Skip to the content.

AI Passport — Security Model

Encryption

Compromising one section key must not decrypt other sections.

Permissions

Threat model (MVP)

Threat Mitigation
Malicious consumer reads entire passport Scoped grants; filtered export
Stolen passport file Section encryption; master key in OS store
One section leaked Independent section keys
User disconnects a consumer ai-passport revoke <consumer>

Out of scope (MVP)

Core independence

Security does not rely on any specific IDE or AI provider. The encryption and permission model are consumer-agnostic.