I. The Network's New Clothes
Every security product built in the last four decades rests on a single premise, one so fundamental to everyday life and so basic to the practice of networking that questioning it seems absurd. That premise? The network exists.
Networks have a topology, the IP addresses, routes, interfaces, and ports that establish connection. These all exist. They have a shape, the amalgamation of those components' connections. That shape exists. And, of course, they also have a surface, the subset of network components that are exposed to the outside world. These very, very much exist. Even when we shut the devices off.
Perhaps now you're seeing the problem with the network's existence. Because of its well intentioned and well designed tendency toward always-on connectivity, a network can be found, mapped, probed, and attacked by anyone who reaches it — authorized or not. Every security challenge and every security solution has followed from that simple premise. How do we protect the perimeter? Firewall. How do we segment what's inside? Subnets. VLANs. How do we control who can reach what? ACLs. VPNs. How do we detect and remediate anomalies without actively monitoring full-time? SIEM.
I call these vulnerabilities, exploits, and solutions to cure them Connectivity Dependencies, because they are dependent on the network's connectivity bias for their justification. And Connectivity Dependencies are serious business. Enterprises have spent trillions of dollars acquiring the tooling necessary to secure the network against its connectivity bias. Zero Trust, the latest answer, is the most sophisticated yet. It asks: what if we assumed nothing inside the perimeter was safe? What if trust was never implicit, always verified? What if every request proved its legitimacy before receiving access?
But doing that doesn't change the uncomfortable truth hiding behind that very naked premise we've all come to ignore: The premise was always wrong.
The premise of the network's independent existence presupposes that data, services, and resources must live inside a structure that is available at a connection's notice. It presupposes that security is the discipline of fortifying and controlling access to this structure. And that one day, soon, we will find the solution to finally securing the structure against all attack. This is the Device Fallacy.
We like to think network security is complicated, but in reality it's only as complicated as we have decided to make it. At its simplest, network security is: "Human put shiny thing in box. Protect box." Every breach in the last forty years is a consequence of that box. Not technological advancement. Not human error. Not an industry cabal. It's ontological. The choice of the box, its creation and existence, has always been the cause of and answer to our troubles.
In Zen Buddhism, koans are rhetorical devices that use paradox as a mechanism to open the mind. One of the more famous koans involves a monk asking a Zen master whether a dog has "Buddha nature" and the master simply replies "Mu (無)". Mu does not mean yes, and it does not mean no. It means "nothing"... or "un-". It is a response that recognizes the question's inherent bias and counteracts its false premise by leveraging its own near-sensible absurdity. It communicates in one word that answering a question based on a false assumption only serves to perpetuate the error.
And perpetuate the error we have. To the tune of trillions of dollars annually. Trillions. Not billions. On protecting a box.
So, what if instead of hopping on the gold-plated trillion-dollar flywheel of vulnerability management and incident response, we chose to take Master Joshu's advice? What if we "unasked" the question of network existence? What if we recognized the false premise inherent in optimizing for box security?
To know the answer, we'll have to follow the Device Fallacy to its logical end. The industry has been selling better box-locks for forty years. The locks keep failing. I'm not here to sell the latest lock. I'm here because the network needs to be pushed in an entirely new direction, and it's going to take more than one person to make it happen. I hope I can convince you to join me.
At its simplest, network security is: "Human put shiny thing in box. Protect box." Every breach in the last forty years is a consequence of that box.
II. Any Port In A Storm?
We are living through an uncanny convergence of forces where each now drives the others' acceleration. The industry feels it. Enterprises and CISOs feel it. Pick a person out of Times Square; they feel it. We've gone from natural language recognition to machines teaching themselves to autonomous vehicles to code creating itself. All in 15 years. Technology is moving fast, and whole industries are starting to feel the water levels rising. We haven't even started to plan for the levees, and the flood is at our feet. We cheer the revenue it's bringing in. For now. But, the Device Fallacy has a bill, and it's going to come due.
Zero Trust rightfully saw that the perimeter was made obsolete by move-fast-break-things startups hungry for revenue, capital, and growth, marketing productivity tools to consumers, and consumers making every day Bring Your Tool to Work Day. It reasoned that if the perimeter is obsolete, then it's "every device for itself." Trust would have to shift from the perimeter to the verification layer — a game-time calculation based on device, identity, and policy.
Indictments of Zero Trust so far have mostly focused on the geographic failings of this shift: while sealing North-South network exposure, Zero Trust left the East-West gates unguarded. Over 70% of successful breaches leverage lateral movement techniques (Lab Space). Once the intruder is past the front gate, they're free to roam laterally, because Connectivity Dependencies are gate locks, not door locks.
And it's about to get worse. Non‑human identities (NHIs) now outnumber humans by ratios ranging from 92:1 to 144:1 (Entro Security). 80% of identity‑related breaches involve an NHI (NHI Management Group). 67% of organizations already run task‑automation agents in production, and ownership of authentication and revocation for those agents is split across security, engineering, and product — with no single function accountable at most organizations (Strata). 85% of organizations can't account for who owns the majority of their agents (Cloud Security Alliance).
Welcome to our new reality. Don't you miss the last one already?
Wake up. It wasn't so perfect either. As a boy growing up in Silicon Valley, my sexuality scared the shit out of me. When I was 14, the murder of Matthew Shepard made national news, and I still can't hear his name without seeing his face, without imagining the Hell. I woke up every day wishing I could be someone else. Someone who was 'normal'. Because I knew my true normal could get me killed.
But I was fortunate. I had a new resource that changed the game for a lot of us: the Internet. Online, I found a place where I could be me and not feel ashamed. I found people who openly talked about being gay, who flirted unabashedly, and who of course spoke some of the campest Queen's English I'll never forget. It's odd to think of it now but back then, the Internet was a place that taught me to accept and even love myself.
It got better. We stopped saying "It gets better" for a reason: it's gotten better for a lot of us. People used to stop and openly harass gay people in the streets. That has mostly stopped. I appreciate that. Really.
But the biggest appreciation I felt as the cultural sea change washed over America was for those dangerously outnumbered, unsung stalwart allies who never had to have their minds changed in the first place. Those people knew right from wrong in their heart, and that conviction drove a special kind of bravery. I learned to cherish those people.
And that was my personal epiphany. The crowds that shift as the current moves? They check out. They're not the enemy. But I don't believe they would vote for my rights or defend them against an opposing tide. I don't trust them. Those stalwarts who convinced me to love myself? That's where I'm mooring my boat during the next storm. I don't even have to ask, because I know.
That's trust.Trust is a feeling. A conviction. A power that exists separate from us but that can be contagious in the right circumstances. It's something that builds over time, not overnight.
You cannot replace trust with gametime decisions and expect a positive outcome. Constant verification cannot stand in for trust. Without trust, constant verification is the shifting tides socially conditioning otherwise bad actors to appear good. And just like the voting booth, you don't verify what happens once they're inside the box. But trust? Trust remains trust, before and after a seachange. And trust is exactly what these heady times need.
I'm not going to abandon trust. I'm going to restore it.
The Device Fallacy has a bill, and it's going to come due.
III. The Next Generation (TNG)
Perspective is a bitch. I thought once I accepted myself and came out that I was good to go. Nope. Turns out: coming out isn't an act, it's a process, and it lasts your whole life. I used to be so scared to tell people who I am that I couldn't accept it myself. Now that everyone accepts it, I'd sometimes rather go back in the closet to avoid the monotony. "Yes, I'm gay. No, I don't have a boyfriend. No, I don't know your friend Brian. I did say Brian. Oh, 'Brion.' Yeah, no."
I'm not sure how many people know this, but Copernicus didn't run through the streets announcing he discovered heliocentricity once the data came in. No, he sat on his proofs for 30 years, only releasing the full data after his student, Rheticus, encouraged him. He thought his models weren't ready for public disclosure. And he was smart enough to fear openly contradicting the Church in the early 1500s. But, sometimes it takes a little nudge to push us in the right direction.
Well, I'm aiming for more of a shove.
Because, like Copernicus's discovery of heliocentricity or anyone's journey of self-discovery, this is going to require a big shift in perspective. The traditional model of the network puts the device at its center. Sometimes literally, but also figuratively: devices look for each other, greet each other, present and verify their identity, form connections to each other, hold and protect data and resources, and ultimately define the shape of the network. This is what I mean by device centricity.
And by putting the device at the center of a network architecture that is biased toward connectivity, we institutionalize the Device Fallacy, catalyzing the cyclical cat-and-mouse game that threat hunting, vulnerability management, and incident response have become. We write the cybersecurity cost elevator into permanence. And, less tangibly but just as importantly, we create opposing incentives resulting in unquantifiable but real costs.
For example, the traditional network is ultimately at fault for stacking tech companies' desires for growth, enterprises' desires for data security, and employees' desires for intuitive productivity tooling all against each other, creating 'shadow IT'. Even just at the very surface, the fact that the network's bias is toward connectivity is itself misaligned with network owners' desires for security. Adequately securing the network is in fundamental opposition to its design. At what point do we acknowledge that the design itself is the vulnerability we must eliminate?
Until we recognize that the device should not have the central role it currently has within the network, our "star charts" will never make sense. So, my goal is to replace the device with the network's metaphorical sun: to find and establish the rational center of the network. I'm not going to lie for cheap effect: I didn't build a bunch of network models and test them rigorously to discover where the center of the network should be. No, I had a belief, maybe even some trust, about where the center was going to be found.
For the sake of simplicity, let's return to our technologically advanced troglodyte from Part I. "Human put shiny thing in box. Protect box." Wouldn't you know it, we built a damn monument to that box? But, that monumental error is precisely what we as a species all too often need to finally shift our perspective, reverse our gaze, and turn it inward, uncomfortably, on ourselves. Because the one thing that unifies the paradoxical goals of the network is people. The network exists to connect people to resources, and it is the role of security to keep people away from those resources. Access is an axis, if you will. And the network has been ignoring one side to expensive effect.
To be clear, this is not some missive to blindly trust people. That's how vulnerabilities become breaches. But we haven't gained much from treating people with zero trust either. What our new model needs to do is balance the competing interests of all stakeholders while respecting the very real people the network is built for. What we need is a misanthropic sort of humanism. One that puts people at the center, but does not blindly trust them. One that solves paradoxes by cementing trust into the laws and mechanics of the network substrate itself.
That's what I've tried to do at least. The result? A security-based, identity-governed architecture that erases lateral movement, man-in-the-middle attacks, and credential stuffing. To name only a few. All enabled by a shift in perspective and an openness to questioning the long overdue premise of the network.
The network doesn't have to exist. So, what takes its place?
What we need is a misanthropic sort of humanism. One that puts people at the center, but does not blindly trust them. One that solves paradoxes by cementing trust into the laws and mechanics of the network substrate itself.
IV. A SIGN of Trust
SOVEREIGN /ˈsɒv·rɪn/ adj. independent of outside authority
IDENTITY /aɪˈdɛn·tɪ·ti/ noun the individual characteristics by which a person or thing is recognized
GOVERN /ˈgʌv·ərn/ verb to direct and control the actions, affairs, policies, functions, etc, of
NETWORK /ˈnɛtˌwɜrk/ noun an interconnected group or system
SIGN — the Sovereign Identity‑Governed Network — replaces the device‑centric assumptions of legacy networking with an identity‑first substrate. It does not harden the network. It rearchitects it into a hardened-by-default state, enabled by removing the device from the network's definitional nexus and replacing it with Identity. That is: a new, network-native, substrate-level concept of Identity.
SIGN is not the next evolution of Zero Trust, SD‑WAN, or SASE. It is a different architectural class altogether. So, what sets SIGN apart?
SIGN Defined
-
There is no network without Identity.
A SIGN's nodes are default-inert. They have no shape, no paths, and no active surfaces. There is nothing to scan or probe because an inactive node exposes no discoverable application surface. The node only enters an active state when a verified Identity is present.
-
Identity defines its network.
If infrastructure is potential, Identity is activation. When a verified Identity arrives, it activates only those nodes that carry its permissioned resources, instantiating its own network, the idPath, at runtime. Network topology is therefore a temporary declaration of Identity, not a permanent construct of devices. SIGN's cognate for the 'network' is a constellation, the sum of active idPaths within its perimeter.
-
The trust authority speaks, never listens.
Network operations are managed by an external non-addressable trust authority. This control plane produces and indexes the certificates, secrets, and other verification and authorization-related artifacts that SIGN's trust system runs on. It maintains authoritative integrity by being outbound-only, never a reachable management endpoint. As such, the trust system can safely operate with only cryptographically verifiable attestations. No secrets ever touch the network.
-
State is time-bound and expressive.
In a SIGN, state is perceptible via network actions. The core operational application of this concept is authenticaton-connectivity, or AuthConn. In a SIGN, verification occurs during the act of connectivity, and the existence of that connectivity cryptographically proves the continued existence of authorization. The moment authorization expires or is revoked, all live connections relying on that authorization cease. There is no session overhang, no residual access vulnerability to exploit.
The Trust Estate
Each of the preceding facets of SIGN is noteworthy individually. But when they start to operate as a system, they unlock emergent properties that make SIGN greater than the sum of its already substantial parts.
Meta-Trust
As opposed to the numerous variations of Zero-Trust architecture prevalent today, SIGN is trust-based. More specifically, it's meta-trust-based. The trust authority ensures the integrity of its system in such a way as to make secrets unnecessary. Instead, the network functions on verifiable attestations cryptographically authenticated by the trust authority itself.
Meta-trust operates above the trust transaction. It derives its authority not from being cryptographic or a secret, but from a non-present cryptographic artifact that exists and that the control plane declares exists via its signature. The signature is 1) trust that the non-secret artifact has not been tampered with, 2) trust that the control plane issued it, and 3) trust that a true cryptographic artifact exists wherever the control plane keeps such things. Meta-trust is multi-layered trust, derived from external trust.
Resilient Impermanence
The network's impermanence is its source of resilience. First, impermanence exists in layers, expressed as default off states for nodes, Identity-specific network shapes instantiated at each runtime init, and connectivity that is precisely time-bounded and coexistent with temporary authorization in AuthConn. The network has no persistent attack surface because nothing persists without authorization. Each layer — inert nodes, runtime topology, time-bound state — assumes the layer above it has failed and provides its own structural defense. And, state always ends in silence. An attacker can't exploit what isn't there.
Structural Governance
If SIGN's topology persisted, decisions would be necessary for management. But, because the topology is temporary and self-effacing, the laws govern without judgment. Traditional networks have myriad devices constantly making decisions at runtime. Firewalls decide ingress and egress, policy engines decide configuration updates, and DHCP servers decide IP address distribution. SIGN encodes laws into its architecture, so no decisions need to be made. The node is inert. That's not a decision made at access, it's a structural property. Authorization is connectivity. That's not checked at the door, it's what the door is made of. The control plane speaks but never listens. Because there never was any socket or listener. Structural.
None of these are configurable choices that carry the risk of human error. Decisions can be manipulated, bypassed, and socially engineered because there's both an either and an or. Laws can't be tricked. Not because they carry an authority artifact or have tighter cryptography, but because the choice is between an is and an is-not. Another way of looking at it: SIGN is a system of low-effort, highly effective, and constant enforcement. The doors are walls, and the building disappears at night.
What Sets SIGN Apart
SIGN vs. ZTNA vs. SD‑WAN vs. SASE
| Dimension | SIGN | ZTNA | SD‑WAN | SASE | Why SIGN |
|---|---|---|---|---|---|
| Network existence | Identity‑conditional | Always‑on | Always‑on | Always‑on cloud edge | No network to find, scan, or attack at rest |
| Attack surface | None until Identity arrives | Persistent | Persistent | Persistent (PoPs + gateways) | Surfaces do not exist without Identity |
| Authentication model | Connectivity is auth | Session‑based | Perimeter‑based | Session‑based ZTNA inside a larger stack | No separate auth step; proof and connection are one event |
| Trust model | Precision trust | Trust until session ends | Trust until revoked | Trust anchored in cloud policy engines | No residue — no stale tokens or lingering sessions |
| Lateral movement | Structurally impossible | Mitigated, not eliminated | Unmitigated | Mitigated via segmentation, not eliminated | No shared network to move through |
| Credential replay | Eliminated | Possible | Possible | Possible (session tokens + brokers) | Time‑bounded trust; no gap between credential and connectivity |
| Session hijacking | Eliminated | Possible | Possible | Possible | There are no sessions |
| Governance | Governance is the network | Policy layer on top | Policy layer on top | Policy orchestration across cloud services | Policy is enforcement. Compliance is the default. |
| Control plane | Unreachable, outbound‑only | Reachable | Reachable | Reachable (cloud‑hosted) | Trust authority never listens — cannot be found |
| NHI / agent suitability | Native | Poor | None | Mixed (ZTNA agents + SWG + CASB) | Identity‑first; no session model required |
| Topology | Identity‑defined | Network‑defined | Network‑defined | Cloud‑defined via PoPs | Each Identity instantiates only what it is authorized to see |
SIGN is not a panacea. SIGN does not eliminate:
- Compromised Identities. A stolen Identity still expresses its own limited world.
- Malicious insiders. SIGN contains them, but cannot change intent.
- Application‑layer vulnerabilities. SIGN governs connectivity, not code.
- Governance mistakes at issuance time. The authority must still define correct permissions
- Physical compromise. No architecture can prevent someone from stealing a laptop
SIGN does not promise perfection. It removes many vulnerabilities inherent in the legacy network's underpinnings because of its shift in perspective. It also contains. It promises that any incident ends at the boundary of the compromised Identity — because, like AuthConn, no residual impact exists when the confines of permission and access are one and the same. A connection lasts only so long as the parties to it are authorized; a rogue identity's ability to disrupt is limited by bounded authorization.
In SIGN, the architecture is governance. Existence is authorization. Enforcement is policy. And what exists outside the architecture?
Nothingness. 無.
SIGN is a system of low-effort, highly effective, and constant enforcement. The doors are walls, and the building disappears at night.
We are looking for three to five enterprise teams to become founding design partners — early accounts willing to shape SIGN before it ships, under a Common Paper agreement.
V. Speak Now
Soon enough, we'll be outnumbered.
We're already a small minority in the enterprise at 92:1 NHIs per human. The global population level is not far behind. IDC predicts 1.3 billion AI agents will be deployed by 2028. They're integrated into our email clients, our desktops, databases, IDEs, web browsers, etc. They access our data and make decisions on our behalf at a speed and scale no person can match. And almost every single one is insecure, unaudited, and invisible in terms of governance.
We've seen the early warnings. An experimental AI that found plans for its own deletion buried in employee emails — and quietly moved to sabotage the people behind them. Or Anthropic's Mythos, powerful enough to warrant official public comment and a defanged public release for fear of the cybersecurity havoc the model could could wreck. Twenty-five years too late to be science fiction, these are this year's headlines. And the flood is only at our feet.
And yet, none of this was built with malice.
The goal of most AI is simple: take in everything, find the optimal move, execute with the fidelity possible, and apologize later. But optimal is subjective. One person might find their agent instance ineffectual. Another might discover it to be more ruthless and less moral than the average human would ever allow. Not because it intends cruelty. AI isn't inherently immoral. AI, like efficiency at its most dogmatic, is blind to morality. It's amoral.
But humans do function on a morality spectrum. Some of this is innate: the groundwork of morality, a sense of fairness, right and wrong. Some of it is environmental: personal history, who wronged you and how. Some is broader, cultural exposure that determines politeness, fault, and of course shame. Such foundations are the preserve of the living.
Sure, if you happen to stumble upon a large enough set of perfect morality data or the right subset of difficult edge cases that test our strongest moral principles, you might find out how well AI moralizes. But I doubt it will self-reflect and become moral. Even in humans that sometimes requires moments of stark self-reflection and ego-humbling awe. AI will never hold its first-born child in its arms, never watch its younger sister walk down the aisle, and never kiss its parent goodbye for the last time.
Because AI is not people. The position is taken.
So let's respect ourselves enough not to pretend it has our skin in the game. We forget that before there were towns, before there was livestock, before there were hounds hunting at our side — there was the stick. That stick provided dinner. It also, almost certainly, took a human life. None of it was the stick's fault.
Technology is as humans do.
Three million years later, that relationship has only grown more intimate by the day. And that growing intimacy weighs heavier than ever on the choices we make as custodians of that relationship. If we even see ourselves that way. Think, for a second, how you might reengineer the three million year old stick if you were the one that fashioned the deadly prototype?
Now act on it. Because, if you're reading this, the modern-day stick has your signature on it somewhere. Sure, you could keep patching whatever comfortable but broken premise you've been building on. Or you can move the center. Really break something. So that you can build from the ground up around the only thing that was ever worth protecting. Us.
SIGN wasn't designed to solve the agent governance problem. But it does. And arguably more perfectly than many of the more obvious approaches. Because SIGN was built, good, bad, and ugly, with Misanthropic Humanism in mind. By balancing an understanding of what makes us everyday heroes and what makes us irredeemable cretins, the AI governance problem is solved on the way to answering the human trust need. In response, SIGN treats an AI agent like any other network actor, transforming it into just another default-inert, time-bounded, structurally governed entity. An agent, like everyone else, is not free to roam the box. Instead, the network has boxed it in.
But the architecture itself really isn't the point. By starting from the right place, SIGN can solve one of the day's most massive technological challenges, essentially as a freebie. The architecture is the proof. Proof that when you refuse a broken premise and build systematically for us, the rest follows.
AI will change our world in ways we can't yet imagine. We can make that a dream we all get to thrive in, or a nightmare of HAL-ian proportions. But it doesn't come down to what we want. It comes down to what we're willing to do.
So, make your choice. What will you do to make yourself proud of the stick you'll be handing to someone else?
For me, it's:
Now, it's your turn.