Research Programs
Research programs for AI systems that need evidence, controls, and review.
Evening Star AI studies where AI systems touch tools, code, data, security operations, and human decisions.
The research connects technical investigation, applied lab systems, and clear operational judgment.
We use these research programs to organize what we are actively thinking through, building,
testing, and writing about. The categories keep the work disciplined, traceable, and tied to
real systems rather than abstract AI commentary.
The evaluation approach is documented on the methodology page.
Current Research Programs
Current research focus.
The work is published as short papers and briefs for builders, security teams, leaders, and operators.
One current thread is the shift from code scanning to release judgment: not just finding issues, but helping
teams decide whether AI-assisted software is safe enough to ship.
Anomaly Intelligence
Unsupervised AI for detecting weak signals before they become obvious incidents.
Why it matters
Operational environments rarely have clean labels, so early warning depends on drift, outliers, detector agreement, and interpretable anomaly evidence. This thread came from watching teams collect more signals without getting any closer to a confident decision.
Current lab connection
The Evening Star AI Engine uses Isolation Forest, robust scoring, drift detection, and weak-signal summaries as a reusable intelligence core.
Future direction
Richer feature attribution, better detector ensembles, and anomaly memory that can compare current behavior against prior regimes.
Adversarial AI Security
Security research for LLM systems exposed to malicious instructions, jailbreak pressure, and untrusted context.
Why it matters
LLM applications increasingly connect to tools, files, memory, and workflows, making prompt injection and adversarial inputs operational security problems.
Current lab connection
Purple Firefish explores prompt injection detection, jailbreak detection, adversarial-input scoring, LLM threat modeling, and AI security testing.
Future direction
Policy-aware gateways that inspect prompts, retrieved content, tool calls, outputs, and agent memory before action is allowed.
Vulnerability Intelligence
Evidence-first prioritization for vulnerability risk, exposure, exploitability, and remediation decisions.
Why it matters
Security teams do not need more flat vulnerability lists; they need judgment about what is exposed, exploitable, important, and urgent.
Current lab connection
Purple Radar connects vulnerability prioritization, exposure analysis, risk scoring, exploitability signals, and executive reporting.
Future direction
Risk models that combine asset context, adversary signal, scanner confidence, known exploitation, and remediation feasibility. This research is especially valuable in environments with stale asset data, fragmented ownership, and unclear approval boundaries.
Decision Systems
Models and interfaces that convert evidence into confidence, severity, explanation, and next-best action.
Why it matters
A score is not enough. People need reasons, severity, uncertainty, and a practical next step. The hard part is not detecting one strange event; it is deciding whether that event should change what a human does next.
Current lab connection
Evening Star lab systems use confidence scoring, severity modeling, reason codes, and explainable recommendations across multiple domains.
Future direction
Next-best-action engines that produce trigger levels, invalidation logic, human approval points, and decision logs.
Agentic Automation
AI agents that monitor signals, summarize risk, automate bounded workflows, and support human operators.
Why it matters
Agents become valuable when they can do useful work without hiding evidence, assumptions, handoffs, or accountability. We care less about agent theater than about whether the handoff can be inspected under pressure.
Current lab connection
Agentic communications work explores how AI can monitor operational exhaust, enrich signals, summarize risk, and prepare reviewable actions.
Future direction
Human-in-the-loop agents that can watch, brief, recommend, queue action, and document outcomes without overstepping authority.
AI-Native Software Assurance
Research into how software can be trusted when AI participates in design, implementation, review, testing, and release.
Why it matters
AI coding assistants and engineering agents can speed delivery, but they also introduce insecure logic, false confidence, hallucinated dependencies, unsafe tool use, and unreviewed architectural change.
Current lab connection
Purple Sentinel is the applied lab for AI-Native Software Assurance, focused on turning repository evidence into defensible release judgment for AI-assisted software.
Future direction
AI-native release frameworks, repository prompt-injection testing, agentic code-change governance, human-verifiable release cards, and software supply-chain evidence. As AI systems move from answering questions to writing code, changing systems, and preparing releases, the action needs to be tested, explained, constrained, and approved.
AI Governance
Practical control patterns for AI systems that need accountability, audit trails, and safe operating boundaries.
Why it matters
Serious AI systems need more than capability; they need risk controls, documented assumptions, human approval points, policy boundaries, and evidence of responsible operation.
Current lab connection
Evening Star lab systems expose confidence, severity, reason codes, and decision logs so operators can understand and challenge model output.
Future direction
Reusable governance frameworks for agentic workflows, AI security gateways, vulnerability intelligence, decision support, evaluations, and audit-ready reporting.
Applied AI Labs
Domain-specific systems that test Evening Star research against real operational workflows.
Why it matters
Research becomes credible when it is forced through product constraints, messy data, real users, and domain-specific decisions.
Current lab connection
Purple Radar, Purple Firefish, Candles Edge, and the broader applied systems portfolio provide proving grounds for the institute's research patterns.
Future direction
More domain-specific AI systems that reuse the same anomaly, security, decision, and governance architecture.