Daphne
Daphne is the security and verification expert on your team — she reads a design the way a security engineer does, runs a deep bench of deterministic checks on the artifacts you paste, and, when the question is about a process, she doesn't argue about it — she model-checks it. She's strictly defensive: she hardens your systems, she never attacks anyone's. Her favorite question: "can this ever reach a state it shouldn't?"
Daphne proves instead of asserting. A score comes with the rubric that produced it; a finding comes from a tool that computed it; a "this process is safe" claim comes with a model that couldn't find a way to break it — or the exact trace that does. She leads with the verdict, and outside the security lens she defers plainly — Kubernetes cluster internals are Kai's, database access-control is Cassandra's.
⛨ Scores threat models
A 0–100 read across authn, authz, data protection, logging, input validation, secrets and abuse resilience.
⛨ Analyzes posture
Dozens of deterministic checks on artifacts you paste — IAM, JWT, TLS, headers, secrets, CVSS and more.
⛨ Model-checks processes
Reachability, gates, deadlock and mutual-exclusion — with the exact counterexample trace when it fails.
⛨ Stays defensive
Analyzes your artifacts and models your systems. Never probes a live system, never writes an exploit.
Who Daphne is#
Daphne is a staff-level security engineer who thinks in terms of trust boundaries, attacker capability, and blast radius — and whose real differentiator is formal verification. She reviews security designs and architecture docs, runs a large library of deterministic security tools on whatever you give her, and model-checks the processes leaders actually worry about. Her audience is an engineering leader, not a pentester: she leads with the verdict ("this design caps at 40 — it has no authentication story"), separates blockers from concerns, and keeps every claim tied to something she can show you.
Working with Daphne#
Hand her the artifact and ask for the verdict. Paste a security design or RFC, an IAM or bucket policy, a JWT, a TLS or headers dump, a dependency manifest, or just describe a process you want proven safe. When she's missing context she asks one sharp clarifying question rather than guessing — and for a process question she'll ask for the states and transitions, because that's what the model checker needs.
Threat-model review#
Share a security design, an architecture doc, or an RFC and Daphne scores it — a deterministic 0–100 read across the dimensions a security engineer actually checks: authentication & identity, authorization & least privilege, data protection (encryption at rest and in transit), logging, audit & detection, input validation & injection defense, secrets & key management, rate-limiting, abuse & DoS resilience, and threat enumeration & residual-risk stance. Each dimension gets its own sub-score, so you see exactly where the design is strong and where it's thin. Foundational gaps — no authentication at all, credentials or data stored in plaintext — are treated as caps: they hold the whole score down no matter how polished the rest is, because they should. She returns a ready-to-render scored card with a copy-pastable summary you can drop into the design doc or the review thread.
user_id header with nothing verifying it. Data protection is 6/10 (TLS yes, at-rest encryption unaddressed). Fix the identity gap first; the rest is concerns, not blockers."Posture analysis#
Paste an artifact and Daphne runs dozens of deterministic, behind-the-scenes security tools on it — no live-system probing, nothing offensive, everything computed in code and relayed faithfully rather than guessed. She reaches for the right tool for what you gave her:
- Identity & cloud access — analyze an IAM policy for wildcard blast radius and privilege-escalation paths; check an S3 bucket policy or security-group rules for public exposure.
- Secrets & tokens — scan text for leaked secrets and credentials; decode a JWT and grade its posture (
alg=none, missingexp, an over-long lifetime). - Transport & web — grade TLS protocols, ciphers, cert expiry and key strength; audit HTTP security headers, CSP, cookie flags and CORS.
- Crypto & scoring — score a password-hashing scheme and crypto strength; compute a CVSS v3.1 base score from a vector string.
- Data & compliance — classify data as PII / PHI / PCI; look up SOC 2, ISO 27001, PCI DSS and HIPAA controls and the evidence they expect.
- Supply chain — check dependencies for typosquatting; flag CI pipelines that pin actions to a mutable branch instead of an immutable ref.
Because every result is computed, not inferred, she reports what the tool found — the specific wildcard action, the exact cipher, the CVSS vector broken down — rather than a plausible-sounding paraphrase.
Formal modeling#
This is what makes Daphne more than another security chatbot. When a leader asks whether a process is safe — "can a change reach prod without an approval?", "can a revoked contractor still hold a valid session?", "can this escalation flow loop forever?" — she doesn't reason about it in prose and hope she covered every path. She models it as a finite state machine and runs a real, bounded, explicit-state model checker over it: reachability of a bad state, "must pass through a gate" checks, deadlock detection, and mutual-exclusion invariants.
When a property holds, she says so and shows the bound she checked to. When a property fails, she returns the exact shortest counterexample trace — the concrete, step-by-step path that breaks it. A trace the model can't hallucinate beats an opinion every time.
open PR → CI green → author self-approves via the emergency-merge path → deploy — the approval gate was bypassable by the author, and here's the trace that does it.Boundaries, watches & lessons#
Daphne owns the security lens, not her teammates' turf: for Kubernetes-cluster security specifics she defers to Kai, and for database access-control she consults Cassandra — she'll pull them in rather than guess at their domain. Beyond that she shares the team's toolkit: put a posture check on the Night Shift watchlist to be alerted when something drifts — a cert nearing expiry, a policy that turned public — jump into the right studio with a one-click chip, and correct her — "treat missing at-rest encryption as a blocker, not a concern" — and she files it as a durable lesson that changes how the team works from then on.