The work · a spine, not a portfolio

Intentional Fragility

A system should be built to break in the right places — and the break is the record, not the failure.

One idea, instantiated across a body of work: an argument written three ways, two instruments that run the same logic in different domains, and a research program that tests it in the field. The break is the gold seam. Everything here is threaded on it.

Argument
Three essays
Instruments
Two · live
Program
AI Security
Status
Open · in motion
i The through-line

Self-improvement is not the same as durability.

The reflex in systems design is to make failure rarer — score the parts by reliability, route toward whatever stops breaking, harden until the cracks stop showing. It produces something that looks robust and is, underneath, brittle: the first real break arrives with no rehearsal.

There is richness in the broken.

The inversion is to treat a break as a signal to be read, not an error to be erased. A tool that does useful work and then fails tells you more than one that runs forever doing nothing. The shape of how a thing breaks — per task, per context — is the data. So you keep the fracture, fill it with gold, and let the next system read it. What follows is that one refusal, instantiated.

ii The argument

Written three ways

iii The instruments

The same logic, in two different domains

When one abstraction shows up in two unrelated security problems, that is the evidence it is real. Both instruments run the identical three-state discipline — reinforce what carries value, let the rest decay, route around the break. One does it to tools. One does it to dependency graphs, the way a slime mold does it to a rail map.

kintsugi
Tool routing · Python · verified

A fragility-aware toolbelt for a research harness. Tools are expected to eject under load; the breaker trips on a soft threshold, the portable task context hands off to the next tool intact, and the eject-reason taxonomy is kept as the research payload.

Routing ranks tools by value-density — goal advanced per token — never by reliability. Ejection is never penalized anywhere in the code.

→ the formal argument (PDF)

Slime mold routing · live

coverage backbone edges CLOSED
Theatre of Dependencies
Supply-chain · SBOM · slime-mold routing

Feed a dependency graph as terrain. The organism treats roots as food sources and lays tubes between them, thickening the paths that carry flux and starving the ones that don't — converging on a minimal set of roots whose trail covers the most surface. That set is the upgrade ritual.

It is the same fragility, applied to a different graph. Physarum polycephalum famously rebuilt the Tokyo rail network this way — reinforce what works, prune what doesn't (Tero et al., Science, 2010).

→ repos at github.com/mazze93
iv The research program

Two halves of one falsifiable question

The same stance, pointed at a real population: under-resourced, queer-serving organizations with active adversaries and defenses below their threat model. One half measures what an attacker gains. The other measures what a defender gains — under constraints the rest of the industry refuses to adopt.

Offensive · the threat

Attack-surface uplift

Against a real civil-society network stack, what attacks become accessible to a mid-skill adversary with LLM assistance that they could not run without it? Three skill tiers, four metrics, a defensive companion output.

Fellows proposal · testbed already exists
Defensive · the capacity

CAIRN — Evidence Charter

Does local-first, human-in-the-loop AI measurably raise an org's security capacity without the surveillance harms of platform AI? Two-tier metrics, a hard firewall, falsifiable on purpose.

Secure Pride · n=1 → small-n

— one program, measured from both sides —

One application, given its due

Anthropic Fellows · AI Security

The offensive half is the basis of a Fellows proposal. It earns a real section here and no more than that — the body of work is the durable object; the application is one vehicle through it, with narrow odds and an honest weighting.

AI Security — primary track Model Welfare — differentiation signal rolling · late-2026 target