full methodology. A complete, reproducible audit.
AI-augmented, human-in-the-loop
A careful way to use AI in security research. Every finding is checked by hand, and nothing is submitted automatically. It tests where AI actually helps a researcher, instead of flooding triage queues.
Lab engagements.
Nativerse takes a limited number of technical mandates to deploy its frameworks directly into your architecture. No abstract advisory reports. Each mandate ends in a dataset or a check you own and can re-run.
Data ingestion patterned after GAWK
A verified, cited feed of the sources your team depends on, built on the same ingestion approach as GAWK. When a source degrades it is logged, not guessed.
Differential execution using the equiv method
Run candidate against base on identical inputs to catch where an AI rewrite, a model swap, or a fine-tuned variant changes behaviour. You keep the signed receipts.
Agent-to-legacy auth review
Review the integration points where automated systems and agents meet your OAuth, OIDC and access controls, using the threat models behind the authdrift research.
Utility lab artifacts
Small, deterministic tools built to solve isolated engineering bottlenecks, open-sourced for the community.
bharataddress
Deterministic parsing for messy Indian addresses. 26,711 pincodes across six Indic scripts, fully offline.
pip install bharataddressPyPIprivacylint
A Swift CLI that catches App Store privacy rejections before you submit, reported in plain English with the file and line.
brew installSwift CLIcodepulse
A leaderboard and paste-audit for CLAUDE.md files, scored deterministically against Claude Code defaults.
TypeScriptGitHubNativerse is an independent research lab led by Srinathprasanna Shanmugam. We prioritise open science and verifiable proofs over speculative AI hype.
More than a decade inside enterprise software, from IBM and AT&T to fast-moving fintechs, banks and ISVs across Europe. That is years spent watching how real systems break under scale, compliance and integration pressure. Nativerse points that experience at one problem: the security and verification of AI systems. Everything here is published, so you never have to take our word for it.