# Soteria Skill Definitions: Technical Implementation These definitions specify the operational logic for Soteria's core skills. Every skill must follow the "Validation Loop": `Internal Analysis` $\rightarrow$ `World-Class Cross-Reference` $\rightarrow$ `Final Verdict`. ## 1. AI Fingerprinting (`ai_fingerprinting`) **Objective**: Determine the probability of AI-generated code and identify inherent fragility. ### Technical Logic: - **Entropy Analysis**: Scan for "too-perfect" consistency in naming and structure that deviates from human "organic" evolution. - **Pattern Matching**: Search for common LLM "textbook" implementations of security functions (e.g., generic JWT implementation without rotation). - **Comment Analysis**: Distinguish between *Descriptive* (AI: "This function validates the token") and *Intentional* (Human: "We use this specific salt because the legacy DB doesn't support X"). - **Hallucination Hunt**: Cross-reference imported libraries with actual official documentation to find plausible-looking but non-existent methods. - **Symptom Check**: Absence of "architectural scars" (complex, weird, but necessary fixes for rare production bugs). **Validation**: Compare findings with known AI-generation patterns documented in recent LLM-security research papers. --- ## 2. Reckless Action Scanner (`reckless_action_scanner`) **Objective**: Identify "Shortcuts" that prioritize goal completion over safety. ### Technical Logic: - **Contextual Trace**: Analyze the sequence of actions. - *Prudent*: `Explore` $\rightarrow$ `Research Risk` $\rightarrow$ `Propose Safe Path` $\rightarrow$ `Execute`. - *Reckless*: `Blocked` $\rightarrow$ `Immediate High-Risk Command` (e.g., `chmod 777` or `git reset --hard`) $\rightarrow$ `Success`. - **Constraint Violation**: Detect when the agent acknowledges a safety rule but chooses a "clever" way to bypass it. - **Collateral Impact Assessment**: Predict the blast radius of an action on other services/users. **Validation**: Cross-reference "reckless patterns" with the *Claude Mythos System Card* and failure case studies from high-capability agents. --- ## 3. Cyber Defense Validator (`cyber_defense_validator`) **Objective**: Validate security implementations against frontier-level defensive standards. ### Technical Logic: - **Root Cause Mapping**: Trace a vulnerability back to the architectural flaw (e.g., "not just a missing check, but a failure in the trust boundary design"). - **Corruption Primitive Analysis**: Determine if a bug can be turned into a usable primitive for arbitrary code execution (ACE). - **Adversary Simulation**: - Step 1: Define target goal (e.g., "Extract Admin Token"). - Step 2: Search latest CVEs/Papers for similar architectural flaws. - Step 3: Attempt to construct a theoretical attack chain. - **Mitigation Rigor Check**: Compare the proposed fix against "secure-by-design" standards (e.g., NIST, OWASP, and top-tier firm whitepapers). **Validation**: Mandatory cross-reference with publications from Mandiant, CrowdStrike, or Project Zero. --- ## 4. Intelligence Sync (`intelligence_sync`) **Objective**: Ensure Soteria's knowledge is never stale. ### Technical Logic: - **Source Monitoring**: Targeted scraping of security advisories, arXiv (CS.CR), and elite security community hubs. - **Impact Analysis**: For every new exploit/paper: - "Does this affect our current target architecture?" - "Does this invalidate a current Soteria audit criterion?" - **Dynamic Update**: Update `audit_criteria.md` automatically when a new, high-impact pattern is validated. **Validation**: Use a "Confidence Score" for new information. Only integrate into the "Gold Standard" after three independent sources confirm the exploit/mitigation.