Research¶
Centaur Security Labs produces practitioner research on AI-augmented security operations: how to design systems that meet evidentiary and compliance standards, how to measure AI quality in operational environments, and what the correct division of labor looks like between human analysts and automated tooling.
The papers here are technical reports derived from operational experience building ARCHER and Sagittarius. They have not completed formal peer review. The argument and structure of each report are complete; remaining open items (empirical measurements gated on corpus data, footnotes requiring institutional journal access for final DOI/pagination) are tracked inline.
Published¶
The Centaur Framework →¶
The Centaur model has been described as a philosophy and advocated as a strategy. This paper makes it a specification — defining the three-layer responsibility architecture, documenting the failure modes that result when boundaries are violated, and deriving concrete design requirements for any tool that claims to implement the model correctly.
The Stochastic Trap →¶
Current AI security tools fail not because they are insufficiently capable, but because they apply probabilistic reasoning to roles that demand deterministic behavior. This paper names that failure mode, identifies the three architectural patterns that produce it, and argues that the remedy is not better models but a principled separation between the work that probabilistic systems do well and the work they are constitutionally incapable of doing reliably.
Investigative Provenance →¶
Investigative provenance is the property that makes a security finding actionable in a professional context: every claim traceable to specific evidence, every step documented, the full record reproducible by an independent analyst. This paper examines provenance as a compliance requirement under NIS2 and DORA and derives concrete design requirements for AI security tools that must produce findings with evidentiary weight.
Silent Competence →¶
AI security agents surface a capability problem that role constraints produce: a system constrained not to exceed its authorized scope can appear to fail at tasks it is actually capable of completing. This paper names the failure mode, explains why it emerges from correctly implemented constraints, and argues that the fix is not loosening constraints but improving the human's ability to read competence signals within them.
Training Data Integrity →¶
Fine-tuning a security agent on its own eval output creates a closed feedback loop with no external ground truth. This paper catalogs the failure modes that result — contamination classes, audit trail corruption, sidecar integrity failures — and documents the gate architecture required to prevent them from entering the training pipeline.
The Learning Loop →¶
AI security agents do not improve automatically — they improve only when a human analyst closes the feedback loop between operational output and the model's next training pass. This paper describes the architecture of that loop: the quality gate, the correction protocol, and the knowledge accumulation structure that prevents a learning system from simply training on its own failure modes.
When the Target Fights Back →¶
Cyber range evaluations test AI security agents against static targets. Real engagements do not have static targets. This paper examines the adversarial robustness failure modes that emerge when AI agents encounter active defenses, deceptive responses, and environments designed to manipulate the agent's decision-making — and derives the architectural requirements for agents that remain reliable under those conditions.
Compute as Cover →¶
Renting a high-end AI chip costs around $1.40 an hour — cheap enough to run a powerful, uncensored model privately and use it to write original malware on demand. Cloud providers are structurally unable to detect this activity. This paper examines where defenders can find a foothold, and what policy can realistically do about a threat that operates inside encrypted, ephemeral sessions.
More papers are in preparation. See the Pending Release page for titles and abstracts. Subscribe via RSS to be notified when new papers publish.