Security & verification lab, London

Verifiable checks for how AI systems behave and fail.

Nativerse is an independent lab auditing how AI systems behave and fail. We run differential execution to prove what code and models do, keep live cited telemetry on the AI ecosystem, and map the identity failures that surface as software becomes agentic. Every track ends in an open dataset or a tool you can run yourself.

No speculative papers. Open source and Apache-2.0, signed with Sigstore. Every figure links to its source.

2,041,318 repositories scanned, 124 keying identity on email Read →

Three tracks. Each one ships proof.

Every track is anchored by something running today and points at the harder problem behind it. The shipped work is the proof of the method. The direction is where the method goes next, said plainly so you can tell the two apart.

Track 1: Behavioural verificationRust, Apache-2.0

equiv

Differential execution. Run two versions on the same inputs, see exactly where they break.

Shipped today: equiv runs a changed function and its previous version on identical generated inputs and reports whether the behaviour diverged, with the exact input that breaks it. Every run emits a signed receipt that re-runs byte-for-byte on any machine. "Works on my laptop" becomes a record anyone can verify.

Where this points The same differential execution maps divergence between a base model and a fine-tuned variant: does the smaller model still behave like the one it replaces, on the inputs that actually matter.

Track 2: Live telemetryLive

Gawk

Verified public data on how the AI ecosystem moves. Zero speculative interpolation.

Shipped today: Gawk watches more than thirty public sources and puts what is moving in AI on one screen, from model releases to spend. Every figure links to where it came from. When a source goes down its card greys out and keeps the last verified value instead of guessing.

Where this points The same ingestion, run over time, captures environmental drift: the raw material for high-fidelity datasets to evaluate models against the real world rather than a static benchmark. As the open web fills with synthetic output, verified real-world telemetry is a hedge against model collapse, training on the exhaust of other models. That pipeline is in progress.

Sources include
Track 3: Systemic securityResearch, authdrift

Identity that breaks at scale

What happens when automated systems key login on the wrong field.

Shipped today: a code-pattern scan of over two million repositories found 124 projects keying login on the email address instead of the stable OIDC sub claim. That is the bug that splits an account when someone renames their Gmail. The dataset and methodology are open, and the authdrift ruleset lets teams catch it. Maintainers have merged fixes, including one 45-line patch with 304 lines of tests.

Where this points The same failure class scales into agents. As autonomous systems inherit brittle legacy authentication, the open question is what an agent can reach when identity is keyed on the wrong field. That composition risk is the active research direction.

Disclosure, in the open.

Findings are reported on HackerOne, Bugcrowd and huntr, and most stay private until they are fixed. What is public is written up in full, with the dataset and the method, so anyone can check the work or run it again.

App Store research, 2026AI ecosystem

The AI assistants own the Productivity chart and answer almost no one

The 12 most-rated Productivity apps on the US App Store hold a 4.77 lifetime average, yet their recent reviewers have turned. ChatGPT, Claude, Grok and Perplexity each reply to 0% of them, while the older tools answer far more, led by Dropbox at 58%. The piece splits the single star rating into recent backlash and developer response, then plots all twelve on a Friction Matrix.

Why it matters: the lifetime star rating hides how this month's users feel, across the same AI apps your own product is measured against.

Read
Essay, 2026

Google externalised the cost of renaming Gmail

Google shipped Gmail address renaming and never shipped a webhook to go with it. 124 open-source projects still tie your identity to your email address. The essay covers what breaks and who pays, and comes with the open dataset and the authdrift ruleset that maintainers have merged fixes from.

Why it matters: when an account silently splits in two, the user loses their history and you lose the customer. This is the class of failure an audit finds before it reaches your support queue.

Read
Data, 2026Dataset

124 repositories. Four ecosystems. One broken assumption.

The data behind the essay: 2M+ repositories scanned, with severity tiers and the full methodology. A complete, reproducible audit.

Read
Practice note, ongoing

AI-augmented, human-in-the-loop

A careful way to use AI in security research. Every finding is checked by hand, and nothing is submitted automatically. It tests where AI actually helps a researcher, instead of flooding triage queues.

Read

Lab engagements.

Nativerse takes a limited number of technical mandates to deploy its frameworks directly into your architecture. No abstract advisory reports. Each mandate ends in a dataset or a check you own and can re-run.

Custom telemetry

Data ingestion patterned after GAWK

A verified, cited feed of the sources your team depends on, built on the same ingestion approach as GAWK. When a source degrades it is logged, not guessed.

Divergence testing

Differential execution using the equiv method

Run candidate against base on identical inputs to catch where an AI rewrite, a model swap, or a fine-tuned variant changes behaviour. You keep the signed receipts.

Identity audits

Agent-to-legacy auth review

Review the integration points where automated systems and agents meet your OAuth, OIDC and access controls, using the threat models behind the authdrift research.

A small number of mandates are scoped each quarter. Tell us the system and the failure you are worried about, and we reply to every serious one.

Utility lab artifacts

Small, deterministic tools built to solve isolated engineering bottlenecks, open-sourced for the community.

Nativerse is an independent research lab led by Srinathprasanna Shanmugam. We prioritise open science and verifiable proofs over speculative AI hype.

More than a decade inside enterprise software, from IBM and AT&T to fast-moving fintechs, banks and ISVs across Europe. That is years spent watching how real systems break under scale, compliance and integration pressure. Nativerse points that experience at one problem: the security and verification of AI systems. Everything here is published, so you never have to take our word for it.