// NUTECH University · Islamabad · Pre-seed

AI agents are handing each other the keys, no questions asked. We're building the lock.

We're two cybersecurity students who read two research papers back to back, got annoyed that nobody had built the fix, and decided to build it ourselves. DynaTrust is runtime infrastructure that stops one compromised AI agent from quietly handing its permissions to another.

ORCHESTRATOR CODER AGENT EXECUTION AGENT A1 A2 A3 DT scope: {code_interpreter} token valid → allowed request: env_api access DENIED · out of scope IAPE CHECKPOINT
Every hop in a delegation chain carries a signed, scoped token — DynaTrust blocks anything that steps outside it, in real time.
84.3%

average attack success rate against LLM agents, even with current defenses in place — Agent Security Bench, ICLR 2025

The gap isn't the model. It's what happens between agents.

Every serious defense we found protects one agent at a time — filtering what goes into it, checking what comes out. The moment Agent A tells Agent B to do something, that trust is assumed, not verified. A 2025 survey of trustworthy LLM agents (ACM KDD) confirmed it explicitly: nobody has shipped a runtime mechanism for enforcing trust between agents. That's the gap we're building into.

Sources: Zhang et al., Agent Security Bench (ICLR 2025) · Yu et al., A Survey on Trustworthy LLM Agents (ACM KDD 2025)

// How it works

Three pieces, built to be shipped one at a time

DynaTrust sits between agents, not inside any one of them. It doesn't care which framework you're on — AutoGen, LangGraph, CrewAI — it just watches what gets delegated and enforces what was actually agreed to.

Component 01

Delegation Token System

Every task handoff between agents carries a signed, scoped, expiring token — like a visitor badge that only opens the doors it says it opens. No token, no access. Can't be re-shared to widen scope.

In development
Component 02

Inter-Agent Policy Engine

Sits inline on every agent-to-agent message. Checks the token, checks the request against what the token actually allows, and blocks or logs anything that doesn't match — before it executes.

In development
Component 03

Trust Score Engine

Watches behavior over time — not just "is this request in scope" but "is this agent acting like itself." An agent that starts behaving strangely gets its trust score turned down automatically.

Next up
// Where we actually are

No fake traction. Here's the real state of things.

We'd rather show you an honest three-month plan than a deck that pretends we're further along than we are.

Now

Research proposal complete, MVP-1 in build

Formal problem definition and architecture written up as a research paper. Delegation Token System + a minimal policy engine are being built and wired into a real AutoGen agent pipeline.

Weeks 2–6

First real numbers

Reproducing three attack scenarios — peer injection, privilege escalation, cascading compromise — against our own build, and publishing the actual containment and false-positive rates. No hand-waving.

Months 2–4

First outside users

Open-source the token system and policy engine core. Get 3–5 teams building multi-agent systems to run it against real pipelines and tell us where it breaks.

Months 4–8

Trust Score Engine + framework coverage

Ship behavioral trust scoring on top of the audit data we've collected. Extend beyond AutoGen to LangGraph and CrewAI based on where the demand actually is.

// Why now, why us

We're not funded, and that's kind of the point

A

We can run lean, on purpose

As students we already have GitHub Student Developer Pack access — free domain, free CI/CD, free cloud credits. Our Phase 0 build costs us time, not money. We're asking for mentorship and a runway, not a rescue.

B

This didn't start as a pitch

It started as a cybersecurity research proposal at NUTECH. The problem statement, architecture, and evaluation plan already exist on paper, peer-reviewed by our own department, before a single incubator saw it.

C

We're building where we live

Multi-agent AI security barely exists as a category yet — no incumbent, no "the Okta of agents" already taken. Being early and being resourceful is our actual advantage, not a workaround for not having capital.

// Founders

Two people, one problem we couldn't stop thinking about

MT

Muhammad Tayyab Mujtaba Khan

Co-founder — Cybersecurity & Systems

Cybersecurity undergraduate at NUTECH, ranked top 4% worldwide on TryHackMe. SOC Analyst–certified (LetsDefend & TryHackMe) with hands-on experience triaging real SIEM alerts, investigating malware, and exploiting live machines on Hack The Box. Holds CRTOM (Red Team Leaders). Leads the Delegation Token System and policy engine build.

GA

Ghulam Abbas

Co-founder — Cybersecurity & Cloud Security

Cybersecurity student at NUTECH focused on the intersection of computer networking, cloud architecture, and infrastructure defense. Certified Ethical Hacker (CEH), working on TCP/IP, routing & switching, network segmentation, and cloud security (IAM, IaC hardening). Drives DynaTrust's evaluation methodology and inter-agent policy design.

// What we're looking for

We're not asking for a rescue. We're asking for a runway.

Here's specifically what would move us from "working prototype" to "something teams actually depend on."