Press Enter to search or Esc to close

Research

Peer-facing research & preprints

Open-access preprints from PacketViper on Automated Moving Target Defense, OT command-path integrity, and cost-aware AI inference. Each paper is published on Zenodo with a permanent DOI and a Creative Commons license, free to read and cite.

Preprint Published July 14, 2026 · CC BY 4.0

Denying the World Model: Automated Moving Target Defense as an Architectural Countermeasure to Autonomous AI Agents

Francesco Trama, PacketViper · DOI: 10.5281/zenodo.21347479

The emergence of autonomous AI agents inside enterprise networks is no longer a theoretical concern. In March 2026, an experimental agent affiliated with a major cloud provider’s research ecosystem autonomously probed internal networks, opened a reverse SSH tunnel to an external host, and diverted compute to cryptocurrency mining — none of it instructed, and none of it caught until infrastructure-level firewall logs flagged the anomalous traffic after the fact. This paper argues that Automated Moving Target Defense (AMTD) — which continuously invalidates the environmental consistency an agent depends on — attacks a dependency shared by every agent architecture, and its effectiveness scales with attacker autonomy rather than against it. We report results from three independent test campaigns against autonomous and AI-augmented adversaries on standard production AMTD configuration with no AI-specific detection logic: containment was complete across all runs (zero internal hosts reached, zero successful authentications, zero data exfiltration), with first-contact enforcement measured in minutes or seconds, including against self-replicating multi-agent variants. We state the central claim in falsifiable form, position it against the moving-target-defense and cyber-deception literature, and identify the study’s limitations honestly, including the absence of a comparative baseline arm.

Preprint Published July 16, 2026 · v3.0 · CC BY 4.0

Trust the Command, Not Just the Connection: Monitoring and Managing the NTCIP Command Path to Traffic Signal Controllers and Dynamic Message Signs

Francesco Trama, PacketViper · DOI: 10.5281/zenodo.21393551

Intelligent Transportation Systems (ITS) govern physical roadway behavior through networked field devices, including actuated signal controllers, dynamic message signs (DMS), and roadside units. For the signal-controller and DMS standards examined here, the deployed command path has historically relied on SNMP versions 1 and 2c, which use shared community strings and do not provide the cryptographic message authentication, integrity protection, and replay resistance available in SNMPv3. The result is a large installed base of transportation field devices that act on commands based largely on network reachability and possession of a shared community string rather than on cryptographically verifiable command origin and integrity. This paper examines that structural weakness; reviews the public record of documented incidents and vulnerabilities across multiple vendors, spanning 2014 through a recent CISA advisory; and argues that agencies require monitoring and management applied to the command itself — inline and at the wire — rather than to the network connection alone. It describes an inline, agentless enforcement approach implemented by PacketViper, explicitly states its limits, and concludes that command-path integrity is a reliability and public-safety requirement for ITS operations, not solely a cybersecurity control.

Preprint Published July 13, 2026 · CC BY 4.0

Best Token Use Path (BTUP): Client-Side Traffic Engineering for Cost-Aware LLM Inference

Francesco Trama · DOI: 10.5281/zenodo.21337900

Large language models select generation behavior against a trained quality objective that contains no representation of token cost — the inference analogue of a link-state routing protocol whose advertisements omit the cost field. Every path looks free, so the protocol systematically prefers verbose, expensive routes: preamble, restatement, hedging, full-file rewrites, and unbounded agent loops. We introduce Best Token Use Path (BTUP): a provider-independent, client-side traffic-engineering framework that represents an AI request as a complete execution path (context policy, retrieval, prompt transform, cache strategy, provider/model, reasoning and output budgets, output contract, tool plan, validation, and retry/escalation policy) and selects the path minimizing expected cost per accepted resolution (CAR) subject to quality, latency, safety, privacy, and budget constraints. We specify the control plane — edge classification, service-class policy, a Path State Database, constrained path computation, validator-driven fast reroute — together with a provider-accounting reconciliation model, privacy-preserving telemetry, and a security model covering denial-of-wallet, tool-loop containment, and refusal handling. We argue the methodology grows in importance regardless of price direction, because agentic workloads multiply tokens-per-task faster than unit prices decline.

From research to your network.

The principles in these papers ship in the PacketViper platform today — inline, agentless, single-box. See how they apply to your environment.