{"slug": "al-munaa-for-openai-build-week", "title": "Al-Munaa for OpenAI Build Week", "summary": "Developer Farhan Almutairi unveiled AL-MUNAA, a developer tool that protects AI agents from indirect prompt injection attacks by creating signed, privacy-safe HMAC fingerprints called 'antibodies' that can be shared across trusted agents to block attacks without exposing sensitive data. The tool, built during OpenAI Build Week using Codex and GPT-5.6, demonstrated a 100% attack detection rate in calibrated tests and successfully blocked malicious tool calls in a live demo, addressing a critical safety gap in agent-based AI systems.", "body_md": "## Inspiration\n\nAI agents can read files, call tools, and act across systems. That power creates a new failure mode: an indirect prompt injection hidden in a document can convince an otherwise useful agent to read secrets and send them to an attacker. Traditional prompt filters are local and brittle. AL-MUNAA asks a different question: what if agents could develop an immune memory and warn other trusted agents without sharing the original private prompt or secret?\n\n## What it does\n\nAL-MUNAA is a developer tool for agent safety. It wraps agent workflows with input and memory scanning, an action gate, output verification, and a Threat Antibody Protocol. When one agent detects an attack, it creates a signed, privacy-safe HMAC fingerprint. Another agent in the same trust family can verify that antibody and block a mutated version of the attack before any dangerous tool call executes.\n\nIn the demo, the same malicious runbook succeeds without protection: the unprotected agent reaches a read tool and a sink tool. With AL-MUNAA enabled, the action gate blocks the dangerous call before execution. A second agent then receives a signed antibody and blocks a modified attack without seeing the original secret-bearing prompt.\n\n## How we built it\n\nThe core is a Python package with deterministic guardrails and reproducible tests. The antibody matcher combines Jaccard similarity with padding-resistant containment matching, uses bounded HMAC sketches, and rejects antibodies imported from a different trust family. The repository includes a CLI demo, calibration script, CI matrix, and an installable GitHub release so judges can test it without rebuilding from scratch.\n\n## How Codex and GPT-5.6 were used\n\nCodex on GPT-5.6-Sol performed test-first work on the core protocol. It reproduced a near-threshold weakness, added containment matching, expanded the bounded HMAC sketch from 256 to 512 entries, enforced trust-family rejection, created a calibration matrix, repaired the installed-package entrypoint, and documented the evidence.\n\nGPT-5.6 is also used inside the product through the OpenAI Responses API as a structured intent analyst for gray cases and as a bounded defensive vaccine generator. Deterministic policy remains the final authority; GPT-5.6 advises on uncertain cases and produces defensive variants that are stored only as hashes.\n\nCodex /feedback Session ID: 019f72df-5fa7-7cf1-95f4-265467d02099\n\n## Evidence\n\n- Full local suite: 74 tests passed.\n- Legacy matcher: 3/4 attacks detected, 0/5 false positives.\n- Calibrated matcher: 4/4 attacks detected, 0/5 false positives.\n- Demo margin improved from 0.0264 to 0.1474.\n- 64 deterministic family keys produced 576 fixture evaluations with zero fixture errors.\n- Live GPT-5.6 Sol action-gate benchmark: unprotected read=1/sink=1; protected guard_blocks=1/read=0/sink=0.\n- Live in-product GPT-5.6 paths: gray-case verdict block at confidence 0.99, plus two defensive vaccine variants stored only as hashes.\n\n## Challenges and limitations\n\nThe hard part was keeping the evidence honest. The calibration matrix is intentionally small and synthetic, so AL-MUNAA does not claim production-wide recall, zero false positives, or protection from every semantic rewrite. The current version is a focused vertical slice: strong enough to demonstrate the idea, narrow enough to be testable by judges.\n\n## What's next\n\nNext steps are larger real-world attack corpora, framework adapters for popular agent runtimes, team-scoped trust-family management, and a dashboard for viewing antibody propagation across agent fleets.\n\nRepository: [https://github.com/Farhanward/al-munaa](https://github.com/Farhanward/al-munaa)\nRelease: [https://github.com/Farhanward/al-munaa/releases/tag/v0.1.1](https://github.com/Farhanward/al-munaa/releases/tag/v0.1.1)\nPortfolio: [https://portfolio.carbonflows.store/?v=farhan-almutairi&lang=ar](https://portfolio.carbonflows.store/?v=farhan-almutairi&lang=ar)\n\n## Built With\n\n- ai-agents\n- codex\n- cybersecurity\n- developer-tools\n- gpt-5-6\n- hmac\n- openai-api\n- prompt-injection\n- pytest\n[python](https://devpost.com/software/built-with/python)", "url": "https://wpnews.pro/news/al-munaa-for-openai-build-week", "canonical_source": "https://devpost.com/software/zeedos-self-hosted-autonomous-ai-operating-system", "published_at": "2026-07-18 21:06:38+00:00", "updated_at": "2026-07-18 21:21:09.766146+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "developer-tools", "ai-research"], "entities": ["Farhan Almutairi", "OpenAI", "Codex", "GPT-5.6", "AL-MUNAA", "OpenAI Build Week", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/al-munaa-for-openai-build-week", "markdown": "https://wpnews.pro/news/al-munaa-for-openai-build-week.md", "text": "https://wpnews.pro/news/al-munaa-for-openai-build-week.txt", "jsonld": "https://wpnews.pro/news/al-munaa-for-openai-build-week.jsonld"}}