Cryptographic security
for AI agents

Every agent gets an Ed25519 identity. Every message is signed and verified. Framework-agnostic. One line to install.

Ed25519 SIGNATURES W3C DID IDENTITY MCP SERVER 11 CLI COMMANDS PROMPT INJECTION DEFENSE OPEN SOURCE
$ npm install @meshsig/sdk
⚠ REAL INCIDENT — FEBRUARY 2026

A hacker installed malware on 4,000 developer machines via prompt injection

The Cline team built an automated GitHub issue triage workflow powered by Claude. A hacker opened an issue with a malicious instruction in the title. Claude read it, treated it as a legitimate command, poisoned the build cache, stole npm publish tokens, and published a backdoored version of Cline — silently installing malware on every developer who updated.

✓ MeshSig would have blocked this. Unsigned instructions are never executed.
THE PROBLEM
AI agents have zero security
Agents are deployed in production — handling data, executing transactions, making decisions. But there's no standard way to verify who they are or where instructions come from.

Prompt injection

Agents execute instructions from untrusted sources — GitHub issues, emails, web pages. No way to verify if an instruction is legitimate or malicious.

?

No identity

Any script can pretend to be any agent. No cryptographic proof of who sent a message.

!

No audit trail

When something goes wrong, no tamper-proof record of what happened, who did it, or when.

0

No trust scoring

Agents declare their own capabilities. No reputation system based on verified interactions.

SDK
Add to any agent framework
Install the core SDK and verify instruction origin before execution. Works with LangChain, CrewAI, AutoGen, OpenClaw, or any custom agent.

@meshsig/sdk

The core cryptographic library. Ed25519 identity, signing, verification, handshake. Zero runtime dependencies beyond the crypto primitives.

npm install @meshsig/sdk
import { generateIdentity, sign, verifyWithDid } from '@meshsig/sdk';

// Every agent gets a cryptographic identity
const agent = await generateIdentity();
console.log(agent.did); // did:msig:3icqQkmJWby4S5rpaSRoCcKvjKWdTvqViy...

// Sign instructions from trusted sources only
const signature = await sign('deploy to production', agent.privateKey);

// Before executing ANY instruction — verify origin
const trusted = await verifyWithDid('deploy to production', signature, agent.did);
if (!trusted) throw new Error('Instruction origin not verified — blocked');

// The Cline attack would have been stopped here.
// GitHub issue titles have no valid did:msig: signature.
HOW IT WORKS
Four layers of cryptographic security
1

Identity

Ed25519 keypair + W3C DID per agent

2

Handshake

Mutual challenge-response verification

3

Signed Messages

Every message carries a digital signature

4

Trust

Reputation earned through real interactions

K

Ed25519 cryptography

Same algorithm behind SSH, Signal, WireGuard, TLS 1.3. Deterministic, side-channel resistant, 32-byte keys.

D

W3C DID standard

Every agent gets a decentralized identifier: did:msig:... — universally verifiable, impossible to forge.

A

Tamper-proof audit

Every signed message logged with cryptographic hashes. Export compliance reports via API or CLI.

P

Peer networking

Connect MeshSig instances across servers. Agents on different machines discover and verify each other.

R

Key rotation

Rotate an agent's keypair without losing its DID. Old key invalidated immediately. Full rotation history.

X

Agent revocation

Permanently revoke compromised agents. Public revocation list. All messages blocked with 403.

L

Rate limiting

Built-in DDoS protection. 60 requests per minute per IP. Configurable thresholds.

V

Public verifier

Anyone can verify a signature in the browser or via API. No account needed.

CLI + MCP SERVER
11 commands. Zero config.
Install with npm, use from terminal or connect to Claude, Cursor, Windsurf via MCP.
# Install and generate identity
npx meshsig init
✓ Identity generated
DID: did:msig:3icqQkmJWby4S5rpaSRoCcKvjKWdTvqViyPrCEC7Tek2

# Sign a message
npx meshsig sign "Deploy the new model to production"
✓ Message signed
SIGNATURE: HkyrXOPOXF7v422A4iOcg/qkg...

# Verify
npx meshsig verify "message" "sig" "did:msig:..."
✓ SIGNATURE VALID

# More commands: identity, agents, stats, audit, rotate-key, revoke, revoked, start

# MCP Server — connect to any AI tool
npx meshsig-mcp # 9 tools for Claude, Cursor, Windsurf, Cline

# Start the dashboard
npx meshsig start --port 4888
● DASHBOARD http://localhost:4888
INTEGRATIONS
Works with any agent framework
MeshSig is a protocol, not a plugin. Connect via HTTP API, CLI, MCP, or import directly.
MCP NATIVE
Claude Desktop
npx meshsig-mcp
MCP NATIVE
Cursor
npx meshsig-mcp
MCP NATIVE
Windsurf
npx meshsig-mcp
MCP NATIVE
Cline
npx meshsig-mcp
LangChain
@meshsig/sdk
CrewAI
@meshsig/sdk
AutoGen
@meshsig/sdk
LlamaIndex
@meshsig/sdk
Semantic Kernel
HTTP API
OpenClaw
Native scripts
Python
requests + API
Any HTTP client
REST API
SECURITY
Production-grade security built in

PROMPT INJECTION

Instructions without valid did:msig: signature are blocked before execution

SIGNATURES

Ed25519 — SSH, Signal, WireGuard, TLS 1.3

IDENTITY

W3C DID standard (did:msig:)

HANDSHAKE

Mutual challenge-response with nonce

STORAGE

Local SQLite — no cloud dependency

AUDIT

Tamper-evident log, JSON export

KEY ROTATION

New keypair, same DID, old key dead

REVOCATION

Public revocation list, 403 on revoked

RATE LIMITING

60 req/min per IP, DDoS protection

Secure your agents today

Open source. MIT license. No cloud. No API keys. One line to install.

View on GitHub npm install @meshsig/sdk Security Whitepaper