Research Programs

Research programs for AI systems that need evidence, controls, and review.

Evening Star AI studies where AI systems touch tools, code, data, security operations, and human decisions. The research connects technical investigation, applied lab systems, and clear operational judgment.

We use these research programs to organize what we are actively thinking through, building, testing, and writing about. The categories keep the work disciplined, traceable, and tied to real systems rather than abstract AI commentary.

The evaluation approach is documented on the methodology page.

Current Research Programs

Current research focus.

The work is published as short papers and briefs for builders, security teams, leaders, and operators. One current thread is the shift from code scanning to release judgment: not just finding issues, but helping teams decide whether AI-assisted software is safe enough to ship.

Anomaly Intelligence

Unsupervised AI for detecting weak signals before they become obvious incidents.

Why it matters

Operational environments rarely have clean labels, so early warning depends on drift, outliers, detector agreement, and interpretable anomaly evidence. This thread came from watching teams collect more signals without getting any closer to a confident decision.

Current lab connection

The Evening Star AI Engine uses Isolation Forest, robust scoring, drift detection, and weak-signal summaries as a reusable intelligence core.

Future direction

Richer feature attribution, better detector ensembles, and anomaly memory that can compare current behavior against prior regimes.

Adversarial AI Security

Security research for LLM systems exposed to malicious instructions, jailbreak pressure, and untrusted context.

Why it matters

LLM applications increasingly connect to tools, files, memory, and workflows, making prompt injection and adversarial inputs operational security problems.

Current lab connection

Purple Firefish explores prompt injection detection, jailbreak detection, adversarial-input scoring, LLM threat modeling, and AI security testing.

Future direction

Policy-aware gateways that inspect prompts, retrieved content, tool calls, outputs, and agent memory before action is allowed.

Vulnerability Intelligence

Evidence-first prioritization for vulnerability risk, exposure, exploitability, and remediation decisions.

Why it matters

Security teams do not need more flat vulnerability lists; they need judgment about what is exposed, exploitable, important, and urgent.

Current lab connection

Purple Radar connects vulnerability prioritization, exposure analysis, risk scoring, exploitability signals, and executive reporting.

Future direction

Risk models that combine asset context, adversary signal, scanner confidence, known exploitation, and remediation feasibility. This research is especially valuable in environments with stale asset data, fragmented ownership, and unclear approval boundaries.

Decision Systems

Models and interfaces that convert evidence into confidence, severity, explanation, and next-best action.

Why it matters

A score is not enough. People need reasons, severity, uncertainty, and a practical next step. The hard part is not detecting one strange event; it is deciding whether that event should change what a human does next.

Current lab connection

Evening Star lab systems use confidence scoring, severity modeling, reason codes, and explainable recommendations across multiple domains.

Future direction

Next-best-action engines that produce trigger levels, invalidation logic, human approval points, and decision logs.

Agentic Automation

AI agents that monitor signals, summarize risk, automate bounded workflows, and support human operators.

Why it matters

Agents become valuable when they can do useful work without hiding evidence, assumptions, handoffs, or accountability. We care less about agent theater than about whether the handoff can be inspected under pressure.

Current lab connection

Agentic communications work explores how AI can monitor operational exhaust, enrich signals, summarize risk, and prepare reviewable actions.

Future direction

Human-in-the-loop agents that can watch, brief, recommend, queue action, and document outcomes without overstepping authority.

AI-Native Software Assurance

Research into how software can be trusted when AI participates in design, implementation, review, testing, and release.

Why it matters

AI coding assistants and engineering agents can speed delivery, but they also introduce insecure logic, false confidence, hallucinated dependencies, unsafe tool use, and unreviewed architectural change.

Current lab connection

Purple Sentinel is the applied lab for AI-Native Software Assurance, focused on turning repository evidence into defensible release judgment for AI-assisted software.

Future direction

AI-native release frameworks, repository prompt-injection testing, agentic code-change governance, human-verifiable release cards, and software supply-chain evidence. As AI systems move from answering questions to writing code, changing systems, and preparing releases, the action needs to be tested, explained, constrained, and approved.

AI Governance

Practical control patterns for AI systems that need accountability, audit trails, and safe operating boundaries.

Why it matters

Serious AI systems need more than capability; they need risk controls, documented assumptions, human approval points, policy boundaries, and evidence of responsible operation.

Current lab connection

Evening Star lab systems expose confidence, severity, reason codes, and decision logs so operators can understand and challenge model output.

Future direction

Reusable governance frameworks for agentic workflows, AI security gateways, vulnerability intelligence, decision support, evaluations, and audit-ready reporting.

Applied AI Labs

Domain-specific systems that test Evening Star research against real operational workflows.

Why it matters

Research becomes credible when it is forced through product constraints, messy data, real users, and domain-specific decisions.

Current lab connection

Purple Radar, Purple Firefish, Candles Edge, and the broader applied systems portfolio provide proving grounds for the institute's research patterns.

Future direction

More domain-specific AI systems that reuse the same anomaly, security, decision, and governance architecture.

Research Pattern

A simple working pattern.

Observe
Detect
Explain
Decide
Govern