RFC-038: Domain of Concern Registry — AIGP Dialects as First-Class Artifacts — 16. Security and Safety Considerations
AIGP Specification › RFC-038: Domain of Concern Registry — AIGP Dialects as First-Class Artifacts › 16. Security and Safety Considerations
← 15. Second-Order Dialect Evolution · Section index · 17. Design Principles →
16. Security and Safety Considerations
| Risk | Mitigation |
|---|---|
| Malicious dialect publication (designed to produce false MATCH) | Publisher accreditation; peer review; conflict-of-interest declaration |
| Dialect tampering in transit | Bundle hash + publisher signature; integrity verification on resolution |
| Registry compromise | Immutability guarantees; external audit of publish operations; subscriber signature verification |
| Dialect designed to be impossible to satisfy (weaponized governance) | Review process evaluates threshold reasonableness; monotonic safety prevents relaxation but community can flag overfit |
| Shadow subscription data leakage (new dialect reveals sensitive posture) | Shadow evaluation results carry same confidentiality as active evaluations |
| Stale cached dialects (application operates on outdated observation apparatus) | Configurable freshness checks; deprecation notifications; governance warnings on stale resolution |
| Orphaned subscribers (publisher abandons dialect without successor) | Registry governance requires maintenance commitment; emergency succession process |
| Local Profile Override that claims compliance but weakens in practice | Validation engine enforces monotonic safety property on every override submission |
| Dialect version proliferation (too many versions, confusion) | Deprecation lifecycle with enforced archival; recommended maximum active versions per lineage |
← 15. Second-Order Dialect Evolution · Section index · 17. Design Principles →