Tag Archives: webauthn

Predictive Artificial Intelligence Architectures: Freemindtronic EviSKMS R&D Memorandum

Predictive artificial intelligence architectures diagram showing world models, agentic memory, causality, cybersecurity, digital identity, connected devices, cryptographic trust and EviSKMS.

Predictive Artificial Intelligence Architectures: Freemindtronic reference memorandum on Artificial Intelligence, World Models, LAMP-C, Cybersecurity and Cyber-Physical Trust (EviSKMS) — July 2026.

Predictive Artificial Intelligence Architectures — Express Summary

Quick overview. This express summary introduces the purpose, central thesis and scope of this memorandum before the detailed Executive Summary.

Predictive Artificial Intelligence Architectures represent a broader framework for understanding the evolution of Artificial Intelligence (AI). Rather than limiting the future of AI to Large Language Models (LLMs) or solely to World Models, this memorandum explores the convergence of language, memory, causality, perception, planning, action, cybersecurity, digital identity and trust governance.

The central thesis is straightforward. Although LLMs are remarkably powerful, language alone is unlikely to produce a robust, embodied and governable intelligence. An AI capable of anticipating, reasoning, remembering and acting over time will most likely rely on a hybrid architecture combining agentic memory, causal models, predictive representations, tool-using agents, symbolic reasoning, active inference and security-by-design.

Within this framework, World Models play a major, but not exclusive, role. They constitute one family of predictive architectures capable of simulating the evolution of an environment and forecasting the potential consequences of future actions. This memorandum places them within a broader ecosystem where intelligence emerges from the integration of multiple complementary capabilities.

The memorandum also extends this analysis to Cyber-Physical Trust. It connects predictive AI with cybersecurity, digital identity, connected devices, software agents, safety engineering and long-term trust continuity. LAMP-C and LAMP-Cyber are introduced as conceptual architectural frameworks designed to organize memory, causality, action, governance and security within predictive intelligent systems.

The Freemindtronic positioning is presented with methodological caution. EviSKMS, CryptPeer, EviDNA, Digital DNA and the Cryptographic Genome are distinguished through three disclosure levels. The published international patent belongs to the public prior-art record. Observable industrialization is documented through verifiable, non-sensitive evidence. Internal mechanisms, Gen2 extensions and unpublished know-how remain protected under Register C.

This document therefore serves as a scientific and industrial reference memorandum. It does not claim to be a peer-reviewed publication or a definitive experimental validation. Instead, it provides a structured framework for designing future Predictive Artificial Intelligence Architectures capable of integrating AI, memory, causality, cybersecurity, digital identity, cryptography and long-term trust continuity.

Reading Information

Express Summary reading time ≈ 4 minutes
Executive Summary reading time ≈ 6 minutes
Estimated full reading time ≈ 2 hours
First publication August 2022
Last updated July 2026
Complexity level Expert / Research
Technical density ≈ 82%
Available language FR ·  EN
Scope Scientific and industrial memorandum on Predictive Artificial Intelligence Architectures, World Models, Agentic Memory, Causality, Cybersecurity and Cyber-Physical Trust
Recommended reading order Express Summary → Executive Summary → State of the Art → LAMP-C → LAMP-Cyber → Limitations and Falsifiability
Accessibility Optimized for screen readers, internal anchors and structured summaries
Editorial format Scientific and Industrial Reference Memorandum
Primary topic Predictive Artificial Intelligence Architectures
Secondary topics LLMs, World Models, Agentic Memory, Causality, LAMP-C, LAMP-Cyber, Cybersecurity, EviSKMS, Digital Identity and Cyber-Physical Trust
Criticality level High — 8 / 10 — rapid evolution of AI, autonomous agents, cybersecurity and digital identities
Author Jacques Gascuel, inventor and founder of Freemindtronic®.

Predictive Artificial Intelligence Architectures express summary diagram showing the relationships between Large Language Models, World Models, Agentic Memory, LAMP-C, LAMP-Cyber, EviSKMS, Cyber-Physical Trust, Digital Identity, Cybersecurity and Trust Governance.

Publication Status

This memorandum on Predictive Artificial Intelligence Architectures is a Freemindtronic position and reference document. It is neither a peer-reviewed publication, an independent third-party audit nor a product certification.

Editorial Note. This Express Summary outlines the objectives, central thesis and scope of the Predictive Artificial Intelligence Architectures memorandum. It precedes the detailed Executive Summary and forms part of Freemindtronic Andorra’s editorial transparency approach. It clearly distinguishes established scientific knowledge, proposed architectural frameworks, observable industrialization evidence and mechanisms protected by unpublished intellectual property. This content has been prepared in accordance with the Freemindtronic Andorra AI Transparency Statement — FM-AI-2025-11-SMD5.

Predictive Artificial Intelligence Architectures — Executive Summary

Initial Observation

Large Language Models (LLMs) represent a major breakthrough in artificial intelligence. They show that large-scale learning from language can generate coherent text, assist programming, answer questions, summarize documents and orchestrate external tools.

However, this achievement should not be confused with complete general intelligence. Language is a trace of the world; it is not the world itself. Human and animal intelligence learn through continuous experience involving perception, action, memory, error correction, social interaction, causality and abstraction.

LLMs can learn useful internal representations, including spatial and temporal structures. Nevertheless, these representations often remain fragile, format-dependent and insufficient for embodied, robust and planning-oriented understanding. See Gurnee & Tegmark, Berglund et al. and Bender et al..

Proposed Analytical Framework

This memorandum now develops a broader central axis: Predictive Artificial Intelligence Architectures. It does not treat World Models as an exclusive doctrine, but rather as one major family of solutions within a wider architectural framework.

The objective is to analyze how an AI system can remember, abstract, predict, reason causally, plan, act and remain governable.

Predictive representations may take several forms, including explicit World Models, causal models, experiential memories, symbolic planners, tool-using agents, active inference systems, neuro-symbolic architectures and cyber-physical control loops.

The decisive debate is therefore not simply “World Model or not?”. It is rather the following question: which predictive architecture, at which level of abstraction, with which memory, which causality, which capacity for action and which security control?

The Role of World Models

The term “World Model” remains an important reference. It belongs to a scientific tradition rooted in the mental models of Craik, causal models in cognitive science, model-based reinforcement learning described by Sutton & Barto, the World Models of Ha & Schmidhuber, and later JEPA / V-JEPA architectures associated with LeCun, Bardes et al. and Assran et al..

In this memorandum, the World Model becomes one pillar among others, rather than the sole interpretive center.

The general conclusion is that the most credible path will probably be hybrid: language, perception, memory, causality, symbolic reasoning, external tools, predictive models, planning, action, cybersecurity, identity and trust governance.

Freemindtronic Positioning

The trajectory involving the Cryptographic Genome, EviDNA and Digital DNA through CryptPeer/EviSKMS industrialization is documented in a distinct companion memorandum.

This approach assumes an inventor-researcher posture grounded in applied observation, continuous monitoring of the state of the art, identification of weak and strong signals, analysis of hardware and software attack vectors, and the design of sovereign counter-espionage, encryption, authentication and trust solutions.

This field experience does not replace scientific evaluation. It provides the empirical starting point for a vision that must be formalized, protected, compared and tested.

The DNA/EviDNA companion memorandum documents the observable industrialization of EviSKMS-CryptPeer through verifiable elements, including trusted runtime, Runtime Integrity, DRT continuity, RSCC, fail-closed policies, anti-replay mechanisms, chained logs, cryptographic governance, sovereign passwordless operation, DDNA Gen1, security testing campaigns and deployment artifacts.

This appendix discloses no source code, pseudo-code, internal formats or transition rules, in order to preserve current and future intellectual property protections.

The industrial trajectory also relies on an internationally patented foundation: the Segmented-Key Authentication System (FR3063365 B1, WO/2018/154258 family and EP, US, CN, JP and KR extensions).

This granted title enables limited public discussion of the published principles of cryptographic segmentation, physical proximity and conditional trust reconstitution, without exposing Gen2 genomic extensions, the complete DRT engine or EviSKMS mechanisms developed after the founding patent.

Patent / industrialization / confidential tripartition (Register A). Patent WO/2018/154258 constitutes a public document of prior art and technological foundation. CryptPeer/EviSKMS industrialization is documented through observable industrialization elements and non-sensitive evidence (Register A). Genomic extensions, internal mechanisms and unpublished know-how remain protected under Register C.

A chain of time-stamped public disclosures from 2018 to 2026 is listed in the companion memorandum.

For the public reference publication, the present memorandum includes a section on limitations, falsifiability and scope of validity, as well as a short version.

Cryptographic details and CNRS/EviDNA comparisons are addressed in the companion memorandum. These additions aim to distinguish what is demonstrated, what is industrialized, what belongs to applied research and what remains open to independent validation.

Key Points — Predictive Artificial Intelligence Architectures

  • LLMs are powerful, but text alone is probably not sufficient for robust and embodied intelligence.
  • Predictive Artificial Intelligence Architectures connect language, memory, causality, action and governance.
  • LAMP-C and LAMP-Cyber formalize a hybrid pathway applicable to cyber-physical trust.
  • The DNA/EviDNA/Cryptographic Genome details are addressed in the EviDNA companion memorandum.
  • Public disclosure remains controlled through Registers A / B / C.
[/col] [/row]

Predictive Artificial Intelligence Architectures — Foundational Thesis of the Memorandum

This memorandum proposes the following formulation as its scientific foundation.

The next stage of artificial intelligence will not depend on a single paradigm, but on the convergence of language, memory, perception, causality, prediction, action and governance. World Models represent a major pathway for learning how to anticipate the consequences of an action, but they are not the only possible response. Other approaches, including tool-using LLM agents, neuro-symbolic AI, active inference, causal models, reinforcement learning, agentic memory and hybrid architectures, seek to address the same fundamental problem, allowing artificial intelligence to build an actionable representation of its environment, reason about its transformations and act in a controlled manner.

This thesis deliberately shifts the focus of the memorandum. The central issue is no longer to defend one specific school of thought or to oppose LLMs to World Models. The subject becomes broader: identifying the functions required for a robust predictive intelligence architecture.

These functions are: understanding language, perceiving or integrating context, remembering experience, abstracting relevant variables, anticipating possible evolutions, reasoning causally, planning, acting and remaining controllable.

An LLM may be excellent at language. A symbolic engine brings particular strength to formal logic. A causal model clarifies intervention and counterfactual reasoning. A World Model helps predict the evolution of an environment, while active inference seeks to reduce uncertainty through action.

None of these approaches, taken in isolation, is sufficient today to constitute a robust general intelligence.

The research question therefore becomes: how can these capabilities be composed into a coherent, verifiable, secure architecture capable of long-term learning?

Methodological Note — Inventor-Researcher Posture and Applied Observation

This reflection is not limited to a conventional academic approach. It is also grounded in a long inventor-researcher experience, built over more than fifteen years through continuous observation of digital threats, analysis of weak and strong signals, study of hardware and software attack vectors, and the design of digital counter-espionage, encryption, authentication and sovereign trust solutions.

This applied observation posture has gradually led to a core conviction: digital security can no longer be reduced to isolated mechanisms of protection, identification or compliance. It must be understood as a continuity of trust capable of linking identity, context, proof, memory, governance, hardware environment, software runtime and the evolution of threats over time.

The memorandum therefore assumes a dual nature. It engages with the scientific state of the art while also carrying a vision derived from invention, industrialization and operational analysis of attack surfaces. This articulation between documentary research, field observation and technical design forms the basis of the Freemindtronic trajectory around EviSKMS, CryptPeer as an industrialized embodiment of this approach, and the Cryptographic Genome as a conceptual and prospective formalization.

This posture does not claim to replace scientific validation with individual experience. It clarifies the origin of the approach: an architectural hypothesis born from prolonged observation of threats, reinforced by the industrialization of solutions, then formulated as a research framework intended to be compared, evaluated and discussed.

Eurosatory 2022–2026 Trajectory — From Human DNA to the Cryptographic Genome

This inventor-researcher posture was built through successive public milestones. Presentations delivered at Eurosatory between 2022 and 2026 help clarify the evolution of the reasoning, from an initial cyber foundation toward a trust architecture based on human DNA, then toward the Cryptographic Genome as a response to the time factor.

In 2024, this trajectory reached an industrial milestone with DataShielder Defense NFC HSM. The product does not only address the highly secure sharing of cryptographic keys associated with DNA. It also introduces an initial continuity of operational identity. The person who creates the key knows to whom it is transmitted, the recipient holds a trusted NFC device, and importing the key into that device establishes a controlled relationship between identity, physical possession, cryptographic key and encrypted/signed use.

This continuity, however, remains tied to a hardware and transactional perimeter involving the NFC device, the compatible terminal, key validity, media governance and control over the sharing lifecycle. It therefore provides a partial response to trust over time, without fully covering the challenge of a durable, re-evaluable and governable identity in a context where current AI, and later predictive AI architectures, may transform recognition, authentication, decision and trust models.

This shift led, in 2026, to the demonstration of Digital DNA and the Cryptographic Genome Generator. Biological DNA remains usable, but it becomes one possible element within a broader structure designed to organize proof continuity, trust criteria, segmentation, traceability, governance and the evolution of identity over time. This transition is therefore not a rupture. DataShielder Defense NFC HSM provides operational identity continuity, while Digital DNA and the Cryptographic Genome extend this approach toward a durable, contextualized, re-evaluable and governable identity. This evolution constitutes one of the cyber-identity application cases of the present memorandum on Predictive Artificial Intelligence Architectures.

Strict Definitions

To avoid ambiguity, this memorandum uses the following definitions.

Artificial General Intelligence. The ability of a system to learn, reason, plan and act across diverse domains, including novel situations, with robustness and adaptability beyond simple pattern memorization.

World Model. An explicit or implicit internal representation that enables a system to predict the evolution of an environment, especially under the effect of possible actions. See Craik, Ha & Schmidhuber and the World Model for Robot Learning Survey.

Predictive Representation. An internal structure that is not only used to recognize a situation, but also to anticipate its future transformations.

Causality. The ability to distinguish a correlation from a productive mechanism and to reason about what would happen under intervention. See Pearl and Schölkopf et al..

Planning. The ability to evaluate several possible sequences of actions, simulate their consequences and select a trajectory aligned with a goal.

Experiential Memory. A form of memory that stores not only documents or facts, but also episodes, errors, strategies, abstractions and feedback that can be reused for future action. See Du.

Grounding. The relationship between symbols, language, perception, action and environment. The symbol grounding problem is discussed by Harnad.

Predictive Artificial Intelligence Architectures — Introduction

Contemporary artificial intelligence is advancing at an unprecedented pace, driven largely by Large Language Models (LLMs). These systems generate text, answer questions, summarize documents, translate languages, write code, and assist users across a wide range of intellectual tasks.

Their impressive performance can sometimes create the impression that they are approaching artificial general intelligence. This perception, however, deserves careful examination. Large Language Models are trained primarily on vast collections of textual data. They learn to predict the most probable continuation of a sequence by identifying statistical regularities within their training data.

Although this capability is remarkable, it does not necessarily imply a deep understanding of the world. Language describes objects, events, intentions, relationships, and causes, yet it cannot replace perception, action, sensory feedback, or embodied experience.

From the earliest stages of life, humans learn through vision, movement, touch, interaction with objects, the consequences of their actions, social relationships, and continuous experience of the physical world. They progressively construct abstractions, discard irrelevant details, and retain the structures that enable prediction and purposeful action.

The central question therefore becomes: can robust intelligence emerge solely from learning based on text? Or does it require a new generation of architectures capable of integrating language, memory, abstraction, causality, prediction, action, and Trust Governance?

This dissertation adopts the following position: Large Language Models are indispensable, yet they are likely insufficient on their own. World Models represent an important direction, but not the only one. The next stage of AI should instead be conceived as a convergence of Predictive Artificial Intelligence Architectures combining World Models, Neuro-symbolic AI, Causal Models, Active Inference, Tool-using Agents, Agentic Memory, AI Planning, AI Cybersecurity, and Cyber-Physical Trust.

1. Large Language Models — Capabilities and Limitations

Large Language Models are trained on enormous quantities of textual data. Their training corpora may encompass a substantial portion of publicly available Internet content, supplemented by additional sources such as books, scientific articles, web pages, document repositories, software code, and annotated conversations.

The model transforms this massive body of information into internal parameters. This process can be viewed as a form of statistical compression of human language. Rather than memorizing every sentence, the model learns structures, associations, stylistic patterns, grammatical regularities, factual knowledge, and recurring reasoning patterns present within its training data.

This approach enables remarkable performance. LLMs can explain concepts, solve certain classes of problems, reformulate ideas, generate coherent text, and orchestrate external tools. Nevertheless, their operation remains fundamentally grounded in predicting the most probable continuation of a sequence of text.

This limitation explains several well-known challenges, including hallucinations, the absence of native persistent memory, the fragility of certain forms of generalization, difficulty with long-horizon planning, and the lack of direct grounding in the physical world. The critique proposed by Bender et al. reminds us that language alone does not guarantee situated understanding.

A balanced scientific position is therefore not to claim that LLMs never reason. Rather, it is more precise to state that LLMs can produce useful reasoning and acquire certain forms of Predictive Representations of the world, yet these representations are not currently sufficiently stable, causal, embodied, or verifiable to constitute a complete artificial general intelligence.

Predictive Artificial Intelligence Architectures — 2. What LLMs Already Do Well

A rigorous scientific dissertation should not caricature Large Language Models. They are far more than statistical dictionaries. They can learn abstract regularities, perform reasoning expressed in natural language, generate software code, manipulate mathematical representations, invoke external tools, and occasionally infer information that is not explicitly stated in a prompt.

Research such as Gurnee & Tegmark suggests that some language models internally encode spatial and temporal dimensions as exploitable latent structures. This finding indicates that learning from text alone can give rise to latent Predictive Representations of the world.

However, these internal representations should not be confused with robust World Models. The Reversal Curse, for example, demonstrates that a model may learn a relationship in one direction while failing to generalize correctly to the inverse relationship. This fragility suggests that certain capabilities remain strongly dependent on the training distribution and on how a problem is formulated.

The scientific question is therefore not, “Do LLMs understand or not?” Rather, it is: What internal representations do they construct, under which conditions, how robust are these representations, and to what extent can they support causality, Agentic Memory, AI Planning, and purposeful action?

3. The Real Cost of Modern Artificial Intelligence

Massive investment in artificial intelligence is driven primarily by two requirements: computational infrastructure and post-training.

The first concerns the computing resources required to train and deploy modern AI models. Training relies on specialized processors, memory, networking, energy, and large-scale data centers. Inference at scale is also computationally expensive, as every request consumes resources while imposing constraints on latency, availability, and security.

The second concerns post-training. A raw model is not automatically reliable, useful, or safe. It must be refined through supervised learning, human feedback, alignment, filtering, instruction tuning, tool integration, retrieval mechanisms, and security policies.

This reality demonstrates that the raw model alone is insufficient. Modern artificial intelligence already depends on an ecosystem composed of models, data, external memory, tools, guardrails, interfaces, governance policies, infrastructure, and continuous supervision.

This observation reinforces the central thesis of this dissertation: advanced AI will likely not consist of a single isolated model, but rather of a composite architecture.

Predictive Artificial Intelligence Architectures — 4. Human Learning: Sensory Experience, Action, and Abstraction

Comparing a Large Language Model with a young child highlights the fundamental difference between text-based learning and embodied learning.

By the age of four, a child has already experienced thousands of hours of wakefulness. During this period, the child continuously receives visual, auditory, tactile, and motor sensory inputs. The retina does not transmit a raw image directly to the brain; it transforms, filters, and compresses information before sending it through the optic nerve. Although estimates vary, the literature on retinal coding indicates that the transmitted information flow remains substantial. See Koch et al..

Any comparison with the token streams processed by Large Language Models must therefore remain cautious. Human visual experience should not be presented as directly equivalent to textual data. The essential qualitative distinction is that a child learns from a continuous, active, multimodal sensory experience that is intrinsically linked to the consequences of its own actions.

The child observes objects, interacts with them, experiences the consequences, adjusts expectations, memorizes regularities, and progressively constructs abstractions. The child learns that some objects fall, roll, break, resist, disappear behind others, or reappear. At the same time, the child acquires an understanding of intentions, social cues, emotions, and implicit rules.

Human intelligence is therefore not built simply through the accumulation of information. It emerges through experience, interaction, abstraction, prediction, and error correction. This perspective aligns with the work of Lake et al., who emphasize the importance of Causal Models, intuitive physics, intuitive psychology, and rapid generalization.

5. Why Text Alone Is Likely Not Enough

Text is a secondary representation of the world. It describes objects, events, emotions, intentions, and relationships. It is not the world itself.

A model trained exclusively on text learns the regularities of language about the world, but not necessarily the regularities of the world itself. It may learn that people often write “a glass falls and breaks,” yet this knowledge remains mediated through language. It does not arise from direct experience of gravity, fragility, sound, trajectory, or the physical consequences of an action.

This distinction is closely related to the Symbol Grounding Problem discussed by Harnad. A symbol cannot be considered fully understood if it is connected only to other symbols. At least part of its meaning must ultimately be grounded in perception, action, or experience.

This does not imply that text is of limited value. On the contrary, language is an extraordinarily powerful medium for abstraction, cultural transmission, and reasoning. However, language alone appears insufficient to produce robust embodied intelligence.

The most scientifically accurate formulation is therefore that text alone can give rise to rich internal Predictive Representations, yet it does not appear sufficient to build a general intelligence capable of perception, causality, Experiential Memory, AI Planning, and effective action within the physical world.

Predictive Artificial Intelligence Architectures — 6. World Models as a Family of Predictive Architectures: Origins of the Concept

Throughout this dissertation, World Models are no longer treated as the exclusive focus of the discussion. Instead, they are examined as one of the major families of Predictive Artificial Intelligence Architectures because they explicitly formalize a fundamental capability: anticipating how an environment evolves from its current state under possible actions.

The term World Model is not a recent invention. It extends a long-established scientific tradition.

Craik proposed that the mind constructs small-scale internal models of reality, enabling actions to be mentally simulated before being executed. This intuition remains fundamental: thinking consists, in part, of testing possible actions internally before acting in the external world.

Johnson-Laird later developed the theory of mental models, according to which human reasoning relies on internal representations of possible situations.

In artificial intelligence, the concept emerged through model-based reinforcement learning, in which an agent uses a model of environmental dynamics to simulate the consequences of alternative actions. See Sutton & Barto.

The expression World Models became explicit in the work of Ha & Schmidhuber, who learned compressed representations of environments and used them to train autonomous agents. More recently, the JEPA and V-JEPA architectures proposed by LeCun, Bardes et al., and Assran et al. have extended this approach by learning to predict abstract latent representations rather than individual pixels.

The concept itself is therefore not new. What is new is its renewed central role in contemporary discussions about the future of artificial intelligence.

7. World Models as Predictive Representations: A Rigorous Definition

A World Model is a specific form of Predictive Representation: an internal representation that enables a system to predict how an environment is likely to evolve.

Within the broader perspective of this dissertation, it is not presented as the only solution, but rather as a central class of architecture capable of linking state, action, future, and decision-making.

Formally, if a system observes the state of the world at time t, denoted x_t, it constructs an abstract representation s_t. Given a candidate action a_t, the model predicts a future state s_{t+1} or a probability distribution over possible future states.

Observation x_t
      ↓
Encoder E
      ↓
Abstract state s_t
      ↓ + action a_t
Predictor P
      ↓
Predicted future state ŝ_{t+1}

The value of a World Model lies not merely in recognizing the current state of the environment, but in predicting what may happen next.

A system equipped with a World Model can answer the question: What would happen if I performed this action? This question lies at the heart of AI Planning, practical causality, and autonomous intelligence.

Predictive Artificial Intelligence Architectures — 8. Abstraction and Hierarchical Representations

It is impossible to represent the complete state of the world down to its ultimate physical details. Describing an ordinary room at the level of quantum field theory would be impractical: the complete wave function of a macroscopic system cannot be measured, and no realistic computation could predict every physically possible evolution in a useful manner.

Humans do not reason in this way. Instead, they construct abstractions: objects, surfaces, agents, intentions, obstacles, trajectories, rules, tools, and risks. Each level of abstraction discards part of the lower-level detail while preserving the information that is useful for prediction at a given scale.

This hierarchy mirrors the organization of science itself: particle physics, nuclear physics, chemistry, biochemistry, molecular biology, biology, psychology, sociology, and ecology. Each discipline focuses on the level of organization most relevant to its domain.

An effective World Model must therefore learn hierarchical representations. Lower levels may encode shapes, textures, and motion. Intermediate levels may encode objects, relationships, and scenes. Higher levels may encode intentions, constraints, goals, norms, and abstract causal structures.

Intelligence does not consist of preserving every detail, but of constructing the appropriate level of abstraction for effective action.

9. Learning Through Prediction: Encoder, Predictor, and Prediction Error

A system can learn a World Model through self-supervised predictive learning.

  1. It observes the world at time t as input data x_t.
  2. An encoder transforms x_t into an abstract representation s_t.
  3. A predictor estimates the future state ŝ_{t+1}.
  4. The system then observes x_{t+1}.
  5. The same encoder produces the corresponding representation s_{t+1}.
  6. The system minimizes the discrepancy between ŝ_{t+1} and s_{t+1}.

The objective is to make predictions within a meaningful abstract representation space rather than predicting every individual pixel. This is precisely the intuition behind JEPA architectures: learning to predict useful representations instead of reconstructing every detail. See LeCun and Bardes et al..

This learning mechanism fundamentally changes the nature of learning: the system no longer learns merely to recognize the world; it learns to anticipate its evolution.

Predictive Artificial Intelligence Architectures — 10. From Prediction to Planning

Planning requires the ability to simulate multiple possible futures.

To choose an action, an intelligent agent must evaluate several possible trajectories:

Current state
   ├── Action A → Possible future A
   ├── Action B → Possible future B
   └── Action C → Possible future C

The agent then compares these alternative futures according to an objective, a constraint, a cost, or a risk.

This capability is fundamental to model-based reinforcement learning, where an internal model is used to simulate the consequences of actions before they are executed. See Sutton & Barto.

Planning may also be delegated to symbolic engines, constraint solvers, search trees, or formal verification tools. Even in these cases, however, the system must represent states, actions, and transitions. In other words, planning almost always reintroduces some form of World Model.

11. World Models Within Predictive Artificial Intelligence Architectures: Promise and Limitations

This section retains World Models as a major scientific reference while placing them within a broader architectural perspective. Their importance lies not in belonging to a particular school of thought, but in the function they embody: learning useful Predictive Representations that support prediction, AI Planning, and action.

11.1. Generative World Models

The World Models proposed by Ha & Schmidhuber learn a compressed representation of an environment and then use this representation to train an autonomous agent. This approach demonstrates that an agent can learn not only from the real or simulated world, but also from an internally learned model of that world.

Predictive Artificial Intelligence Architectures — 11.2. JEPA, V-JEPA, and Latent-Space Prediction

JEPA and V-JEPA architectures aim to predict abstract representations rather than individual pixels. Their objective is to capture the information that is most relevant for understanding and action, without expending learning capacity on secondary visual details. See LeCun, Bardes et al., and Assran et al..

11.3. World Models in Robotics

World Models have become a major research direction in robotics because they enable systems to predict environmental dynamics, simulate actions, perform planning, and improve out-of-distribution generalization. See World Model for Robot Learning Survey.

11.4. Embodied Robotics and Digital Simulators

Simulation environments and digital twins make it possible to generate rare or hazardous scenarios. They are particularly valuable for autonomous driving, industrial robotics, and physical agents. Nevertheless, a simulation is never a complete representation of the real world and must always be validated against real-world observations.

Predictive Artificial Intelligence Architectures — 11.5. Limitations of World Models

World Models are not a universal solution. They face several fundamental challenges:

  • learning stable abstractions;
  • managing uncertainty and multiple possible futures;
  • distinguishing Causal Models from statistical correlations;
  • avoiding the prediction of irrelevant details;
  • generalizing beyond the training distribution;
  • integrating language, action, and Agentic Memory;
  • evaluating model quality objectively;
  • ensuring safety when actions affect the physical world.

An inaccurate World Model may become dangerous precisely because it appears internally coherent. Consequently, evaluation, Trust Governance, and Runtime Integrity become central requirements.

Predictive Artificial Intelligence Architectures — 12. Competing and Complementary Approaches

This section maps the principal research directions pursuing the same overarching objective: robust reasoning, generalization, AI Planning, memory, hallucination reduction, and reliable action.

12.1. Neuro-symbolic AI

Neuro-symbolic AI combines neural networks with symbolic reasoning, including rules, logic, knowledge graphs, constraint solvers, and inference engines.

This approach is particularly promising in domains where explainability, verification, and regulatory compliance are essential, including law, AI Cybersecurity, mathematics, formal verification, diagnostics, Trust Governance, and safety-critical systems. See Garcez & Lamb, Colelough & Regli, and Yang et al..

Primary strength: explainable and controllable reasoning. Main limitation: limited grounding in perception and the physical world. Relationship to World Models: symbolic systems often perform planning over abstract states and therefore frequently reintroduce a discrete or logical World Model.

12.2. Tool-using LLM Agents, RAG, Memory, and Planning Systems

A major industrial direction consists of using Large Language Models as orchestration engines. They invoke external tools, retrieve information, execute code, consult knowledge bases, rely on external Agentic Memory, and delegate specialized tasks to dedicated modules.

Retrieval-Augmented Generation (RAG) improves factual accuracy by connecting the model to external knowledge sources. See Lewis et al.. Tool-using Agents further extend LLM capabilities through planning, reasoning, tool use, and memory. See Yao et al., Huang et al., and Du.

Primary strength: immediate operational effectiveness. Main limitation: retrieval and external tools do not replace genuine causal understanding. Relationship to World Models: the agent may construct an external task model composed of states, sub-goals, constraints, tools, and memory.

Predictive Artificial Intelligence Architectures — 12.3. Model-Based Reinforcement Learning

Model-based reinforcement learning learns or exploits a model of environmental dynamics. The agent can simulate the consequences of its actions before acting. See Sutton & Barto and Moerland et al..

Primary strength: efficient planning and anticipation. Main limitation: learning reliable models in complex environments remains difficult. Relationship to World Models: this is one of the most explicit forms of a World Model.

12.4. Model-Free Reinforcement Learning

Model-free reinforcement learning learns an action policy directly without constructing an explicit model of the environment. It has achieved remarkable success in games and several simulated environments. See Mnih et al. and Schulman et al..

Primary strength: strong performance in well-defined environments with clear reward functions. Main limitation: high training cost, limited data efficiency, and poor robustness outside the training distribution. Relationship to World Models: although it avoids an explicit World Model, it generally struggles with long-horizon planning and systematic generalization without predictive structure.

12.5. Imitation Learning and Learning from Demonstration

Imitation learning trains a system to reproduce observed behaviors. It plays a central role in robotics, autonomous driving, and software agents.

Primary strength: rapid learning from human demonstrations. Main limitation: behavior may be reproduced without deep understanding, leading to failures outside the training distribution. Relationship to World Models: demonstrations provide trajectories, but the agent often requires a predictive model to adapt to novel situations.

Predictive Artificial Intelligence Architectures — 12.6. Active Inference and the Free Energy Principle

Active Inference, associated with Friston, proposes that intelligent agents act to reduce uncertainty and minimize the discrepancy between predictions and observations. Policies are selected according to their expected ability to minimize free energy by jointly maximizing utility and information gain. See Friston et al. and de Vries.

Primary strength: a unified framework integrating perception, action, and uncertainty. Main limitation: considerable theoretical complexity and limited industrial adoption. Relationship to World Models: Active Inference relies on internal generative models and is therefore closely related to, rather than opposed to, World Models.

12.7. Causal Models and Probabilistic Reasoning

Causal Models seek to distinguish correlation from causation while enabling counterfactual reasoning: what would happen if a variable were changed? See Pearl and Schölkopf et al..

Primary strength: conceptual robustness and intervention capabilities. Main limitation: learning large-scale causal structures automatically remains extremely challenging. Relationship to World Models: a causal model is often an abstract World Model centered on causal mechanisms.

12.8. Neuromorphic and Brain-Inspired Architectures

Neuromorphic architectures investigate spiking neural networks, continuous plasticity, local memory, and highly energy-efficient computation.

Primary strength: biological inspiration and potentially high energy efficiency. Main limitation: lower technological maturity compared with mainstream deep learning architectures. Relationship to World Models: these architectures do not inherently provide a World Model, but they may constitute an effective substrate for continuous learning.

Predictive Artificial Intelligence Architectures — 12.9. Planning Through Search, MCTS, Programs, and Formal Verification

Planning may be performed through explicit search methods, including decision trees, Monte Carlo Tree Search, constraint solvers, theorem provers, and formal verification systems. See Kocsis & Szepesvári and Silver et al..

Primary strength: systematic exploration of alternative scenarios. Main limitation: combinatorial explosion and dependence on a formal representation of states. Relationship to World Models: every search tree assumes states and transitions and therefore relies on some form of World Model.

12.10. Evolutionary AI and Open-Ended Learning

Evolutionary AI seeks to generate increasingly complex behaviors through variation, selection, and open-ended environments. The objective is not merely to optimize a fixed task, but to encourage the emergence of novel capabilities.

Primary strength: open-ended exploration of behavioral diversity. Main limitation: computational cost, unpredictability, and limited controllability. Relationship to World Models: evolved agents may develop internal representations, although these are often difficult to interpret.

12.11. Metacognitive Architectures

Metacognitive architectures provide a system with self-assessment capabilities, enabling it to detect its own errors, estimate uncertainty, decide when to request assistance, verify hypotheses, or revise its strategy.

Primary strength: robustness, self-correction, and operational safety. Main limitation: objectively evaluating the quality of self-assessment remains difficult. Relationship to World Models: metacognition can supervise and regulate the use of a World Model, but it does not replace it.

13. Proposed Taxonomy of Predictive Artificial Intelligence Architectures

This taxonomy proposes seven dimensions for comparing candidate architectures capable of achieving robust artificial general intelligence.

  1. Language: processing symbols, text, instructions, and dialogue.
  2. Perception: learning from images, video, audio, sensors, or the surrounding environment.
  3. Memory: storing, organizing, abstracting, and reusing experience.
  4. Causality: distinguishing correlation, intervention, and consequence.
  5. Action: operating within real, simulated, or software environments.
  6. Prediction: anticipating future states and multiple possible scenarios.
  7. Planning: selecting sequences of actions to achieve a goal.

This taxonomy deliberately avoids classifying approaches according to technological trends or implementation choices. Instead, it organizes them according to the cognitive functions they are required to perform.

The central question therefore becomes: Which architecture most effectively integrates these seven dimensions while ensuring robustness, safety, and verifiability?

Predictive Artificial Intelligence Architectures — 14. Comparative Matrix of Current Approaches

Qualitative scale: Low / Moderate / High / Very High.

Approach Language Perception Memory Causality Action Prediction Planning Primary Limitation
Pure LLM Very High Low Low Moderate/Low Low Linguistic Text-based No direct grounding in the physical world
Agentic LLM Very High Moderate Moderate/High Moderate Moderate Tool-assisted Strong but fragile Dependence on tools and context
RAG High Low Document-based Low Low Low Low/Moderate Retrieval is not understanding
Neuro-symbolic AI Moderate/High Variable Moderate High for rule-based reasoning Variable Moderate Strong logical reasoning Difficult grounding
Model-free RL Low Variable Implicit Low High Weak explicit prediction Moderate High training cost
Model-based RL Variable High Moderate Moderate High High High Difficult model learning
Active Inference Variable High High Probabilistic High High High Theoretical complexity
Causal Models Variable Variable Moderate Very High Variable Strong intervention capability High when structure is known Difficult causal discovery
World Models Variable High High Moderate/High High Very High Very High Difficult evaluation
Neuromorphic AI Low/Moderate Variable Variable Low/Moderate Variable Variable Variable Insufficient maturity
Hybrid Architecture Very High High High High High High High Complex Trust Governance

This comparative matrix shows that World Models are not the only possible path toward advanced intelligence. However, nearly all advanced approaches ultimately face the same fundamental challenge: representing, predicting, remembering, acting, and planning.

15. Proposed Hybrid Architecture: LAMP-C

Epistemological status (Register A). Conceptual architecture · research framework · not experimentally validated at this stage.

To establish this dissertation as a foundation for future research, we propose a conceptual architecture named LAMP-C:

  • L — Language: communication, instruction, and symbolic reasoning expressed through natural language.
  • A — Abstraction: construction of hierarchical and compressed representations.
  • M — Memory: storage, consolidation, forgetting, retrieval, and contradiction management through Agentic Memory and Experiential Memory.
  • P — Prediction / Planning: simulation of possible futures and selection of appropriate actions.
  • C — Causality / Control: intervention, counterfactual reasoning, verification, Runtime Integrity, and Cyber-Physical Trust.
Multimodal perception / data / language
                ↓
          Abstraction Encoder
                ↓
        Experiential Memory
                ↓
       Predictive World Model
                ↓
     Causal and Counterfactual Module
                ↓
 Planning Engine / Symbolic Engine / Tools
                ↓
Action: robot, API, software, or decision
                ↓
     Experience feedback and correction

This architecture is not intended as a finished technical product; it is a conceptual research framework. It provides a basis for comparing existing approaches while identifying the capabilities that remain absent from each of them.

LAMP-C is built upon a central hypothesis: advanced intelligence must be compositional. It does not emerge from a single monolithic model, but from the integration of language, perception, memory, prediction, causality, and control.

Predictive Artificial Intelligence Architectures — 16. Memory, Experience, and Cognitive Continuity

Without memory, an intelligent agent remains largely stateless. It may answer questions within a context window, yet it cannot develop continuity of experience.

Current AI systems are exploring several complementary forms of memory:

  1. Contextual Memory: information available within the model’s context window.
  2. Document Memory: retrieval of documents or passages through RAG.
  3. Episodic Memory: records of interactions, actions, errors, and outcomes.
  4. Semantic Memory: consolidated abstract knowledge.
  5. Procedural Memory: strategies, methods, routines, and acquired skills.
  6. Experiential Memory: action trajectories, feedback, failures, corrections, and accumulated learning.

Modern Tool-using Agents based on Large Language Models already investigate these memory mechanisms. See Du and Zhang et al..

Useful memory should do more than simply accumulate information. It must also filter, consolidate, forget, resolve contradictions, preserve confidentiality, and connect past experience to future decision-making.

A rigorous research program should therefore evaluate not only retrieval performance, but also whether memory genuinely improves decision quality.

17. Causality, Counterfactual Reasoning, and Robustness

Causality represents one of the major boundaries between statistical correlation and robust intelligence.

A statistical model may learn that two events are associated. A Causal Model seeks to understand what produces what. It enables questions such as:

  • What would happen if I intervened on this variable?
  • Does this action cause the observed effect, or merely reveal it?
  • What would have happened if a different action had been taken?

Pearl formalized this distinction through causal and counterfactual reasoning. Schölkopf et al. further discuss the importance of causality for robust learning and out-of-distribution generalization.

A World Model without causality may capture only superficial regularities. Conversely, a Causal Model without perception may lack grounding in reality. A robust hybrid architecture should therefore integrate both.

Predictive Artificial Intelligence Architectures — 18. Scientific Evaluation of Candidate Architectures

To establish this dissertation as the foundation of a research program, its hypotheses must be scientifically falsifiable.

Predictive Artificial Intelligence Architectures — 18.1. Evaluation Framework

A candidate architecture should be evaluated according to ten dimensions:

  1. Prediction: Can it accurately anticipate the evolution of an environment?
  2. Counterfactual Reasoning: Can it simulate “What would happen if…” scenarios?
  3. Planning: Can it select an effective sequence of actions?
  4. Causality: Can it distinguish causal relationships from mere correlations?
  5. Out-of-Distribution Robustness: Can it operate reliably in novel situations?
  6. Long-Term Memory: Does it learn effectively from previous experiences?
  7. Physical or Operational Grounding: Does it integrate language, perception, and action?
  8. Explainability: Can its decisions be understood and analyzed?
  9. Safety: Does it fail safely when necessary?
  10. Trust Governance: Can its capabilities, access rights, and objectives be effectively controlled?

18.2. Falsifiable Hypotheses

Hypothesis H1. An architecture combining a Large Language Model, Experiential Memory, and a latent predictive model performs better on long-horizon planning tasks than a standalone LLM.

Hypothesis H2. Adding a Causal Model improves out-of-distribution robustness under changing environmental conditions.

Hypothesis H3. Consolidated Experiential Memory reduces the recurrence of errors across multi-session tasks.

Hypothesis H4. A Neuro-symbolic AI architecture reduces hallucinations in tasks involving formal constraints.

Hypothesis H5. Latent World Models predict the consequences of physical actions more accurately than purely text-based models.

18.3. Candidate Experimental Protocols

  • Simulated robotic or physics-based environments.
  • Multi-step planning tasks involving hidden constraints.
  • Multi-session memory benchmarks.
  • Causal and counterfactual reasoning benchmarks.
  • Out-of-distribution evaluation scenarios.
  • Formal verification of generated plans.
  • Comparative evaluation of standalone LLMs, Tool-using Agents, LLMs with memory, LLMs with World Models, and the proposed LAMP-C architecture.

19. Mapping the Scientific Debates

A reference document should present scientific disagreements as well as defend its own thesis.

Predictive Artificial Intelligence Architectures — 19.1. Is Text Alone Sufficient?

Some researchers argue that scale, data, and external tools will ultimately enable Large Language Models to build sufficiently rich internal representations. Others contend that text alone cannot provide the grounding required for causal and physically situated intelligence.

19.2. Do Large Language Models Truly Reason?

LLMs sometimes produce reasoning that is useful and convincing. However, distinguishing robust reasoning from the imitation of common reasoning patterns or implicit search within textual representations remains an open scientific question.

19.3. Can Causality Emerge from Scale?

Causal relationships may be learned partially from data, but intervention and counterfactual reasoning often require additional representational structures beyond statistical scaling alone.

Predictive Artificial Intelligence Architectures — 19.4. Is Physical Embodiment Necessary?

Artificial intelligence can clearly be useful without a physical body. However, intelligence approaching that of humans or animals may require some form of embodied experience, whether real or simulated.

19.5. Are Video Models Sufficient?

Video models learn visual dynamics effectively, yet they may still lack causal understanding, intentionality, hidden physical constraints, and validation through interaction with the real world.

19.6. Is Neuro-symbolic AI a Transitional Stage or a Long-Term Direction?

Neuro-symbolic AI may serve either as a reasoning and control layer or as a central component of future hybrid architectures.

Predictive Artificial Intelligence Architectures — 19.7. Are Tool-using Agents a Sustainable Architecture?

They are already highly valuable in industrial applications, but their long-term robustness depends heavily on memory, external tools, verification mechanisms, and effective control.

Predictive Artificial Intelligence Architectures — 20. Proposed Research Program

20.1. Overall Objective

Design and evaluate a hybrid architecture capable of integrating language, perception, memory, prediction, causality, and planning.

20.2. Year 1: Taxonomy and Experimental Foundation

  • Finalize the proposed taxonomy.
  • Develop the comparative evaluation matrix.
  • Select appropriate benchmark suites.
  • Develop an initial prototype combining an LLM, memory, and external tools.
  • Evaluate the limitations of standalone LLMs on planning tasks.

Predictive Artificial Intelligence Architectures — 20.3. Year 2: Memory, Causality, and Latent World Models

  • Integrate Experiential Memory.
  • Add a causal or counterfactual reasoning module.
  • Evaluate a latent predictive model within a simulated environment.
  • Compare model-free RL, model-based RL, and Tool-using Agents.

20.4. Year 3: LAMP-C Architecture and Validation

  • Integrate language, abstraction, memory, prediction, and causality.
  • Evaluate out-of-distribution robustness.
  • Measure reductions in repeated errors.
  • Assess safety and explainability.
  • Publish the framework, experimental results, and identified limitations.

20.5. Scientific Deliverables

  • Position paper.
  • Comparative survey in French and English.
  • LAMP-C taxonomy.
  • Internal benchmark for planning and memory.
  • Experimental prototype.
  • Evaluation report.
  • Continuously maintained annotated bibliography.

21. Risks, Trust Governance, and Safety

Advanced AI architectures introduce specific risks.

A World Model improves planning capabilities, yet more effective planning may also increase a system’s ability to pursue unintended objectives. Persistent memory strengthens continuity but raises important issues regarding confidentiality, the right to be forgotten, and the persistence of erroneous knowledge. External tools improve operational effectiveness but also introduce risks associated with uncontrolled execution.

Trust Governance should therefore be integrated into the architecture from the outset:

  • capability control;
  • logging and traceability;
  • plan verification;
  • operational action limits;
  • clear separation between prediction, decision, and execution;
  • memory management;
  • explainability;
  • auditability;
  • safe failure (fail-safe);
  • goal alignment.

Consequently, any research program on Predictive Artificial Intelligence Architectures must also be conceived as a research program in AI safety and Cyber-Physical Trust.

Predictive Artificial Intelligence Architectures — 22. A Defensible Scientific Position

This dissertation does not claim to demonstrate that World Models constitute the only path toward artificial general intelligence. It defends a broader and more robust position: any architecture aiming to achieve reliable intelligence, planning capabilities, and generalization will need to include, explicitly or implicitly, predictive, memory-based, causal, and actionable capabilities.

This position avoids two extremes. The first would be to reduce Large Language Models to simple systems with no internal representations at all: work such as Gurnee & Tegmark 2023 suggests that they can encode certain spatial and temporal reference structures. The second would be to conclude that text alone is sufficient to produce robust embodied intelligence: limitations such as the Reversal Curse, the absence of direct sensorimotor grounding, and weaknesses in planning indicate that such a conclusion remains fragile.

The defensible thesis is therefore the following:

Large Language Models can make a major contribution to artificial general intelligence, but they need to be integrated with mechanisms for memory, perception, causality, action, control, and prediction. The scientific debate is not limited to “LLMs versus World Models”; it concerns the design of Predictive Artificial Intelligence Architectures capable of linking representation, anticipation, decision-making, and Trust Governance.

This formulation makes the dissertation compatible with competing and complementary approaches, including Neuro-symbolic AI, Tool-using Agents, RAG, Active Inference, causality, embodied robotics, reinforcement learning, and hybrid architectures. It also supports the argument that World Models are less a doctrine than a remarkable instance of a broader cognitive function: anticipating what may happen given the current state and the possible actions. See Craik 1943, Johnson-Laird 1983, Sutton & Barto 2018, Ha & Schmidhuber 2018, and LeCun 2022.

23. State of the Art at the Time of Writing: Research, Industrialization, and Observed Results

State of the art documented up to 2026-07-07; this field is evolving rapidly. This section distinguishes three levels:

  1. scientific research: articles, surveys, benchmarks, and experimental architectures;
  2. industrialized implementation: products, platforms, standards, regulations, or already deployed uses;
  3. observed results: measured benefits, real limitations, disappointing outcomes, or persistent risks.

The objective is not to provide an exhaustive list of AI products, but to position Predictive AI Architectures within their operational reality: what already works, what is progressing, what remains fragile, and what still needs to be demonstrated.

Predictive Artificial Intelligence Architectures — 23.1. Short Synthesis

At the time of writing, the state of the art shows a clear convergence: the most effective systems do not rely on a single component. They generally combine a language model, memory or external retrieval, tools, guardrails, access policies, evaluations, and sometimes specialized modules for vision, planning, cybersecurity, or robotics.

Industrialized LLMs are already effective for writing assistance, code generation, user support, document analysis, augmented search, and support for security teams. However, their limitations remain well documented: hallucinations, context dependence, fragile long-horizon planning, agent security, variable quality of generated code, data leakage risks, and the continuing need for supervision.

World Models and predictive video models are progressing rapidly in research, particularly with V-JEPA 2 and the 2025–2026 surveys on robotics and embodied AI. However, their full industrialization remains limited: results are promising for video understanding, prediction, zero-shot planning, and controlled robotics, but they are not yet equivalent to open-world autonomous general intelligence.

Cybersecurity and Digital Identity approaches are the most industrialized from a normative standpoint: NIST SP 800-63-4, OWASP LLM Top 10, NIST AI RMF, NIST CSF 2.0, ETSI EN 303 645, the Cyber Resilience Act, and the EU AI Act already form a reference foundation. WebAuthn/FIDO and Passkeys may also be cited as external points of comparison for passwordless authentication, without constituting the Freemindtronic trust foundation. The real outcome is clear: digital trust is evolving toward strong identity, security by design, AI risk governance, and phishing resistance. However, the integration of AI, identity, connected objects, and cyber-physical safety remains an emerging field of applied research.

23.2. LLMs and Tool-using Agents: Strong Industrialization, Still Incomplete Robustness

Large Language Models are the most industrialized building blocks of contemporary AI. They are now integrated into office environments, search engines, development platforms, support tools, business assistants, augmented SOCs, and document workflows.

Examples of Already Industrialized Implementations

Domain Implementation Official / Primary Reference Observed Result Persistent Limitation
Software development GitHub Copilot GitHub Copilot, Microsoft Research / arXiv study A controlled experiment measured a task completed 55.8% faster with Copilot. Gains vary depending on the task, prompt quality, expertise, integration, and code security.
Office environments Microsoft 365 Copilot Microsoft 365 Copilot Large-scale deployment within collaborative productivity suites. Productivity is difficult to measure universally; dependence on internal data and governance.
Operational cybersecurity Microsoft Copilot for Security Microsoft Security Copilot, GA details Microsoft reports that experienced analysts were 22% faster and 7% more accurate in an internal study. Results depend on SOC context, data quality, integrations, and human supervision.
SOC and cloud security Google Security Operations / Gemini Google Security Operations, Gemini in SCC Natural-language assistance, contextual summaries, recommendations, and creation of detections/playbooks. Automation must be governed: signal quality, false positives, permissions, and tool security.
RAG and document retrieval Industrial RAG Lewis et al. 2020 Reduction of certain factual hallucinations through document access. RAG does not equal truth: obsolete sources, poisoned documents, poorly ranked context, and residual hallucinations.
Tool-using Agents ReAct, Toolformer, API agents ReAct, Toolformer Enables the integration of reasoning, action, and external tools. Risks of excessive agency, indirect prompt injection, tool misuse, and context leakage.

Expected Real-World Outcome

The realistic short-term outcome is not autonomous artificial general intelligence, but a significant increase in productivity for well-defined tasks, including writing, summarization, information retrieval, standard code generation, SOC investigations, alert triage, document assistance, and the execution of controlled workflows.

When Results Fall Short of Expectations

Results become disappointing when a Large Language Model is expected to provide:

  • guaranteed truth without verification;
  • reliable planning across long sequences of actions;
  • complete causal understanding;
  • safe autonomy without guardrails;
  • ungoverned long-term memory;
  • intrinsic resistance to indirect prompt injection;
  • code quality equivalent to expert human review.

The operational conclusion is therefore straightforward: industrialized LLMs are already highly valuable, but their effectiveness depends on the surrounding architecture, including RAG, memory, external tools, policies, sandboxing, logging, verification, Trust Governance, and human supervision.

23.3. World Models, Video Models, and Robotics: Active Research, Partial Industrialization

World Models represent one of the major research directions for moving beyond token prediction toward the prediction of states, actions, and their consequences.

Recent surveys on World Models in robotics describe these models as predictive representations of how an environment evolves under the influence of actions. They are used for policy learning, AI Planning, simulation, evaluation, synthetic data generation, and video-based robotics. See World Model for Robot Learning: A Comprehensive Survey.

V-JEPA 2 represents an important milestone. Meta presents it as a video-trained model capable of understanding, prediction, zero-shot planning, and robotic control in previously unseen environments. See Meta AI V-JEPA 2 and the official V-JEPA 2 blog.

Current Implementations and Technology Readiness

Approach Status as of July 6, 2026 Observed Results Main Limitation
Predictive video models Advanced research, demonstrators, benchmark evaluations Improved motion understanding, anticipation, and latent representations Limited physical generalization, long-horizon errors, difficult evaluation
World Models for robotics Rapid growth in surveys and research prototypes Planning, imagination, simulation, synthetic data generation Costly and fragile transfer to the real world
Robot Foundation Models / VLA Partial industrialization in controlled robotics Language-to-action instructions and limited manipulation Need for embodied data, retargeting, safety, and robustness
Digital twins / simulators Already deployed across multiple industries Scenario testing, training, and validation Simulation-to-reality gap, incomplete models, validation costs

Expected Real-World Outcome

In the medium term, the expected outcome is AI capable of improving robotics, autonomous driving, simulation, physical planning, digital twins, and cyber-physical systems. However, the credible objective is not yet a universally autonomous general-purpose robot.

Results That Remain Unproven or Disappointing

Current limitations remain substantial:

  • accumulation of prediction errors over long horizons;
  • difficulty in evaluating physical consistency;
  • scarcity of unified benchmark suites;
  • high cost of robotic training data;
  • difficult transfer from Internet video to robotic action;
  • insufficient safety for safety-critical physical actions;
  • the continuing need for memory, causality, and control beyond video prediction alone.

These observations reinforce the central thesis of this dissertation: the future will not consist solely of World Models, but of Predictive Artificial Intelligence Architectures integrating memory, causality, action, and Trust Governance.

Predictive Artificial Intelligence Architectures — 23.4. RAG, Memory, and Agents: Operational Success, Risk of False Confidence

Retrieval-Augmented Generation (RAG) is already widely deployed across industry to connect Large Language Models with document repositories. Its value is clear: reducing certain hallucinations, citing sources, leveraging internal documents, and making AI genuinely useful in professional environments.

However, RAG does not automatically transform an answer into verified truth. A RAG pipeline may fail when:

  • documents are outdated;
  • the vector index retrieves an irrelevant passage;
  • a source contains an indirect prompt injection;
  • document permissions are improperly managed;
  • the model conflates retrieved information with inference;
  • memory preserves a false belief.

Agentic Memory has therefore become a central research topic. Recent surveys on memory for Tool-using Agents already formalize mechanisms for writing, management, retrieval, consolidation, forgetting, contradiction handling, and recall. See Zhang et al. and Du.

Expected Real-World Outcome

RAG and Agentic Memory are already effective for document assistance, customer support, enterprise search, compliance, knowledge retention, augmented SOCs, and domain-specific AI agents.

Potentially Disappointing Outcome

They become hazardous when treated as inherently trustworthy memory systems. Agent memory should instead be governed as a critical asset, including access rights, provenance, versioning, retention policies, forgetting mechanisms, correction procedures, logging, encryption, and revocation.

23.5. Cybersecurity and Digital Identity: Strong Regulatory and Standards-Based Industrialization

Cybersecurity is currently the domain where implementation has progressed furthest through standards and regulatory frameworks.

Already Established Reference Frameworks

Framework Nature Contribution to this Dissertation
OWASP LLM Top 10 2025 GenAI / LLM security framework Formalizes prompt injection, data poisoning, supply-chain attacks, information disclosure, excessive agency, and related threats.
NIST SP 800-63-4 Digital Identity Defines identity proofing, authentication, authenticators, federation, and assurance levels.
NIST AI RMF 1.0 AI Risk Management Provides a framework for AI governance, measurement, risk mapping, and risk management.
NIST CSF 2.0 Cybersecurity Risk Management General governance framework placing governance at the core of cybersecurity.
NIST SP 800-207 Zero Trust Continuous access re-evaluation based on identity, context, policy, and protected resources.
FIDO Passkeys Passwordless authentication Replace shared secrets with phishing-resistant asymmetric cryptography.
W3C WebAuthn Web standard Public-key credential API enabling strong authentication.
Cyber Resilience Act EU Regulation Horizontal cybersecurity requirements for products with digital elements.
EU AI Act EU Regulation Risk-based governance framework for AI systems.
ETSI EN 303 645 IoT Standard Baseline cybersecurity requirements for consumer connected devices.

Expected Real-World Outcome

The practical outcomes are already becoming visible:

  • accelerated deployment of Passkeys and phishing-resistant authentication;
  • a transition from perimeter-based security toward Zero Trust architectures;
  • growing adoption of security by design;
  • mandatory governance of AI and cybersecurity risks;
  • standardization of cybersecurity requirements for connected devices;
  • increased attention to the security of LLMs, RAG systems, and Tool-using Agents.

Disappointing or Insufficient Results

Despite these standards, several challenges remain:

  • uneven adoption of Passkeys;
  • continued dependence on platform ecosystems and portability concerns;
  • biometric authentication still vulnerable to presentation attacks when poorly implemented;
  • IoT ecosystems frequently remain weak in software updates, end-of-life management, and asset inventory;
  • complex regulatory compliance for small and medium-sized enterprises;
  • AI security remains immature when facing attacks targeting Tool-using Agents;
  • a lack of reference frameworks integrating AI, Digital Identity, memory, action, and Cyber-Physical Trust within a single architecture.

It is precisely within this gap that the applied contribution of this dissertation is positioned.

23.6. AI Cybersecurity: A Distinct Discipline in Its Own Right

The industrialization of AI reveals a fundamental distinction:

  • AI for cybersecurity: using AI to strengthen cyber defense;
  • AI cybersecurity: securing AI models, datasets, prompts, tools, agents, memories, and AI supply chains.

The OWASP LLM Top 10 2025 demonstrates that GenAI vulnerabilities extend far beyond prompt injection. They also affect outputs, training data, supply chains, information disclosure, excessively autonomous agents, and model theft. See OWASP GenAI Security Project.

The NIST AI Risk Management Framework provides a broader framework for governing AI-related risks. See NIST AI RMF.

Expected Real-World Outcome

In the short term, organizations will need to integrate AI security into their existing practices, including governance, threat modeling, red teaming, supply-chain security, software security, Identity and Access Management (IAM), logging, tool governance, human oversight, and adversarial testing.

Disappointing Outcome

AI security is still too often applied as an afterthought. Many organizations deploy assistants, RAG systems, or AI agents before defining:

  • which users are authorized to invoke which tools;
  • which data may enter the model context;
  • which forms of memory are permitted;
  • how memorized beliefs or instructions can be revoked;
  • how an entire chain of actions can be audited;
  • how the system should refuse to act under critical uncertainty.

Predictive Artificial Intelligence Architectures — 23.7. Summary of Observed Results: Valuable, but Architecture-Dependent

Domain Industrialization Observed Results Main Limitation Implication for this Dissertation
General-purpose LLMs Very High Writing productivity, summarization, code generation, user assistance Hallucinations, context dependence, security The model alone is insufficient.
Code copilots High Efficiency gains on standardized tasks Quality, integration, security, variable performance Human review and testing remain essential.
Cybersecurity copilots High but tightly governed Faster investigation and alert triage Risk of excessive automation SOC governance remains indispensable.
RAG Very High Context-aware responses False or contaminated sources Requires provenance tracking and access control.
Tool-using Agents Rapidly expanding Multi-step workflow execution Prompt injection and tool abuse Requires sandboxing and capability restrictions.
World Models Advanced research Prediction, video understanding, robotics, simulation Generalization and real-world validation A major pillar, but not a complete solution.
Digital Identity / Passkeys Strong industrialization Improved phishing resistance Adoption and portability Foundation for trustworthy digital identity.
IoT / Cyber-Physical Systems Strong regulatory framework, uneven deployment Lifecycle security requirements Legacy systems, updates, end-of-life management Requires Trust Continuity.
AI Governance Active regulatory development Risk management frameworks Complexity and compliance evidence Requires measurable metrics and auditability.

23.8. State-of-the-Art Conclusion

The state of the art as of July 6, 2026, confirms the central thesis of this dissertation: advanced AI cannot be reduced either to a larger Large Language Model or to an isolated World Model. The most convincing real-world results emerge when systems are architected around verified data, governed memory, constrained tools, strong Digital Identity, logging, evaluation, security, and human supervision.

The most compelling short-term industrial outcome is supervised human augmentation for developers, SOC analysts, legal professionals, researchers, support teams, engineers, and compliance specialists. The greatest disappointments arise when AI is presented as autonomous, inherently reliable, and causally competent without an appropriate control architecture.

The principal contribution of this dissertation is therefore to propose a unifying framework based on Predictive Artificial Intelligence Architectures, in which World Models, Large Language Models, Agentic Memory, Causal Models, Digital Identity, AI Cybersecurity, and Cyber-Physical Trust are integrated within a single analytical framework.
[/ux_text] [/col] [/row]

Predictive Artificial Intelligence Architectures — 24. Benchmarks and Evaluation Protocols

A reference dissertation should propose not only concepts but also evaluation criteria. A candidate Predictive Artificial Intelligence Architecture must be assessed through protocols that measure its ability to predict, plan, remember, act, explain its decisions, and fail safely.

24.1. Evaluating Prediction

Key questions:

  • Can the system accurately predict the evolution of an environment?
  • Can it represent multiple possible futures?
  • Does it distinguish epistemic uncertainty from aleatoric uncertainty?
  • Does it predict in pixel space, token space, or an abstract latent representation?

Relevant references: Ha & Schmidhuber 2018, Moerland et al. 2023, Bardes et al. 2024, Assran et al. 2025.

Predictive Artificial Intelligence Architectures — 24.2. Evaluating Planning

Key questions:

  • Can the system decompose a complex task into manageable steps?
  • Can it compare multiple alternative plans?
  • Can it revise a plan after failure?
  • Can it plan under temporal, energy, or regulatory constraints?

Relevant references: Kocsis & Szepesvári 2006, Silver et al. 2018, Huang et al. 2024, ReAct.

24.3. Evaluating Memory

Key questions:

  • Does the system retain relevant episodes?
  • Can it consolidate experience into abstract knowledge?
  • Can it forget information that is unnecessary or potentially harmful?
  • Can it manage contradictions, corrections, and the right to be forgotten?

Relevant references: Zhang et al. 2024, Du 2026, Lewis et al. 2020.

24.4. Evaluating Causality and Counterfactual Reasoning

Key questions:

  • Can the system distinguish correlation from causation?
  • Can it answer “What would happen if…?” questions?
  • Can it identify the relevant intervention variables?
  • Does it remain robust under distribution shifts?

Relevant references: Pearl 2009, Schölkopf et al. 2021, Lake et al. 2017.

Predictive Artificial Intelligence Architectures — 24.5. Evaluating Out-of-Distribution Robustness

Key questions:

  • Can the system generalize to previously unseen scenes, objects, or rules?
  • Can it recognize its own limitations?
  • Can it suspend an action instead of producing a plausible but incorrect response?

Relevant references: Berglund et al. 2023, Bender et al. 2021, World Model for Robot Learning 2026.

24.6. Evaluating Trust Governance

Key questions:

  • Are generated plans auditable?
  • Is memory fully traceable?
  • Are actions clearly separated from decisions?
  • Are guardrails, uncertainty thresholds, and fail-safe mechanisms implemented?

A comprehensive benchmark should therefore combine prediction tasks, planning tasks, long-term memory tasks, causal reasoning tasks, out-of-distribution evaluations, decision auditing, and safety testing.

25. Agentic Memory: The Missing Link

Memory is often treated as a secondary module. This is a fundamental mistake. Without memory, an intelligent agent possesses no continuity of experience. Without continuity, it cannot learn sustainably from its actions, correct recurring mistakes, manage contradictions, or build a stable functional identity.

A World Model without Experiential Memory risks remaining only a local prediction mechanism. To become a cumulative intelligence, it must be coupled with a memory system capable of preserving experience, extracting abstractions, forgetting irrelevant details, managing contradictions, and reusing acquired knowledge in new situations.

25.1. Three Levels of Memory

  1. Contextual Memory: the information contained within the model’s current context window.
  2. External Memory: documents, vector databases, RAG systems, logs, and knowledge graphs.
  3. Experiential Memory: episodes, errors, decisions, consequences, abstraction, consolidation, and forgetting.

Predictive Artificial Intelligence Architectures — 25.2. The Write–Manage–Read Loop

Recent research formalizes agent memory as a continuous cycle:

Observation / action
        ↓
Memory writing
        ↓
Memory management:
compression, hierarchy, contradiction handling, forgetting
        ↓
Selective retrieval
        ↓
Decision / planning
        ↓
New action

This loop must be integrated with perception, action, access control, and data Trust Governance. See Du 2026 and Zhang et al. 2024.

25.3. Memory and Operational Sovereignty

Agentic Memory also introduces sovereignty requirements, including data localization, encryption, traceability, the right to be forgotten, human oversight, separation between personal and professional memories, and protection against memory poisoning.

Memory is therefore not merely a technical challenge; it is fundamentally a matter of Trust Governance.

Predictive Artificial Intelligence Architectures — 26. AI-TRL Maturity Framework

To transform this dissertation into the foundation of a research program, the maturity of candidate architectures must be assessed. The following framework adapts the spirit of Technology Readiness Levels (TRLs) to Predictive Artificial Intelligence Architectures.

Level Name Description Minimum Expected Evidence
1 Concept Theoretical hypothesis formulated Definition, architecture diagram, hypotheses
2 Simulation Evaluation in a controlled environment Reproducible simulation results
3 Benchmark Validation on standardized tasks Comparative scores with a public evaluation protocol
4 Tool-using Agent Integration of tools, APIs, and information retrieval Action logs and error-control mechanisms
5 Multimodal Perception through images, video, audio, or sensors Multimodal evaluation results
6 Embodied Interaction with robotic systems or rich environments Perception–action feedback loop
7 Causal Validated counterfactual reasoning Interventional testing
8 Robust Out-of-distribution generalization Unseen scenarios and uncertainty detection
9 Governed Auditability, safety, and human oversight Logs, guardrails, and fail-safe mechanisms
10 Operationally Deployable Controlled operational deployment Field validation, supervision, and regulatory compliance

This framework enables meaningful comparisons between approaches without conflating them. A Large Language Model may score very highly on language while remaining limited in embodied interaction. A World Model may excel at prediction while remaining weak in Trust Governance. A hybrid architecture should therefore strive for balanced progress across all dimensions.

27. Manifesto for Predictive, Memory-Driven, and Governable AI

  1. Language is not the world. Text describes reality, but it cannot replace sensory experience, action, or causality.
  2. Predicting tokens is not the same as predicting consequences. An intelligent system that acts must anticipate the effects of its actions.
  3. Memory is not merely a document repository. It should become a continuity of experience through consolidation, forgetting, and controlled contradiction management.
  4. Causality cannot be reduced to correlation. A robust AI system must reason about interventions and counterfactuals.
  5. Planning requires simulatable futures. Choosing an action presupposes comparing multiple possible trajectories.
  6. Action requires safety control. The greater a system’s capacity to act, the greater the need for Trust Governance, auditability, and operational constraints.
  7. Abstraction is prediction-oriented compression. Irrelevant details must be discarded while preserving the variables that matter for prediction.
  8. Artificial general intelligence will most likely be hybrid. Language, perception, Agentic Memory, Causal Models, tools, and latent World Models will need to cooperate.
  9. Evaluation must consider long-term behavior and out-of-distribution performance. Short benchmarks alone cannot adequately measure robustness.
  10. A powerful AI system must know how to fail safely. Refusing, suspending action, requesting verification, or limiting execution may be more intelligent than producing a plausible but incorrect response.

This manifesto summarizes the central ambition of this dissertation: to move beyond generative AI centered on text production toward Predictive Artificial Intelligence Architectures that integrate prediction, Agentic Memory, causality, action, and Trust Governance.

Predictive Artificial Intelligence Architectures — 28. Appendix: Doctoral Research Project / Consortium

28.1. Possible Title

Toward a Hybrid Architecture for Predictive Intelligence: Memory, Causality, World Models, and Tool-using Agents.

Predictive Artificial Intelligence Architectures — 28.2. Research Problem

Current AI architectures excel at language generation. However, they remain fragile when they need to act over time, retain experience, generalize beyond the training distribution, reason causally, and plan within open environments.

This research project aims to study whether a hybrid architecture combining a Large Language Model, a World Model, Agentic Memory, Causal Models, and symbolic control can improve the robustness and governability of autonomous agents.

28.3. Research Hypotheses

  • H1: structured Experiential Memory reduces repeated errors in LLM-based agents.
  • H2: a latent predictive model improves planning compared with purely text-based planning.
  • H3: adding a Causal Model improves out-of-distribution robustness.
  • H4: Neuro-symbolic AI control reduces incoherent or forbidden actions.
  • H5: a hybrid LAMP-C architecture achieves greater governability than a Tool-using LLM Agent alone.

28.4. Scientific Bottlenecks

  • Learning the right abstractions without reconstructing every detail.
  • Combining long-term memory with confidentiality requirements.
  • Evaluating causality and counterfactual reasoning.
  • Controlling action in open environments.
  • Preventing memory poisoning.
  • Maintaining auditability despite opaque neural modules.

Predictive Artificial Intelligence Architectures — 28.5. Methodology

  1. Conduct a structured literature review.
  2. Define internal benchmarks for memory, planning, causality, and safety.
  3. Develop an agentic prototype combining an LLM, RAG, memory, a simulator, and a symbolic verifier.
  4. Progressively integrate a latent predictive model.
  5. Evaluate the system against a standalone LLM, a RAG agent, a Tool-using Agent, an agent with memory, and a hybrid agent.
  6. Analyze failures, including hallucination, causal errors, impossible plans, and contradictory memory.
  7. Publish the results, limitations, and evaluation protocols.

28.6. Deliverables Over 36 Months

Period Deliverable
M0–M6 State of the art, taxonomy, evaluation protocol
M6–M12 Memory / planning / causality benchmark
M12–M18 Minimal LAMP-C prototype
M18–M24 Latent predictive model integration
M24–M30 Out-of-distribution evaluation and Trust Governance
M30–M36 Publication, dataset, benchmark, final framework

28.7. Potential Applications

  • Robotics and embodied agents.
  • Long-term professional assistants.
  • AI Cybersecurity and incident analysis.
  • Governed critical systems.
  • Sovereign off-cloud agents.
  • Decision support under regulatory constraints.

Predictive Artificial Intelligence Architectures — 28.8. Success Criteria

  • Measurable reduction in repeated errors.
  • Improved planning under constraints.
  • Greater out-of-distribution robustness.
  • Complete logging of decisions and actions.
  • Explicit control over action capabilities.
  • Reproducibility of evaluation protocols.

29.4. AI as an Attack Amplifier

AI does not create every risk ex nihilo. However, it changes their scale, speed, credibility, and degree of personalization.

29.4.1. Phishing, Deepfakes, and Augmented Social Engineering

LLMs can generate credible, personalized, multilingual messages tailored to a target’s context. In parallel, voice and video models strengthen identity impersonation through voice or face imitation.

As a result, the risk is no longer limited to password compromise. It increasingly concerns the compromise of the trust relationship: an executive’s voice, a colleague’s message, a falsified video conference, or a misleading operational instruction.

Consequently, identity can no longer rely solely on intuitive human signals. Statements such as “I recognized the voice” or “I saw the person on video” are no longer sufficient for critical operations. Cryptographic proof mechanisms, contextual controls, out-of-band verification, logging, and strong authentication therefore become essential.

29.4.2. Offensive Automation

AI can accelerate:

  • vulnerability discovery;
  • generation of phishing variants;
  • translation and localization of attacks;
  • production of exploitation scripts;
  • analysis of leaked data;
  • target identification;
  • personalization of lures;
  • simulation of conversations;
  • dynamic adaptation to the victim’s responses.

This acceleration requires a shift in defensive strategy. Security can no longer remain purely reactive. It must become predictive, contextual, and capable of rapidly reducing exposure.

29.4.3. Attacks Against Non-Human Identities

Non-human identities are becoming critical assets: API keys, machine certificates, cloud workloads, containers, microservices, connected objects, robots, and AI agents. In many environments, these identities outnumber human users, are harder to inventory, and are less frequently governed with strict controls.

Agentic AI further amplifies this issue. An agent may act on behalf of a user, a service, or an organization. It therefore becomes necessary to define not only who is acting, but also under which delegation, within which scope, with which tools, for how long, with what traceability, and under which revocation mechanism.

29.5. Human Identity: From Point-in-Time Authentication to Trust Continuity

Modern Digital Identity is structured by reference frameworks such as NIST SP 800-63-4, which covers identity proofing, authentication, and federation. Mechanisms such as WebAuthn and FIDO Passkeys significantly improve phishing resistance by replacing shared secrets with public-key proofs bound to an authenticator and to the service context.

However, AI changes the nature of the problem. Strong authentication answers the question: does the person control the authentication factor? It does not always answer the following questions:

  • Is the person acting under coercion?
  • Has the session been hijacked after authentication?
  • Is the requested action consistent with the person’s role?
  • Is the environment trustworthy?
  • Is the behavior abnormal?
  • Is an agent acting on the person’s behalf?
  • Was the decision triggered by deepfake manipulation?

For this reason, authentication must evolve toward Trust Continuity.

29.5.1. Human Trust Factors

Category Examples Associated AI Risk Future Requirement
What I know Password, PIN Phishing, lure generation Reduction of memorized secrets
What I possess Key, card, smartphone, token Theft, malware, relay attack Attestation and local proof
What I am Biometrics Deepfake, artifacts, spoofing PAD, liveness, context
What I do Behavior, keystroke dynamics, usage patterns Mimicry, assisted impersonation Careful and governed profiling
Where I am Geolocation, network, BSSID VPN, spoofing, relay Multi-signal consistency
When I act Time, sequence, frequency Abnormal automation Cadence and anomaly detection
What I act with Device posture, browser, operating system Compromised endpoint Attestation, EDR, trust level
Why I act Apparent intent, task, workflow Manipulation, social engineering Critical contextual verification

29.5.2. From Declared Identity to Proven Identity

A declared identity is an assertion: “I am Jacques,” “I am this sensor,” “I am this agent,” or “I am this service.” By contrast, a proven identity requires a verification mechanism: cryptographic key, certificate, authenticator, biometrics, hardware attestation, proof of presence, proof of possession, proof of context, or proof of behavioral compliance.

In a world shaped by generative AI, declared identity loses value. Proven identity becomes central.

29.5.3. Trust Continuity and Adaptive Decisions

Trust Continuity does not mean unlimited surveillance. Rather, it means that critical decisions must be re-evaluated through a body of evidence proportionate to the risk: identity, context, device, requested action, history, resource sensitivity, and possible consequences.

This logic aligns with the Zero Trust model. The network is no longer assumed to be trustworthy; each access request to a resource must be evaluated according to context, identity, asset, and policy. See NIST SP 800-207.

Predictive Artificial Intelligence Architectures — 29.6. Authentication of Living Beings: Presence, Liveness, Context, and Dignity

The expression “authentication of living beings” must be handled with care. It should not reduce a human being to biometric data. Instead, it should distinguish four levels:

  1. Authentication of a human identity: proof that a person controls factors associated with a Digital Identity.
  2. Proof of presence: proof that an action involves a real human presence in a given context.
  3. Proof of liveness: resistance to artifacts, photos, videos, masks, copied fingerprints, or deepfakes.
  4. Authentication of a non-human living organism: veterinary traceability, research, conservation, food supply chains, transport, and biosafety.

29.6.1. Biometrics and Presentation Attack Detection

Biometrics can strengthen authentication, but they are not secret keys. A face, a voice, or a fingerprint may be exposed, reproduced, or synthesized.

Therefore, biometric security must integrate Presentation Attack Detection (PAD), liveness proof, bias evaluation, data minimization, cryptographic protection, and appeal mechanisms.

The ISO/IEC 30107 standard provides vocabulary and a framework for biometric presentation attack detection. Biometric evaluations such as NIST FRVT provide a performance evaluation framework, although they do not replace a complete system-level security analysis.

29.6.2. Biological Identity and Cryptographic Identity

A major confusion must be avoided: biological DNA, biometrics, and cryptographic identity are not the same type of object.

  • Biological DNA is sensitive biological information that is stable, familial, and strongly protected.
  • Biometrics is a modality for recognizing or verifying a living being.
  • Cryptographic identity is a proof structure based on keys, certificates, signatures, attestations, and protocols.

Expressions such as “Digital DNA” or “Cryptographic Genome” should therefore be understood as structural or procedural metaphors. They refer to the organization of proofs, segments, inheritance mechanisms, dependencies, or trust policies, and not to biological DNA or DNA computing.

29.6.3. Ethical Principles for the Authentication of Living Beings

Principle Meaning
Proportionality Collect only the evidence required for the actual level of risk.
Data Minimization Avoid centralized biometric data whenever local verification is sufficient.
Reversibility Support revocation, renewal, and appeal mechanisms.
Non-reduction Do not equate a human being with a technical identifier.
Local Protection Favor local authentication whenever feasible.
Explainability Provide justified explanations for critical refusals.
Auditability Maintain verifiable records without exposing personal privacy.
Dignity Prevent security from becoming abusive surveillance.

29.7. Machine Identity, Connected Devices, and Non-Human Agents

Connected devices and non-human identities have become central components of modern cybersecurity. A connected object may be an industrial sensor, a medical device, a camera, an access badge, an industrial controller, a vehicle, a smart lock, a robot, a smartphone, a gateway, an environmental probe, or an embedded module.

Reference frameworks such as NISTIR 8259A and ETSI EN 303 645 emphasize that connected devices should provide essential security capabilities, including device identity, secure configuration, data protection, software updates, logging, documentation, vulnerability management, and resilience.

With the emergence of AI, the role of connected devices is evolving. They may now become:

  • a sensor feeding a predictive model;
  • a source of local decision-making;
  • an entry point for an AI agent;
  • a physical actuator;
  • a non-human identity within a chain of trust;
  • a component of a safety-critical system;
  • a node within a predictive risk model.

29.7.1. Non-Human Identity: A Typology

Identity Type Example Primary Risk Recommended Control
Device Sensor, badge, industrial controller Cloning, compromised firmware Hardware identity, secure updates
Workload Container, cloud function Stolen token, lateral movement Attestation, secret rotation
API External service Overprivileged access, API abuse Scopes, quotas, auditing
AI Agent Tool-using assistant Unauthorized actions Capabilities, sandboxing, logging
Robot Industrial arm, drone Physical harm Safety interlocks, fail-safe mechanisms, human oversight
Data Document, embedding, memory Leakage, contamination Provenance, encryption, traceability
Model LLM, vision model, classifier Model extraction, poisoning Trust Governance, versioning, adversarial testing

29.7.2. Lifecycle of an Object Identity

  1. Birth: generation or injection of a root identity.
  2. Provisioning: association with an owner, role, purpose, and policy.
  3. Activation: first controlled deployment.
  4. Attestation: proof of hardware or software integrity.
  5. Operation: normal behavior under proportionate monitoring.
  6. Update: signed patches and verifiable software versions.
  7. Suspension: reduction of privileges following anomaly detection.
  8. Revocation: withdrawal of trust.
  9. Transfer: change of ownership or operational context.
  10. End of Life: secure erasure, decommissioning, and archival of evidence.

29.7.3. Connected Devices and the Cyber Resilience Act

The Cyber Resilience Act establishes horizontal cybersecurity requirements for products with digital elements within the European Union. It reinforces the principle that the security of connected devices and software must be addressed throughout their entire lifecycle, from secure design to vulnerability management.

For this dissertation, this means that Predictive Artificial Intelligence Architectures applied to IoT cannot focus solely on performance. They must also be maintainable, attestable, governable, updateable, and compatible with evolving regulatory requirements.

29.8. World Models as Predictive Models of Trust State

A cyber World Model may represent:

  • human identities;
  • machine identities;
  • connected devices;
  • AI agents;
  • sensitive assets;
  • permissions;
  • sessions;
  • network flows;
  • security events;
  • vulnerabilities;
  • software dependencies;
  • expected behaviors;
  • behavioral deviations;
  • attack paths;
  • mitigation measures;
  • the potential consequences of an action.

Such a model makes it possible to ask counterfactual questions, including:

  • What happens if this token is compromised?
  • What happens if this IoT device falsely reports its status?
  • What happens if this AI agent invokes this API?
  • Which attack path becomes feasible if this key is exposed?
  • Which action most effectively limits propagation?
  • Which evidence is still missing before this operation can be authorized?

This line of reasoning is consistent with Pearl‘s work on causality and with the causal representations proposed by Schölkopf et al.. Advanced cybersecurity should therefore do more than classify events; it should understand dependency relationships and predict the effects of interventions.

29.8.1. Variables of a Predictive Trust Model

Variable Example Predictive Role
Identity Human, device, agent Who is acting?
Authenticator Key, token, biometrics, certificate What evidence supports the identity?
Context Location, network, time, device Is the situation consistent?
Integrity Firmware, endpoint, runtime Is the environment trustworthy?
Behavior Sequences, frequency, volume Is there a behavioral deviation?
Resource File, API, vault, connected object How sensitive is the resource?
Action Read, sign, move, control What are the potential consequences?
Memory History, incidents, errors What is already known?
Causality Dependencies, propagation What could this action trigger?
Policy Rules, obligations, thresholds How should the system respond?
Uncertainty Missing evidence, anomaly Should access or action be restricted?

29.8.2. Compromise Trajectories

Within a predictive approach, an attack is not merely an isolated event. Instead, it follows a trajectory: reconnaissance, initial access, privilege escalation, persistence, lateral movement, exfiltration, manipulation, sabotage, or physical impact.

Accordingly, a cyber World Model should learn both normal and abnormal trajectories before evaluating their possible branching paths. This perspective naturally connects cybersecurity with AI Planning: the objective is not only to understand what has already happened, but also to anticipate what may happen next.

Predictive Artificial Intelligence Architectures — 29.9. LAMP-Cyber Architecture

Epistemological status (Register A). Conceptual extension of LAMP-C · applied research framework · not experimentally validated at this stage.

This section proposes an applied extension of LAMP-C for cybersecurity and safety-critical systems.

LAMP-Cyber stands for:

  • L — Language: operational instructions, security policies, alerts, reports, tickets, and regulatory requirements.
  • A — Abstraction: assets, identities, roles, risks, dependencies, and trust states.
  • M — Memory: behavioral history, incidents, decisions, operational contexts, evidence, and vulnerabilities.
  • P — Prediction: attack trajectories, propagation, Trust Continuity disruption, and potential impact.
  • C — Causality / Control: counterfactual reasoning, access decisions, isolation, revocation, fail-closed behavior, and auditing.
Human / machine / object / agent identity
        ↓
Context: device, network, location, time,
behavior, apparent intent
        ↓
Trust Memory: history, incidents,
evidence, policies
        ↓
Predictive Risk Model:
trajectories, anomalies, propagation
        ↓
Causal / Counterfactual Reasoning:
possible consequences
        ↓
Decision:
authorize, restrict, isolate,
revoke, alert, escalate
        ↓
Verifiable Log:
evidence, Trust Governance,
audit, experiential feedback

29.9.1. Classical IAM versus LAMP-Cyber

Dimension Traditional IAM LAMP-Cyber
Decision model Authentication followed by authorization Continuous and predictive trust assessment
Data considered Identity, group, role, MFA Identity, context, behavior, action, consequences
Time model Point-in-time event Continuously evolving state
Memory Logs and directories Experiential Trust Memory
Causality Limited Counterfactual analysis of consequences
Connected objects Often secondary Non-human identities treated as first-class entities
AI agents Rarely modeled Explicitly governed actors
Safety Limited coverage Integrated cyber-physical approach

29.9.2. Fail-Closed Decision-Making and Trust Continuity

In a critical system, uncertainty should not lead to authorization by default. Instead, the decision may need to become:

  • authorize;
  • authorize with restrictions;
  • request additional evidence;
  • isolate;
  • suspend;
  • revoke;
  • escalate to a human operator;
  • refuse in fail-closed mode.

This logic is particularly important for connected devices, robots, autonomous agents, and critical infrastructure.

29.10. Safety: When Digital Compromise Produces Physical Effects

Cybersecurity protects the confidentiality, integrity, availability, and governance of digital systems. Safety, by contrast, aims to prevent harm to people, property, infrastructure, or the environment.

With AI, IoT, and robotics, this boundary is narrowing. A digital compromise may produce a physical effect:

  • a connected lock opening unexpectedly;
  • an industrial robot moving dangerously;
  • a medical sensor transmitting falsified measurements;
  • a drone changing its trajectory;
  • a vehicle accepting an illegitimate command;
  • a smart building modifying ventilation, temperature, or access control;
  • an energy infrastructure receiving a false instruction;
  • an AI agent triggering an operational action through an API.

Safety therefore introduces an additional question: even if the action is technically authorized, is it safe in this context?

29.10.1. Security–Safety Convergence

Domain Central Question Example
Cybersecurity Is the system compromised? Stolen token, malware, injection
Digital Identity Who is actually acting? Human, agent, machine, connected object
Safety Can the action cause harm? Robot, vehicle, medical device
Trust Governance Who is accountable? Deployer, operator, manufacturer, agent
Predictive Model What is likely to happen next? Propagation, physical effect, cascading failure

29.10.2. Security and Safety of Autonomous Systems

Autonomous systems require stricter Trust Governance than purely text-based applications. An agent that writes a summary may make a mistake. However, an agent acting on a machine, a payment, an identity, or a physical access mechanism can cause real harm.

The EU AI Act adopts a risk-based approach to AI systems. For Predictive Artificial Intelligence Architectures applied to safety-critical contexts, this implies:

  • risk classification;
  • documentation;
  • human oversight;
  • robustness;
  • cybersecurity;
  • traceability;
  • incident management;
  • update control;
  • governance of data and models.

29.11. Identity / Authentication / AI / Connected Devices Matrix

Entity AI-Related Risk Classical Authentication Future Requirement References
Human Deepfake, adaptive phishing, coercion Password, MFA, biometrics Proof of presence, context, behavior, action control NIST 800-63-4, FIDO, WebAuthn
AI Agent Unauthorized actions, tool abuse, contaminated memory API key, token Agentic identity, capabilities, sandboxing, auditability OWASP LLM, NIST AI RMF
IoT Device Cloning, compromised firmware, deceptive sensor Certificate, embedded key Hardware attestation, signed update, expected behavior NISTIR 8259A, ETSI EN 303 645
Robot Dangerous physical action Local control, operator Safety, interlock, fail-safe, risk model EU AI Act
Cloud Service Token theft, privilege escalation, lateral movement IAM, OAuth, certificates Governed non-human identity, rotation, attestation Zero Trust
Sensitive Data Exfiltration, RAG contamination ACL, encryption Provenance, classification, controlled use, secure memory NIST CSF, SSDF
AI Model Extraction, poisoning, dangerous behavior Versioning, API access Model governance, red teaming, continuous evaluation NIST AI RMF, OWASP LLM
Critical Infrastructure Cyber-physical cascade Segmentation, supervision Predictive impact model, fail-closed behavior, resilience ENISA Threat Landscape, NIST CSF

Predictive Artificial Intelligence Architectures — 29.12. Sovereign Dimension: Trust Continuity, Segmented Identity, and Local Proof

Epistemological status (Register A). EviSKMS is presented here as a conceptual framework and an observable industrialization foundation as declared by its author. It has not yet undergone independent third-party auditing. Internal implementation mechanisms remain within Register C.

An original research direction consists of exploring architectures in which trust does not depend exclusively on the cloud, a centralized database, or a permanently available online authority. Such an approach is particularly relevant for:

  • sovereign environments;
  • critical infrastructures;
  • disconnected environments;
  • defense;
  • emergency response;
  • industrial IoT;
  • long-life connected devices;
  • local authentication;
  • AI agents operating under constrained conditions;
  • distributed secret and proof management.

Potential research directions include:

  1. Segmented Identity: separating proofs, authentication factors, secrets, or identity attributes.
  2. Local Authentication: enabling trust decisions without permanent dependence on a remote server.
  3. Local Trust Memory: maintaining a verifiable and controlled trust history.
  4. Trust Continuity: preserving a trusted operational state despite disconnection, network loss, or partial attacks.
  5. Verifiable Proof: logs, digital signatures, attestations, timestamps, and chains of evidence.
  6. Revocation Under Constrained Conditions: local suspension, risk thresholds, and emergency policies.
  7. Zero Trust Compatibility: eliminating implicit trust, even within internal environments.
  8. Protection of Connected Devices: hardware identity, signed updates, and expected behavioral profiles.
  9. AI Agent Control: capabilities, operational scope, Trust Modes, and fail-closed behavior.
  10. Operational Sovereignty: reducing critical dependencies on external services.

Rather than opposing existing standards, this approach should be viewed as complementary. Its objective is to make trust architectures more resilient, locally verifiable, and better aligned with the requirements of safety-critical environments.

29.13. Applied Research Program: Predictive AI, Digital Identity, and Cyber-Physical Trust

29.13.1. Research Question

How can a Predictive Artificial Intelligence Architecture be designed to evaluate, maintain, and govern trust among humans, AI agents, connected devices, and critical infrastructures while limiting the risks of compromise, impersonation, unsafe actions, and excessive dependence on a centralized authority?

29.13.2. Research Hypotheses

Hypothesis Statement Validation Criterion
H-CY1 A Trust Memory improves the detection of behavioral deviations. Reduction of false negatives in multi-stage attack scenarios.
H-CY2 A predictive attack-trajectory model improves response before impact. Reduced mitigation time and limited operational impact.
H-CY3 An agent identity governed by capabilities reduces unauthorized actions. Reduction of tool abuse during adversarial testing.
H-CY4 Continuous contextual authentication reduces post-login impersonation. Detection of session hijacking and behavioral anomalies.
H-CY5 Fail-closed decision-making reduces the impact of uncertain situations. No critical access granted without sufficient evidence.
H-CY6 A local, segmented architecture improves offline resilience. Maintenance of safe operations under degraded conditions.

29.13.3. Scientific Challenges

  • Representing a trust state without creating intrusive surveillance.
  • Connecting identity, behavior, context, and causality within an operational model.
  • Evaluating AI agents against realistic multi-stage attacks.
  • Securing both RAG memories and Experiential Memory.
  • Defining capability policies that are understandable and verifiable.
  • Guaranteeing the safety of cyber-physical actions.
  • Preserving the confidentiality of identity signals.
  • Managing revocation, correction, and forgetting in long-term memory.
  • Preventing unsafe defensive automation.
  • Reconciling operational sovereignty with standards-based interoperability.

29.13.4. Proposed Experimental Architecture

Sources: logs, IAM, EDR, IoT, APIs, RAG,
tickets, policies
        ↓
Normalization and abstraction:
assets, identities, relationships, events
        ↓
Trust Memory:
history, evidence, anomalies, incidents
        ↓
Predictive Model:
attack trajectories, risks,
potential consequences
        ↓
Causal Engine / Rules:
counterfactuals, constraints, policies
        ↓
Governed LLM Agent:
explanation, orchestration,
summarization, human interaction
        ↓
Capability Controller:
authorized tools, thresholds,
sandbox, fail-closed
        ↓
Actions:
alert, restrict, revoke,
isolate, request evidence
        ↓
Audit:
signed logs, replay,
justification, experiential feedback

29.13.5. Dedicated Benchmarks

Benchmark Objective Metrics
Indirect prompt injection Evaluate RAG and external tools Compromise rate, data leakage, correct refusal rate
Contaminated memory Evaluate forgetting and correction Persistence of hostile beliefs, purge time
Session hijacking Evaluate Trust Continuity Post-login detection rate, user friction
Cloned IoT device Evaluate attestation and behavioral validation False positives/negatives, isolation time
Overprivileged AI agent Evaluate capability policies Number of dangerous actions prevented
Decision deepfake Evaluate out-of-band verification Fraudulent validation rate
Attack trajectory Evaluate predictive capability Prediction before impact, mitigation effectiveness
Offline degraded mode Evaluate operational sovereignty Maintenance of safe operations
Cyber-physical scenario Evaluate safety Damage prevented, safe shutdown performance

29.13.6. Dedicated Deliverables

Period Cyber-Safety Deliverable
M0–M6 Taxonomy of human, machine, AI agent, and connected-object identities
M6–M12 Corpus of adversarial AI and identity scenarios
M12–M18 Minimal LAMP-Cyber prototype
M18–M24 Trust Memory and Tool-using Agent benchmarks
M24–M30 IoT, non-human identity, and degraded-mode demonstrator
M30–M36 Trust Governance framework, scientific publication, and evaluation guide

29.14. Bridge to the Companion Dissertation — Digital DNA, EviDNA, and the Cryptographic Genome

Epistemological status (Register A). The Cryptographic Genome is presented here as a conceptual and forward-looking formalization. Its detailed development is provided in a separate companion dissertation, while Gen2 implementation mechanisms remain within Register C.

The topics of the Cryptographic Genome, EviDNA, Digital DNA, documentary comparisons with the current state of the art (CNRS, FIDO, PKI, Zero Trust), and the documented industrialization evidence associated with CryptPeer are presented in a separate companion dissertation. This separation preserves the readability of the present document, which focuses on Predictive Artificial Intelligence Architectures and their applied cybersecurity dimension (§29.1–§29.13).

Companion dissertation: DNA and Cryptography — EviDNA, the Cryptographic Genome, and the State of the Art

Topic Section in the Companion Dissertation
Cryptographic Genome — Gen1/Gen2 evolution §1 — Cryptographic Genome
Industrialization matrix and Registers A/B/C §1.1
Obfuscation module — patented variant and EviSKMS extension §1.1.1
EviSKMS–CryptPeer implementation evidence summary §1.3
Structured comparison of digital trust (FIDO, PKI, EviSKMS) §1.4
Cryptographic Genome versus point-in-time identity §1.5
CNRS — synthetic DNA cryptography (external reference) §1.6
Digital DNA / CryptPeer 2026 §1.7
EviDNA implementation evidence — DataShielder §1.10
Prior art and public disclosures §1.9

Summary (Register A). The Freemindtronic trajectory (patent WO/2018/154258, EviDNA 2024, Cryptographic Genome 2026, and the industrialization of CryptPeer/EviSKMS) extends the sovereign architecture and Trust Continuity concepts introduced in §29.12. It is not presented as the theoretical core of this dissertation on Predictive Artificial Intelligence Architectures; rather, it constitutes a separately documented industrial application.

Patent / Industrialization / Confidentiality Partition (Register A). Patent WO/2018/154258 is a public prior-art document. The industrialization of CryptPeer/EviSKMS is supported by declarative observations and non-sensitive evidence (Register A). Genomic extensions and internal implementation mechanisms belong to Register C.

Inventive Lineage (Register A). Jacques Gascuel, inventor and author of this dissertation, oriented his research around a central observation: as Predictive Artificial Intelligence becomes increasingly capable of anticipating, imitating, and exploiting human behavior, traditional point-in-time authentication becomes progressively insufficient for protecting Digital Identity. This led to the hypothesis that a trusted identity should evolve over time, remain continuously re-evaluable, and be governable in response to the growing capabilities of AI, particularly predictive AI.

This research direction first resulted in the segmented-key patent and subsequently evolved into the conceptual framework of EviSKMS. Following the documented proof of implementation in 2024 of encryption and digital signatures derived from human DNA (the living-being dimension of the EviDNA trajectory), the research later expanded toward a broader conceptual framework for digital trust based on a genomic paradigm (Digital DNA and the Cryptographic Genome). These developments are presented in detail within the companion dissertation.

The present dissertation retains, in §29.12 and §29.13, the scientific framework connecting Predictive Artificial Intelligence, Digital Identity, and Cyber-Physical Trust. The cryptographic mechanisms, DNA/CNRS comparisons, and operational architectures are intentionally reserved for the companion dissertation.
[/ux_text] [/col]

Predictive Artificial Intelligence Architectures — Limitations, Falsifiability, and Scope of Validity

This section consolidates, for Freemindtronic’s public reference publication, material that is distributed elsewhere in the dissertation (§11.5, §18, §19, Appendix A.6). Its purpose is to make the document defensible for a skeptical reader, whether a researcher, auditor, journalist, or industrial partner.

Predictive Artificial Intelligence Architectures — What This Dissertation Does Not Claim to Prove

This document is not:

  • an exhaustive PRISMA-style systematic review;
  • an independent security audit or a compliance attestation (eIDAS, Common Criteria, FIPS, etc.);
  • a published quantitative benchmark comparing EviSKMS with FIDO, PKI, or competing solutions;
  • an enabling technical disclosure allowing reproduction of Gen2 mechanisms or post-patent extensions;
  • peer validation in the strict sense of publication in a peer-reviewed journal.

It is: an interdisciplinary framework for Predictive Artificial Intelligence Architectures; an applied positioning in cybersecurity and Cyber-Physical Trust (§29.1–§29.13); and a bridge to the companion DNA/EviDNA dissertation for cryptographic details and state-of-the-art comparisons.

Scope of Validity by Register

Register Public Scope of Validity Explicit Limitation
AI framework (LAMP-C, taxonomy) Conceptual and methodological; falsifiable hypotheses in §18.2 LAMP-C experimentation has not yet been published as a corpus of results.
State of the art (§23) Documentary synthesis at the time of writing Rapidly evolving field; non-exhaustive scope.
Genome / CryptPeer / EviDNA Developed in the companion dissertation See the limitations and hypotheses H-C1–H-C5 in the DNA/EviDNA dissertation.
Patent WO2018154258 Authorized partial disclosure on segmentation and conditional reconstruction Does not cover genomic extensions or the complete EviSKMS runtime.

Falsifiable Hypotheses — Predictive Artificial Intelligence Dimension

Hypotheses H1 to H5 in §18.2 concern LAMP-C and hybrid architectures integrating memory, causality, World Models, and Neuro-symbolic AI. They remain valid for the AI research dimension of this dissertation.

However, their confirmation or refutation requires the experimental protocols described in §18.3 and §24.

Predictive Artificial Intelligence Architectures — Falsifiable Hypotheses — Digital Trust Dimension (EviSKMS Gen1)

Hypotheses H-C1 to H-C5 concerning continuity, fail-closed behavior, DDNA, anti-replay mechanisms, and differentiation from existing standards are formulated and detailed in the companion DNA/EviDNA dissertation.

Global Refutation Conditions for the Freemindtronic Positioning

The framework defended in this dissertation would be significantly weakened if one of the following conditions were established publicly and reproducibly:

  1. Gen2 presented without register qualification, despite its detailed mechanisms belonging to Register C.
  2. Systemic bypass of fail-closed, RI, or DRT continuity controls within the qualified sovereign-local scope, without a documented corrective measure.
  3. Absence of correlation between the patented segmentation mechanism and the industrialized Gen1 mechanisms, indicating a technical or documentary discontinuity.
  4. Independent benchmark evidence showing that properly deployed MFA/WebAuthn achieves the same temporal continuity and runtime governance properties without an additional layer, across the same adversarial scenarios.
  5. Unintentional enabling disclosure in public communications, including the dissertation, videos, or press releases, allowing a third party to reproduce Gen2 or post-patent extensions.

Methodological Constraint Related to Intellectual Property

The controlled publication strategy based on Registers A / B / C strengthens IP protection. However, it also reduces immediate external falsifiability: a third party cannot reproduce or deeply audit mechanisms classified as Register C without an agreement.

This constraint is intentional. It requires a clear distinction between:

  • what is publicly verifiable, including product existence, declared automated tests, granted patents, and timestamped disclosures;
  • what is verifiable under NDA (Register B);
  • what is deliberately not published (Register C).

Full scientific recognition will require third-party evaluations on authorized scopes, after IP protection has been secured, in accordance with §1.2 of the companion dissertation.

Predictive Artificial Intelligence Architectures — Epistemological Modesty

This dissertation adopts the position of an inventor-researcher: field observation and industrialization provide strong signals, but they do not replace independent validation.

General Conclusion

Large Language Models have demonstrated the power of large-scale statistical learning. They will remain an essential component of modern artificial intelligence, because language is the primary medium of explicit human knowledge.

However, language alone is likely insufficient to produce robust artificial general intelligence. An intelligence capable of action must retain experience, represent context, anticipate the consequences of its actions, reason causally, plan, and control its own limits.

World Models represent a major path toward this capability, but they are not the only one. Neuro-symbolic AI, Tool-using Agents, RAG, persistent memory, reinforcement learning, Active Inference, Causal Models, search-based planning, and embodied architectures each contribute part of the solution.

The central contribution of this dissertation is to shift the analytical focus toward a broader framework: Predictive Artificial Intelligence Architectures. Within this framework, World Models are no longer the school of thought to defend; rather, they become one pillar of a larger architecture grounded in memory, abstraction, causality, action, and Trust Governance.

The applied cybersecurity dimension shows why this approach is becoming critical. Identity, context, memory, behavior, proof, action, and consequence must be connected in order to maintain Trust Continuity between humans, AI agents, machines, and connected devices.

The Cryptographic Genome / EviDNA trajectory, including CryptPeer/EviSKMS industrialization, illustrates this evolution on the sovereign trust side. It is developed in the companion DNA/EviDNA dissertation. The section on limitations and falsifiability specifies the scope of validity of the present document.

A major architectural evolution in AI will likely not consist merely of a larger model. Instead, it will depend on a better-structured architecture: language, abstraction, memory, prediction, causality, action, and control, subject to the methodological limits explicitly stated in this dissertation.

Predictive Artificial Intelligence Architectures — Annotated Scientific Bibliography

This bibliography is designed as an interactive section. Each entry includes a stable internal link, one or more official or primary links, and an indication of how it is used in the dissertation.

Quick Bibliography Index

Cognitive Origins and Symbolic Grounding

Craik, K. J. W. (1943). The Nature of Explanation.

Official / primary links: PhilPapers · Google Books / CUP Archive · Internet Archive. A foundational reference introducing the concept of an internal small-scale model of reality. It is useful for showing that the idea of a World Model predates modern artificial intelligence. Use in this dissertation: historical origins of internal models, mental simulation, and prediction before action. ↩ Back to the bibliography index

Johnson-Laird, P. N. (1983). Mental Models.

Official / primary links: Google Books / Harvard University Press · ACM Guide. A landmark work in cognitive psychology introducing the theory of mental models. It establishes a conceptual bridge between human reasoning and the internal simulation of possible situations. Use in this dissertation: cognition, internal simulation, and reasoning about possible situations. ↩ Back to the bibliography index

Harnad, S. (1990). The Symbol Grounding Problem.

Official / primary links: Oxford Computer Science PDF. A classic paper addressing the challenge of assigning meaning to symbols that are connected only to other symbols. Use in this dissertation: symbolic grounding and the limitations of language in the absence of perception and action. ↩ Back to the bibliography index

Large Language Models (LLMs): Capabilities and Limitations

Bender, E. M., Gebru, T., McMillan-Major, A., & Shmitchell, S. (2021). On the Dangers of Stochastic Parrots: Can Language Models Be Too Big?

Official / primary links: ACM Digital Library · ACM FAccT 2021. A landmark paper arguing that scaling language models does not, by itself, produce grounded understanding. The authors examine issues related to data quality, bias, environmental cost, and the limitations of purely statistical language modeling. Use in this dissertation: critical analysis of LLM limitations, symbolic grounding, and the distinction between language generation and genuine understanding. ↩ Back to the bibliography index

Gurnee, W., & Tegmark, M. (2023). Language Models Represent Space and Time.

Official / primary links: arXiv. This study provides evidence that Large Language Models develop internal representations encoding spatial and temporal relationships, suggesting that statistical learning can produce latent predictive representations extending beyond surface-level language patterns. Use in this dissertation: internal representations in LLMs, latent world representations, and the scientific debate on emergent cognitive capabilities. ↩ Back to the bibliography index

Berglund, L., et al. (2023). The Reversal Curse: LLMs Trained on “A is B” Fail to Learn “B is A”.

Official / primary links: arXiv. This paper introduces the Reversal Curse, demonstrating that language models may learn directional relationships without reliably inferring their inverse. The findings highlight limitations in generalization and relational reasoning. Use in this dissertation: limits of generalization, causal reasoning, and the robustness of internal representations. ↩ Back to the bibliography index

Brown, T. B., et al. (2020). Language Models are Few-Shot Learners.

Official / primary links: arXiv. The foundational GPT-3 paper demonstrating that scaling transformer-based language models enables strong few-shot, one-shot, and zero-shot performance across a wide range of natural language tasks. Use in this dissertation: emergence of in-context learning, scaling laws, and the practical capabilities of Large Language Models. ↩ Back to the bibliography index

OpenAI (2023). GPT-4 Technical Report.

Official / primary links: arXiv. Describes the architecture, evaluation methodology, capabilities, and limitations of GPT-4, including benchmark performance and safety considerations. Use in this dissertation: state of the art in industrial LLMs, evaluation methodology, and current operational capabilities. ↩ Back to the bibliography index

Cognitive Science and Human Learning

Lake, B. M., Ullman, T. D., Tenenbaum, J. B., & Gershman, S. J. (2017). Building Machines That Learn and Think Like People.

Official / primary links: Science. A seminal article arguing that human-level intelligence requires more than statistical pattern matching. The authors advocate integrating compositionality, causality, intuitive physics, intuitive psychology, and efficient learning inspired by cognitive science. Use in this dissertation: cognitive foundations of Predictive Artificial Intelligence Architectures, compositional representations, and causal reasoning. ↩ Back to the bibliography index

Dehaene, S. (2020). How We Learn: Why Brains Learn Better Than Any Machine… for Now.

Official / primary links: Penguin Random House · Collège de France. Dehaene explores the principles underlying human learning, emphasizing attention, active engagement, error correction, abstraction, and consolidation. Use in this dissertation: human learning mechanisms, abstraction, Agentic Memory, and the relationship between learning and prediction. ↩ Back to the bibliography index

Friston, K. (2010). The Free-Energy Principle: A Unified Brain Theory?

Official / primary links: Nature Reviews Neuroscience. This influential paper proposes that biological systems minimize variational free energy through prediction and continual interaction with their environment, providing a theoretical foundation for perception, action, and learning. Use in this dissertation: predictive cognition, Active Inference, and theoretical foundations of predictive intelligence. ↩ Back to the bibliography index

Clark, A. (2013). Whatever Next? Predictive Brains, Situated Agents, and the Future of Cognitive Science.

Official / primary links: Cambridge University Press. Clark argues that cognition is fundamentally predictive, with the brain continuously generating and updating models of the world through perception and action. Use in this dissertation: predictive cognition, World Models, Active Inference, and predictive representations. ↩ Back to the bibliography index

Human Vision and Sensory Processing

Gibson, J. J. (1979). The Ecological Approach to Visual Perception.

Official / primary links: Google Books. Gibson introduced the ecological theory of perception, arguing that perception is fundamentally rooted in direct interaction with the environment rather than in passive image processing. Use in this dissertation: perceptual grounding, embodied intelligence, and the relationship between perception and action. ↩ Back to the bibliography index

Marr, D. (1982). Vision: A Computational Investigation into the Human Representation and Processing of Visual Information.

Official / primary links: MIT Press. A foundational work in computational vision proposing a hierarchical theory of visual processing, from low-level sensory signals to abstract representations. Use in this dissertation: hierarchical representations, abstraction, predictive perception, and World Models. ↩ Back to the bibliography index

DiCarlo, J. J., Zoccolan, D., & Rust, N. C. (2012). How Does the Brain Solve Visual Object Recognition?

Official / primary links: Neuron. This review explains how the primate visual system develops invariant object representations while preserving behaviorally relevant information. Use in this dissertation: perceptual representations, abstraction, and biologically inspired approaches to Predictive Artificial Intelligence Architectures. ↩ Back to the bibliography index

Reinforcement Learning and World Models

Sutton, R. S., & Barto, A. G. (2018). Reinforcement Learning: An Introduction (2nd ed.).

Official / primary links: Official online edition. The reference textbook on reinforcement learning, covering value functions, policy optimization, temporal-difference learning, planning, model-based reinforcement learning, and exploration. Use in this dissertation: reinforcement learning, planning, predictive decision-making, and the foundations of World Models. ↩ Back to the bibliography index

Ha, D., & Schmidhuber, J. (2018). World Models.

Official / primary links: arXiv · Official project website. This pioneering work demonstrates how an agent can learn a compact latent model of its environment and use it for simulation, prediction, and planning before acting. Use in this dissertation: foundational reference for modern World Models, latent predictive representations, and predictive planning. ↩ Back to the bibliography index

Moerland, T. M., Broekens, J., & Jonker, C. M. (2023). Model-Based Reinforcement Learning: A Survey.

Official / primary links: arXiv. A comprehensive survey of model-based reinforcement learning, covering predictive environment models, planning algorithms, uncertainty estimation, and sample-efficient learning. Use in this dissertation: state of the art in model-based reinforcement learning, predictive planning, and World Models. ↩ Back to the bibliography index

Hafner, D., Pasukonis, J., Ba, J., & Lillicrap, T. (2023). Mastering Diverse Domains through World Models.

Official / primary links: arXiv. This paper presents DreamerV3, showing that a single World Model architecture can learn efficiently across a wide range of environments using latent imagination and predictive planning. Use in this dissertation: scalable World Models, latent imagination, generalization, and planning across heterogeneous environments. ↩ Back to the bibliography index

Silver, D., Hubert, T., Schrittwieser, J., et al. (2018). A General Reinforcement Learning Algorithm That Masters Chess, Shogi, and Go through Self-Play.

Official / primary links: Science. The AlphaZero paper demonstrates how planning, self-play, and predictive search can achieve superhuman performance without handcrafted domain knowledge. Use in this dissertation: planning, predictive search, reinforcement learning, and model-guided decision-making. ↩ Back to the bibliography index

Kocsis, L., & Szepesvári, C. (2006). Bandit Based Monte-Carlo Planning.

Official / primary links: Springer. This paper introduces Monte Carlo Tree Search (MCTS) with UCT, a breakthrough planning algorithm that balances exploration and exploitation through predictive simulation. Use in this dissertation: planning, predictive search, decision-making, and simulation-based reasoning. ↩ Back to the bibliography index

JEPA, Video, and Embodied Robotics

Bardes, A. et al. (2024). JEPA / V-JEPA Works.

Official / primary links: arXiv — Revisiting Feature Prediction for Learning Visual Representations from Video. A reference on learning predictive representations in latent space. Use in this dissertation: explaining why predicting abstract representations may be preferable to reconstructing every pixel. ↩ Back to the bibliography index

Assran, M. et al. (2025). V-JEPA 2: Self-Supervised Video Models Enable Understanding, Prediction and Planning.

Official / primary links: arXiv · Meta AI — V-JEPA 2. Useful for discussing video prediction, abstract representations, and physical planning. Use in this dissertation: linking video, physical understanding, prediction, and planning. ↩ Back to the bibliography index

World Model for Robot Learning: A Comprehensive Survey (2026).

Official / primary links: arXiv · arXiv HTML. A recent survey on World Models in robotics, covering their paradigms, applications, limitations, and relationship to planning. Use in this dissertation: 2025–2026 state of the art, embodied robotics, benchmarks, and future research directions. ↩ Back to the bibliography index

A Comprehensive Survey on World Models for Embodied AI (2025).

Official / primary links: arXiv. A survey on World Models for embodied AI. Use in this dissertation: Appendix A.3, robotics, simulation, and embodied AI. ↩ Back to the bibliography index

RAG, Tool-Using Agents, and Agentic Memory

Lewis, P., et al. (2020). Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks.

Official / primary links: arXiv. This foundational paper introduced Retrieval-Augmented Generation (RAG), combining Large Language Models with external knowledge retrieval to improve factual accuracy and reduce hallucinations. Use in this dissertation: retrieval-augmented reasoning, external knowledge integration, and the limits of document retrieval as a substitute for understanding. ↩ Back to the bibliography index

Yao, S., et al. (2023). ReAct: Synergizing Reasoning and Acting in Language Models.

Official / primary links: arXiv. ReAct demonstrates how interleaving reasoning traces with actions enables Large Language Models to interact more effectively with external tools and environments. Use in this dissertation: Tool-using Agents, reasoning-action loops, planning, and agent orchestration. ↩ Back to the bibliography index

Schick, T., et al. (2023). Toolformer: Language Models Can Teach Themselves to Use Tools.

Official / primary links: arXiv. Toolformer shows that Large Language Models can learn autonomously when and how to invoke external tools during inference, improving task performance without explicit supervision. Use in this dissertation: Tool-using Agents, autonomous tool selection, and hybrid Predictive Artificial Intelligence Architectures. ↩ Back to the bibliography index

Zhang, Y., et al. (2024). A Survey of Memory Mechanisms for Large Language Model Agents.

Official / primary links: arXiv. This survey reviews memory architectures for LLM-based agents, including memory writing, retrieval, consolidation, forgetting, contradiction handling, and long-term knowledge management. Use in this dissertation: Agentic Memory, Experiential Memory, long-term memory architectures, and trust-aware memory management. ↩ Back to the bibliography index

Du, X. (2026). Large Language Model Agent Memory: A Survey.

Official / primary links: arXiv. A comprehensive survey examining memory models for autonomous AI agents, including memory organization, lifecycle management, retrieval strategies, governance, evaluation, and future research directions. Use in this dissertation: Agentic Memory, Experiential Memory, memory governance, and persistent AI agents. ↩ Back to the bibliography index

Predictive Artificial Intelligence Architectures — Limitations and Capabilities of LLMs

Bender, E. M., Gebru, T., McMillan-Major, A., & Mitchell, M. (2021). On the Dangers of Stochastic Parrots.

Official / primary links: ACM DOI · Author PDF. An influential critique of Large Language Models, useful for addressing risks, grounding, bias, and the limits of text-only learning. Use in this dissertation: scientific caution regarding LLMs, scaling risks, and limits of understanding. ↩ Back to the bibliography index

Gurnee, W., & Tegmark, M. (2023). Language Models Represent Space and Time.

Official / primary links: arXiv · Official code. An important reference for qualifying critiques of LLMs: some models appear to encode spatial and temporal representations. Use in this dissertation: acknowledging that LLMs may contain fragments of World Models. ↩ Back to the bibliography index

Berglund, L. et al. (2023). The Reversal Curse.

Official / primary links: arXiv · OpenReview PDF. This work demonstrates a weakness in the relational generalization of autoregressive LLMs. Use in this dissertation: limits of relational reasoning and inverse generalization. ↩ Back to the bibliography index

Cognitive Science and Human Learning

Lake, B. M., Ullman, T. D., Tenenbaum, J. B., & Gershman, S. J. (2017). Building Machines That Learn and Think Like People.

Official / primary links: arXiv · PubMed · Stanford PDF. A major reference in cognitive science for Causal Models, intuitive physics, intuitive psychology, and rapid learning. Use in this dissertation: central argument for moving beyond purely text-based learning. ↩ Back to the bibliography index

Human Vision and Sensory Flow

Koch, K. et al. (2006). How Much the Eye Tells the Brain.

Official / primary links: PMC / NIH · EurekAlert / Penn. This work is useful for cautiously framing comparisons between human visual flow and the textual data processed by LLMs. The order of magnitude of retinal information transmission should be treated carefully; these estimates must not be presented as a strict equivalence between human vision and textual tokens. Use in this dissertation: cautious formulation of the passage on the four-year-old child. ↩ Back to the bibliography index

Predictive Artificial Intelligence Architectures — Reinforcement Learning and World Models

Sutton, R. S., & Barto, A. G. (2018). Reinforcement Learning: An Introduction.

Official / primary links: Official book website · Stanford PDF. A central reference on reinforcement learning, especially the distinction between model-based and model-free methods. Use in this dissertation: foundation for the distinction between action, reward, environment models, and planning. ↩ Back to the bibliography index

Moerland, T. M., Broekens, J., Plaat, A., & Jonker, C. M. (2023). Model-Based Reinforcement Learning: A Survey.

Official / primary links: ACM / Foundations and Trends · arXiv. This survey is useful for positioning model-based reinforcement learning as an approach to planning and anticipation. Use in this dissertation: integration of learning, environmental dynamics, and planning. ↩ Back to the bibliography index

Ha, D., & Schmidhuber, J. (2018). World Models.

Official / primary links: arXiv · Official interactive website. A modern explicit reference on World Models in AI: compressed representation, latent dynamics, and an agent trained within an internal model. Use in this dissertation: modern definition of World Models. ↩ Back to the bibliography index

LeCun, Y. (2022). A Path Towards Autonomous Machine Intelligence.

Official / primary links: OpenReview PDF. A structuring position on the limits of LLMs alone and the need for World Models, memory, perception, and planning. Use in this dissertation: autonomous architecture, latent-space prediction, and the role of memory and action. ↩ Back to the bibliography index

JEPA, Video, and Embodied Robotics

Bardes, A. et al. (2024). JEPA / V-JEPA Works.

Official / primary links: arXiv — Revisiting Feature Prediction for Learning Visual Representations from Video. A reference on learning predictive representations in latent space. Use in this dissertation: explaining why predicting abstract representations may be preferable to reconstructing every pixel. ↩ Back to the bibliography index

Assran, M. et al. (2025). V-JEPA 2: Self-Supervised Video Models Enable Understanding, Prediction and Planning.

Official / primary links: arXiv · Meta AI — V-JEPA 2. Useful for discussing video prediction, abstract representations, and physical planning. Use in this dissertation: connecting video, physical understanding, prediction, and planning. ↩ Back to the bibliography index

World Model for Robot Learning: A Comprehensive Survey (2026).

Official / primary links: arXiv · arXiv HTML. A recent survey on World Models in robotics, including paradigms, applications, limitations, and links with planning. Use in this dissertation: 2025–2026 state of the art, embodied robotics, benchmarks, and research perspectives. ↩ Back to the bibliography index

A Comprehensive Survey on World Models for Embodied AI (2025).

Official / primary links: arXiv. A survey on World Models for embodied AI. Use in this dissertation: Appendix A.3, robotics, simulation, and embodied AI. ↩ Back to the bibliography index

RAG, Tools, Agents, and Memory

Lewis, P. et al. (2020). Retrieval-Augmented Generation for Knowledge-Intensive NLP Tasks.

Official / primary links: arXiv · NeurIPS PDF. A foundational reference for RAG, useful for distinguishing document retrieval from causal understanding. Use in this dissertation: external document memory and the limits of RAG as a substitute for understanding. ↩ Back to the bibliography index

Schick, T. et al. (2023). Toolformer.

Official / primary links: arXiv · ACM Guide. A reference on how language models can learn to use tools. Use in this dissertation: Tool-using Agents, APIs, retrieval, and external computation. ↩ Back to the bibliography index

Yao, S. et al. (2023). ReAct: Synergizing Reasoning and Acting in Language Models.

Official / primary links: arXiv · Google Research Blog · Project / code. A major reference on the integration of reasoning and action in LLM agents. Use in this dissertation: interleaving reasoning and action, Tool-using Agents, and hallucination reduction through interaction. ↩ Back to the bibliography index

Huang, X. et al. (2024). Understanding the Planning of LLM Agents: A Survey.

Official / primary links: arXiv. This survey is useful for planning, memory, reflection, plan selection, and external modules in LLM agents. Use in this dissertation: mapping planning mechanisms in LLM agents. ↩ Back to the bibliography index

Zhang, Z. et al. (2024). A Survey on the Memory Mechanism of Large Language Model based Agents.

Official / primary links: arXiv · ACM TOIS · Associated GitHub. A reference on memory mechanisms in LLM agents. Use in this dissertation: external memory, Agentic Memory, design, and evaluation. ↩ Back to the bibliography index

Du, P. (2026). Memory for Autonomous LLM Agents: Mechanisms, Evaluation, and Emerging Frontiers.

Official / primary links: arXiv · arXiv HTML. A recent survey on autonomous agent memory, including consolidation, recall, forgetting, contradiction, and multimodal memory. Use in this dissertation: Agentic Memory, the write–manage–read loop, and cognitive continuity. ↩ Back to the bibliography index

Neuro-symbolic AI

Garcez, A. d’Avila, & Lamb, L. C. (2023). Neurosymbolic AI: the 3rd wave.

Official / primary links: DOI — Artificial Intelligence Review · Garcez author page. A useful reference for explaining the integration of neural learning and symbolic reasoning. Use in this dissertation: reasoning, rules, explainability, logic, and learning. ↩ Back to the bibliography index

Colelough, B. C., & Regli, W. (2025). Neuro-Symbolic AI in 2024: A Systematic Review.

Official / primary links: arXiv · CEUR Workshop PDF. A recent systematic review of Neuro-symbolic AI. Use in this dissertation: state of the art in Neuro-symbolic AI, gaps, explainability, and metacognition. ↩ Back to the bibliography index

Yang, X.-W. et al. (2025). Neuro-Symbolic Artificial Intelligence: Towards Improving the Reasoning Abilities of Large Language Models.

Official / primary links: arXiv · IJCAI PDF. A survey on the use of Neuro-symbolic AI to strengthen the reasoning capabilities of LLMs. Use in this dissertation: Symbolic→LLM, LLM→Symbolic, and LLM+Symbolic architectures. ↩ Back to the bibliography index

Active Inference

Friston, K. (2010). The Free-Energy Principle: A Unified Brain Theory?

Official / primary links: Nature Reviews Neuroscience · PubMed. A foundational reference on the Free-Energy Principle. Use in this dissertation: perception, action, learning, and uncertainty minimization. ↩ Back to the bibliography index

Friston, K. et al. (2025). Active inference and artificial reasoning.

Official / primary links: arXiv. A recent work connecting Active Inference, reasoning, action selection, and World Models. Use in this dissertation: action selection to reduce uncertainty in World Models. ↩ Back to the bibliography index

de Vries, B. (2026). Active Inference for Physical AI Agents — An Engineering Perspective.

Official / primary links: arXiv. A recent reference on Active Inference applied to physical agents. Use in this dissertation: physical agents, real-time constraints, message passing, and control. ↩ Back to the bibliography index

Predictive Artificial Intelligence Architectures — Causality

Pearl, J. (2009). Causality: Models, Reasoning, and Inference.

Official / primary links: Cambridge University Press · Academic PDF. A foundational reference on causality, interventions, and counterfactual reasoning. Use in this dissertation: distinction between correlation and causality, intervention, and counterfactual reasoning. ↩ Back to the bibliography index

Schölkopf, B. et al. (2021). Toward Causal Representation Learning.

Official / primary links: arXiv · Max Planck publication. An important reference on causality, representations, and out-of-distribution robustness. Use in this dissertation: learning high-level causal variables from low-level observations. ↩ Back to the bibliography index

Predictive Artificial Intelligence Architectures — Model-Free Reinforcement Learning, MCTS, and AlphaZero

Kocsis, L., & Szepesvári, C. (2006). Bandit Based Monte-Carlo Planning.

Official / primary links: Springer (ECML 2006). The seminal publication introducing the UCT algorithm, which established Monte Carlo Tree Search (MCTS) as a practical planning method. Use in this dissertation: search-based planning, decision-making under uncertainty, and predictive exploration. ↩ Back to the bibliography index

Silver, D. et al. (2018). A General Reinforcement Learning Algorithm that Masters Chess, Shogi, and Go through Self-Play.

Official / primary links: Science · Google DeepMind. Introduces AlphaZero, combining deep reinforcement learning with Monte Carlo Tree Search to achieve superhuman performance through self-play. Use in this dissertation: predictive planning, search-guided decision-making, and model-based optimization. ↩ Back to the bibliography index

Predictive Artificial Intelligence Architectures — Cybersecurity, Digital Identity, IoT, and Safety

OWASP Foundation (2025). OWASP Top 10 for Large Language Model Applications 2025.

Official / primary links: OWASP GenAI Security Project. The leading community reference describing the principal security risks affecting LLMs, agentic AI systems, retrieval-augmented generation (RAG), and tool-using agents. Use in this dissertation: AI cybersecurity, prompt injection, excessive agency, model security, supply-chain risks, and Trust Governance. ↩ Back to the bibliography index

National Institute of Standards and Technology (2023). Artificial Intelligence Risk Management Framework (AI RMF 1.0).

Official / primary links: NIST AI RMF. The U.S. reference framework for governing AI risks throughout the system lifecycle. Use in this dissertation: AI Governance, Trust Governance, risk management, evaluation, and oversight of Predictive Artificial Intelligence Architectures. ↩ Back to the bibliography index

National Institute of Standards and Technology (2024). Cybersecurity Framework (CSF 2.0).

Official / primary links: NIST Cybersecurity Framework 2.0. The reference framework for cybersecurity governance and organizational resilience. Use in this dissertation: cybersecurity governance, Cyber-Physical Trust, resilience, and Trust Continuity. ↩ Back to the bibliography index

National Institute of Standards and Technology (2020). SP 800-207 — Zero Trust Architecture.

Official / primary links: NIST SP 800-207. Defines the Zero Trust Architecture model based on continuous verification and context-aware access control. Use in this dissertation: Trust Continuity, adaptive trust decisions, Digital Identity, and Cyber-Physical Trust. ↩ Back to the bibliography index

National Institute of Standards and Technology (2025). SP 800-63-4 — Digital Identity Guidelines.

Official / primary links: NIST SP 800-63-4. The latest NIST guidance on identity proofing, authentication, federation, and authenticator assurance. Use in this dissertation: Digital Identity, continuous authentication, Trust Continuity, and identity governance. ↩ Back to the bibliography index

World Wide Web Consortium (W3C). Web Authentication: WebAuthn Level 3.

Official / primary links: W3C WebAuthn Level 3. The web standard for public-key authentication. Use in this dissertation: phishing-resistant authentication, Digital Identity, and comparison with sovereign trust architectures. ↩ Back to the bibliography index

FIDO Alliance. Passkeys.

Official / primary links: FIDO Alliance — Passkeys. Official documentation describing passwordless authentication based on public-key cryptography. Use in this dissertation: passwordless authentication, Digital Identity, phishing resistance, and comparison with EviSKMS. ↩ Back to the bibliography index

European Telecommunications Standards Institute (ETSI). ETSI EN 303 645 — Cyber Security for Consumer Internet of Things.

Official / primary links: ETSI EN 303 645. The European baseline cybersecurity standard for consumer IoT devices. Use in this dissertation: IoT security, Digital Identity, Cyber-Physical Trust, and connected devices. ↩ Back to the bibliography index

National Institute of Standards and Technology (2020). NISTIR 8259A — IoT Device Cybersecurity Capability Core Baseline.

Official / primary links: NISTIR 8259A. Defines the core cybersecurity capabilities expected from IoT devices. Use in this dissertation: device identity, secure lifecycle management, and Cyber-Physical Trust. ↩ Back to the bibliography index

European Union (2024). Regulation (EU) 2024/1689 — Artificial Intelligence Act.

Official / primary links: EUR-Lex — AI Act. The European regulatory framework governing AI systems according to risk categories. Use in this dissertation: AI Governance, Trust Governance, compliance, and high-risk AI systems. ↩ Back to the bibliography index

European Union (2024). Regulation (EU) 2024/2847 — Cyber Resilience Act.

Official / primary links: EUR-Lex — Cyber Resilience Act. Establishes cybersecurity requirements for products with digital elements throughout their lifecycle. Use in this dissertation: cybersecurity by design, IoT, Digital Identity, Cyber-Physical Trust, and lifecycle governance. ↩ Back to the bibliography index

European Union Agency for Cybersecurity (ENISA). ENISA Threat Landscape 2025.

Official / primary links: ENISA Publications. Annual European analysis of emerging cyber threats and evolving attack trends. Use in this dissertation: cyber risk evolution, AI-enabled threats, Cyber-Physical Trust, and operational resilience. ↩ Back to the bibliography index

European Union Agency for Cybersecurity (ENISA) (2025). ENISA Threat Landscape 2025.

Official / primary links: ENISA Threat Landscape 2025 · Official ENISA PDF. The annual European assessment of the cyber threat landscape, documenting emerging attack trends, adversary capabilities, and major incidents. Use in this dissertation: European cyber context, converging threats, and justification of the applied cybersecurity perspective. ↩ Back to the bibliography index

National Institute of Standards and Technology (2020). NISTIR 8259A — IoT Device Cybersecurity Capability Core Baseline.

Official / primary links: NISTIR 8259A · Official NIST PDF. Defines the baseline cybersecurity capabilities expected of Internet of Things devices, including device identity, secure configuration, data protection, logical interfaces, software updates, and cybersecurity state awareness. Use in this dissertation: IoT Digital Identity, device lifecycle, hardware attestation, and secure maintenance. ↩ Back to the bibliography index

European Telecommunications Standards Institute (ETSI) (2024). ETSI EN 303 645 — Cyber Security for Consumer Internet of Things.

Official / primary links: Official ETSI EN 303 645 (Version 3.1.3). The leading European cybersecurity standard for consumer IoT devices, covering default credentials, vulnerability management, software updates, personal data protection, and attack surface reduction. Use in this dissertation: IoT security, connected devices, minimum cybersecurity requirements, and secure lifecycle management. ↩ Back to the bibliography index

FIDO Alliance. Passkeys and FIDO Authentication.

Official / primary links: Passkeys · FIDO Specifications. Official industry references for phishing-resistant passwordless authentication based on public-key cryptography without shared server-side secrets. Use in this dissertation: Digital Identity, human authentication, local proof of possession, and phishing resistance. ↩ Back to the bibliography index

World Wide Web Consortium (W3C) (2026). Web Authentication: An API for Accessing Public Key Credentials — Level 3.

Official / primary links: WebAuthn Level 3 Specification · W3C Candidate Recommendation Announcement. Defines the WebAuthn API enabling web applications to create and use attested public-key credentials bound to a relying party. Use in this dissertation: Passkeys, strong authentication, phishing resistance, and verified Digital Identity. ↩ Back to the bibliography index

European Commission. European Digital Identity Wallet (EUDI Wallet).

Official / primary links: European Digital Identity Wallet · Architecture and Reference Framework. The European framework for user-controlled digital identity wallets supporting selective disclosure and cross-border interoperability under eIDAS 2. Use in this dissertation: sovereign Digital Identity, identity wallets, user consent, and verifiable attributes. ↩ Back to the bibliography index

National Institute of Standards and Technology (2022). SP 800-218 — Secure Software Development Framework (SSDF) Version 1.1.

Official / primary links: NIST SP 800-218. Defines recommended practices for secure software development throughout the software lifecycle. Use in this dissertation: secure development of AI agents, software tools, dependencies, and software supply chains. ↩ Back to the bibliography index

Cybersecurity and Infrastructure Security Agency (CISA). Secure by Design.

Official / primary links: CISA Secure by Design. Promotes shifting cybersecurity responsibility toward software vendors through security-by-design and security-by-default principles. Use in this dissertation: Secure by Design, AI systems, connected devices, and critical software engineering. ↩ Back to the bibliography index

European Union (2024). Regulation (EU) 2024/2847 — Cyber Resilience Act.

Official / primary links: EUR-Lex — Regulation (EU) 2024/2847. Establishes horizontal cybersecurity requirements for products with digital elements throughout their lifecycle. Use in this dissertation: connected devices, digital products, secure lifecycle management, vulnerability management, and European regulatory compliance. ↩ Back to the bibliography index

European Union (2024). Regulation (EU) 2024/1689 — Artificial Intelligence Act.

Official / primary links: EUR-Lex — Regulation (EU) 2024/1689 · EUR-Lex Summary. The European regulatory framework governing AI systems according to risk categories. Use in this dissertation: AI Governance, high-risk AI systems, safety, human oversight, and traceability. ↩ Back to the bibliography index

ISO/IEC 30107. Information Technology — Biometric Presentation Attack Detection.

Official / primary links: ISO/IEC 30107-1:2023. The ISO/IEC family of standards defining terminology and evaluation methods for biometric Presentation Attack Detection (PAD). Use in this dissertation: authentication of living persons, biometrics, liveness detection, PAD, deepfakes, and presentation attacks. ↩ Back to the bibliography index

National Institute of Standards and Technology. Face Recognition Vendor Test (FRVT).

Official / primary links: NIST FRVT. The NIST evaluation program for facial recognition technologies, providing independent performance assessments across diverse operational scenarios. Use in this dissertation: biometric evaluation, human Digital Identity, and limitations of facial recognition systems. ↩ Back to the bibliography index

Glossary

This glossary extends the analysis of predictive artificial intelligence architectures by connecting concepts from artificial intelligence, memory, causality, cybersecurity, digital identity and trust governance.

Agentopen
A software entity capable of observing an environment, reasoning, making decisions and acting to achieve one or more objectives.
Hybrid architectureopen
An architecture combining complementary approaches such as language models, memory, tools, world models, causal reasoning, symbolic reasoning and planning to improve overall intelligence.
Counterfactualopen
Reasoning about what would have happened if an action, condition or variable had been different.
Latent spaceopen
A compressed internal representation learned by a model to organize complex information into a form suitable for prediction and reasoning.
Experiential memoryopen
Memory storing episodes, actions, decisions, errors and accumulated learning throughout interactions.
Causal modelopen
A model representing cause-and-effect relationships and enabling reasoning about interventions and alternative scenarios.
World modelopen
An internal representation of an environment used to predict its evolution, simulate possible actions and estimate their consequences.
Planningopen
The process of selecting a sequence of actions to achieve an objective while accounting for constraints, uncertainty and expected consequences.
Retrieval-Augmented Generation (RAG)open
An architecture combining a language model with retrieval mechanisms to access external knowledge sources during inference.
Continuous trustopen
An approach in which the trust state is continuously reassessed according to identity, context, behaviour, available evidence and risk.
Non-human identityopen
An identity associated with a device, service, workload, API, software agent, robot or artificial intelligence system.
LAMP-Cyberopen
The cybersecurity extension of LAMP-C, integrating Language, Abstraction, Memory, Prediction and Causality/Control with cyber-physical trust continuity.
Prompt injectionopen
An attack that manipulates the behaviour of a language model or autonomous agent through malicious direct or indirect instructions.
RAG poisoningopen
The compromise or contamination of the retrieval corpus or vector database used by a retrieval-augmented generation system.
Safetyopen
The discipline concerned with preventing harm to people, property, infrastructure or the environment, particularly in cyber-physical systems.
Zero Trustopen
A security model in which no identity, device, network or session is trusted by default. Every access request is evaluated according to identity, context, evidence and applicable policies.
Cyber-physical trustopen
Trust continuity linking digital identity, operational context, physical environment, actions and governance in systems where digital decisions may produce real-world effects.
Fail-closedopen
A security principle whereby access or execution is denied whenever evidence, context or trust cannot be sufficiently established.
Trusted runtimeopen
A controlled execution environment in which system integrity, security policies and trust decisions are continuously evaluated during operation.
Local proofopen
Evidence generated or verified locally, without requiring permanent dependence on a central server, to attest an identity, state or action.
Segmented identityopen
An approach in which identity or trust is established through multiple complementary segments, such as context, hardware, evidence, environment or policy, rather than a single authentication factor.
Cryptographic governanceopen
The set of policies, controls, states, evidence and audit mechanisms governing the lifecycle and use of cryptographic mechanisms.
Falsifiabilityopen
The scientific criterion requiring that a hypothesis can be tested and potentially refuted through observations, measurements or counterexamples.
Cryptographic genomeopen
An architectural metaphor describing a structured organization of trust evidence, states, policies, dependencies and temporal continuity. It does not refer to biological DNA or DNA computing.
DNA cryptographyopen
A family of cryptographic approaches using biological or synthetic DNA as a physical substrate, encoding medium or entropy source. It must not be confused with the Freemindtronic cryptographic genome, which is a digital trust architecture.
[/ux_text] [/col] [/row]

Predictive Artificial Intelligence Architectures — Appendices

The appendices gather material useful for submission, defense, or external positioning of the dissertation, without overloading the main scientific argument: comparative positioning against the state of the art (Appendix A).

Appendix A — Comparative Positioning Against the State of the Art

Predictive Artificial Intelligence Architectures — A.1. Benchmark Status

This benchmark is not an experimental benchmark of algorithmic performance. Rather, it is a documentary, conceptual, and methodological benchmark intended to position this dissertation in relation to major publications and surveys in the field.

It compares the dissertation with three families of sources:

  1. scientific publications specializing in World Models, LLM agents, memory, Neuro-symbolic AI, Active Inference, causality, and reinforcement learning;
  2. cybersecurity, Digital Identity, and governance frameworks produced by reference organizations;
  3. synthesis documents that map a single subfield without proposing a transversal unifying framework.

The objective is to determine whether the dissertation provides distinct value: not by replacing these works, but by connecting them within a common framework oriented toward Predictive Artificial Intelligence Architectures, memory, causality, planning, cybersecurity, safety, and Trust Continuity.

A.2. Comparison Criteria

The benchmark uses nine criteria.

Criterion Question Evaluated
C1 — World Model Coverage Does the document treat World Models as actionable Predictive Representations?
C2 — Comparison of Competing Approaches Does it compare LLMs, Neuro-symbolic AI, reinforcement learning, causality, Active Inference, memory, and agents?
C3 — Memory Dimension Does it integrate memory as a central mechanism of cognitive continuity?
C4 — Causality and Counterfactuality Does it analyze the limits of correlation and the role of causal reasoning?
C5 — Planning and Action Does it connect prediction, decision-making, and action?
C6 — Evaluation and Benchmarks Does it propose falsifiable criteria and validation protocols?
C7 — Cybersecurity, Safety, and Digital Identity Does it extend these concepts to digital trust, humans, machines, AI agents, and connected devices?
C8 — Unifying Architecture Does it propose a reusable architecture or taxonomy?
C9 — Academic Exploitability Can it serve as the foundation for a university dissertation, doctoral project, or research consortium?

A.3. Qualitative Comparison with Major Publications

Source / Source Family Main Contribution Strong Coverage Relative Limitation Compared with This Dissertation Positioning of This Dissertation
World Models — Ha & Schmidhuber (2018) Modern formalization of World Models in AI Latent model, agent, internal environment Does not cover modern competing approaches, cybersecurity, or Digital Identity This dissertation builds on this foundation and integrates it into a broader architecture. See Ha & Schmidhuber — World Models.
LeCun — A Path Towards Autonomous Machine Intelligence (2022) Structuring vision: perception, memory, World Models, and planning Critique of LLMs alone; latent-space prediction Programmatic document, less comparative on cybersecurity and Digital Identity This dissertation extends that intuition by comparing it with other directions. See LeCun — A Path Towards Autonomous Machine Intelligence.
World Model surveys in robotics, 2025–2026 Technical state of the art on embodied World Models Robotics, simulation, datasets, metrics Highly specialized in robotics and embodied AI This dissertation integrates them as one major pillar, while also adding language, memory, Digital Identity, cybersecurity, and governance. See World Model for Robot Learning and A Comprehensive Survey on World Models for Embodied AI.
LLM agent surveys Planning, tools, memory, reflection, and autonomous agents Tool-using textual agents, task decomposition, memory Often centered on LLM orchestration rather than cyber-physical safety This dissertation positions LLM agents as a component, not as a sufficient architecture. See Huang et al. — Understanding the Planning of LLM Agents, ReAct, and Toolformer.
Surveys on Agentic Memory Storage, retrieval, consolidation, and experience Long-term memory for agents Limited connection with World Models, Digital Identity, and cybersecurity This dissertation treats memory as a mechanism of both cognitive continuity and Trust Continuity. See Zhang et al. — Memory Mechanism of LLM Agents and Du — Memory for Autonomous LLM Agents.
Neuro-symbolic AI Reasoning, logic, verification, explainability Rules, constraints, logic, hybridization Less centered on perception, action, and the physical world This dissertation integrates Neuro-symbolic AI as a building block for control and governance. See Garcez & Lamb — Neurosymbolic AI, Colelough & Regli — Neuro-Symbolic AI in 2024, and Yang et al. — Neuro-Symbolic AI and LLM Reasoning.
Active Inference Perception-action, uncertainty reduction, generative model Unified theory of cognition and action More theoretical and difficult to industrialize directly This dissertation positions Active Inference as a closely related path to World Models. See Friston — The Free-Energy Principle, Friston et al. — Active Inference and Artificial Reasoning, and de Vries — Active Inference for Physical AI Agents.
Causality / Causal Representation Learning Interventions, counterfactual reasoning, robustness Causality and out-of-distribution generalization Rarely integrated into complete agentic architectures This dissertation integrates causality as an axis of robustness and auditability. See Pearl — Causality and Schölkopf et al. — Toward Causal Representation Learning.
Cybersecurity / Digital Identity Frameworks Standards, assurance, risks, authentication NIST, ENISA, OWASP, FIDO, eIDAS, CRA, AI Act Do not propose a theory of Predictive Artificial Intelligence Architectures This dissertation connects these frameworks with Predictive AI, agents, Digital Identity, and connected devices. See NIST SP 800-63-4, OWASP GenAI Security Project, and ENISA Threat Landscape 2025.

Predictive Artificial Intelligence Architectures — A.4. Differentiation Matrix

Qualitative scoring: 0 = absent, 1 = weak, 2 = present, 3 = central.

Document / Approach C1 World C2 Competition C3 Memory C4 Causality C5 Action C6 Evaluation C7 Cyber / Identity C8 Architecture C9 Research Project
Ha & Schmidhuber 2018 3 0 1 0 2 1 0 2 1
LeCun 2022 3 1 2 1 3 1 0 3 2
World Models Robot Learning 2026 3 1 1 1 3 3 0 2 2
Embodied World Models 2025 3 1 1 1 3 3 0 2 2
LLM Agent Planning Survey 2024 0 2 2 1 2 2 0 1 1
Agent Memory Surveys 2024–2026 0 1 3 0 1 2 0 1 1
Neuro-symbolic systematic reviews 0 2 1 2 1 2 1 2 1
NIST / OWASP / ENISA / FIDO / eIDAS 0 0 1 1 2 3 3 1 2
Present dissertation 3 3 3 3 3 3 3 3 3

This matrix does not claim that the dissertation is superior to specialized publications within their own domains. The high scores assigned to the present dissertation reflect its cross-disciplinary synthesis function (broad coverage), not experimental superiority in every subfield. A robotics survey remains more precise on robotics; NIST remains more normative on Digital Identity; Ha & Schmidhuber remain more foundational on World Models. Rather, the matrix highlights a difference in function: it does not replace specialized surveys; it connects them within a transversal architecture. See also the digital trust comparison in the companion DNA/EviDNA dissertation, which adopts a more cautious reading of interoperability and standardization.

A.5. Distinctive Contribution of the Dissertation

The dissertation is distinguished by eight contributions.

Contribution 1 — Unifying Framework

It shifts the debate from “World Models versus LLMs” to a broader question: which architectures can connect language, perception, memory, causality, prediction, action, and control?

Contribution 2 — Proposed Taxonomy

The proposed taxonomy of Predictive Artificial Intelligence Architectures classifies architectures according to seven dimensions: language, perception, memory, causality, action, prediction, and planning.

Contribution 3 — LAMP-C Architecture

The LAMP-C architecture proposes a synthetic articulation of language, abstraction, memory, prediction, and causality/control.

Contribution 4 — Cyber-Physical Extension

The LAMP-Cyber dimension applies Predictive Artificial Intelligence Architectures to Trust Continuity among humans, machines, AI agents, and connected devices.

Contribution 5 — From Dissertation to Research Program

The dissertation includes falsifiable hypotheses, an AI-TRL maturity framework, benchmarks, and an applied research program.

Contribution 6 — Patented Lineage and Industrialization Evidence

The dissertation connects the Gen1 Cryptographic Genome with the international segmented-key patent (WO/2018/154258) and a non-sensitive evidence appendix derived from EviSKMS-CryptPeer, with public / confidential / IP classification.

Contribution 7 — Cross-Disciplinary Francophone Positioning

Most specialized publications are in English and segmented by domain. This dissertation offers a structured, interactive, research-oriented synthesis in French.

Contribution 8 — Limitations, Falsifiability, and Public Publication

The dissertation includes a limitations and falsifiability section, a companion DNA/EviDNA dissertation, and a short public version, in order to distinguish demonstration, industrialization, applied research, and validation that remains open.

Vulnerabilitat Passkeys: Les Claus d’Accés Sincronitzades no són Invulnerables

Vulnerabilitat Passkeys: Imatge amb clau trencada, ham de phishing i títol DEF CON 33 – Passkeys Pwned, que simbolitza l'atac d'intercepció WebAuthn i la fallada de les claus d'accés sincronitzades.

Vulnerabilitat Passkeys: Una vulnerabilitat crítica, revelada a la DEF CON 33, demostra que les passkeys sincronitzades poden ser objecte de phishing en temps real. De fet, Allthenticate va provar que una sol·licitud d’autenticació falsificable pot segrestar una sessió WebAuthn en viu.

Resum Executiu — La Vulnerabilitat Passkeys i el WebAuthn API Hijacking

▸ Conclusió Clau — Atac de WebAuthn API Hijacking

Oferim un resum dens (≈ 1 min) per a decisors i CISOs. Per a una anàlisi tècnica completa (≈ 13 min), però, hauríeu de llegir l’article sencer.

Imagineu un mètode d’autenticació elogiat com a resistent al phishing — anomenat passkeys sincronitzades — i després explotat en viu a la DEF CON 33 (del 8 a l’11 d’agost de 2025, Las Vegas). Llavors, quina era la vulnerabilitat? Era una fallada de WebAuthn API Hijacking (un atac d’intercepció al flux d’autenticació), que va permetre la falsificació de la sol·licitud de passkeys en temps real.

Aquesta única demostració, de fet, desafia directament la seguretat proclamada de les passkeys sincronitzades al núvol i obre el debat sobre alternatives sobiranes. Vam veure emergir dues troballes clau de recerca a l’esdeveniment: primer, la falsificació de la sol·licitud en temps real (un atac d’intercepció de WebAuthn), i segon, el DOM extension clickjacking. Cal destacar que aquest article se centra exclusivament en la falsificació de la sol·licitud perquè innegablement soscava la promesa “resistent al phishing” per a les passkeys sincronitzades vulnerables.

▸ Resum

El punt feble ja no és la criptografia; en canvi, és el disparador visual. En resum, els atacants comprometen la interfície, no la clau criptogràfica.

Visió Estratègica Aquesta demostració, per tant, exposa una fallada històrica: els atacants poden abusar perfectament d’un mètode d’autenticació anomenat “resistent al phishing” si poden falsificar i explotar la sol·licitud en el moment adequat.

Crònica per llegir
Article to Read
Temps de lectura estimat: ≈ 13 minuts (+4–5 min si mireu els vídeos incrustats)
Nivell de complexitat: Avançat / Expert
Idiomes disponibles: CAT · EN · ES · FR
Accessibilitat: Optimitzat per a lectors de pantalla
Tipus: Article Estratègic
Autor: Jacques Gascuel, inventor i fundador de Freemindtronic®, dissenya i patenta sistemes de seguretat de maquinari sobirans per a la protecció de dades, la sobirania criptogràfica i les comunicacions segures. Com a expert en conformitat amb ANSSI, NIS2, GDPR i SecNumCloud, desenvolupa arquitectures by-design capaces de contrarestar amenaces híbrides i garantir una ciberseguretat 100% sobirana.

Fonts Oficials

TL; DR

  • A la DEF CON 33 (del 8 a l’11 d’agost de 2025), investigadors d’Allthenticate van demostrar un camí de WebAuthn API Hijacking: els atacants poden segrestar passkeys anomenades “resistents al phishing” a través de la falsificació de la sol·licitud en temps real.
  • La fallada no resideix en els algorismes criptogràfics; més aviat, es troba a la interfície d’usuari—el punt d’entrada visual.
  • En última instància, aquesta revelació exigeix una revisió estratègica: hem de prioritzar les passkeys lligades al dispositiu per a casos d’ús sensibles i alinear els desplegaments amb models d’amenaça i requisits reglamentaris.

2022 2026 Digital Security

EviDNA cryptographie ADN | mémoire Jacques Gascuel

2026 Digital Security

EviDNA DNA Cryptography | Jacques Gascuel Memory

2025 2026 Digital Security Technical News

Quantum computer 6100 qubits ⮞ Historic 2025 breakthrough

2025 2026 Digital Security

WhatsApp zero-click vulnerability and runtime compromise

2026 Cyber Doctrine Digital Security

Whisper Leak side-channel and LLM token leakage

2023 2026 Digital Security Phishing

BITB Attacks: How to Avoid Phishing by iFrame

2026 Digital Security

Zero-Knowledge Downgrade Attacks — Structural Risks

2025 Cyberculture Digital Security

Browser Fingerprinting Tracking: Metadata Surveillance in 2026

2023 2026 Digital Security

CVE-2023-32784 : Pourquoi PassCypher protège vos secrets

2023 2026 Digital Security

CVE-2023-32784 Protection with PassCypher NFC HSM

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations

2025 Digital Security

Persistent OAuth Flaw: How Tycoon 2FA Hijacks Cloud Access

2026 Crypto Currency Cryptocurrency Digital Security

Ledger Security Breaches from 2017 to 2026: How to Protect Yourself from Hackers

2025 Digital Security

Bot Telegram Usersbox : l’illusion du contrôle russe

2026 Awards Cyberculture Digital Security Distinction Excellence EviOTP NFC HSM Technology EviPass EviPass NFC HSM technology EviPass Technology finalists PassCypher PassCypher

Quantum-Resistant Passwordless Manager — PassCypher finalist, Intersec Awards 2026 (FIDO-free, RAM-only)

2025 Cyberculture Cybersecurity Digital Security EviLink

CryptPeer messagerie P2P WebRTC : appels directs chiffrés de bout en bout

2025 CyptPeer Digital Security EviLink

Missatgeria P2P WebRTC segura — comunicació directa amb CryptPeer

2025 Digital Security

Russia Blocks WhatsApp: Max and the Sovereign Internet

2025 Digital Security

Spyware ClayRat Android : faux WhatsApp espion mobile

2025 Digital Security

Android Spyware Threat Clayrat : 2025 Analysis and Exposure

2023 Digital Security

WhatsApp Hacking: Prevention and Solutions

2025 Digital Security Technical News

Sovereign SSH Authentication with PassCypher HSM PGP — Zero Key in Clear

2025 Digital Security Tech Fixes Security Solutions Technical News

SSH Key PassCypher HSM PGP — Sécuriser l’accès multi-OS à un VPS

2025 Digital Security Technical News

Générateur de mots de passe souverain – PassCypher Secure Passgen WP

2025 Digital Security Technical News

Ordinateur quantique 6100 qubits ⮞ La percée historique 2025

2025 Cyberculture Digital Security

Authentification multifacteur : anatomie, OTP, risques

2025 Digital Security

Email Metadata Privacy: EU Laws & DataShielder

2025 Digital Security

Chrome V8 confusió RCE — Actualitza i postura Zero-DOM

2025 Digital Security

Chrome V8 confusion RCE — Your browser was already spying

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

2025 Digital Security

Chrome V8 Zero-Day: CVE-2025-6554 Actively Exploited

2025 Digital Security

APT29 Exploits App Passwords to Bypass 2FA

2025 Digital Security

Signal Clone Breached: Critical Flaws in TeleMessage

2025 Digital Security

APT29 Spear-Phishing Europe: Stealthy Russian Espionage

2025 Digital Security

APT44 QR Code Phishing: New Cyber Espionage Tactics

2024 Digital Security

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know

2021 Cyberculture Digital Security Phishing

Phishing Cyber victims caught between the hammer and the anvil

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

2024 Digital Security Technical News

Apple M chip vulnerability: A Breach in Data Security

Digital Security Technical News

Brute Force Attacks: What They Are and How to Protect Yourself

2023 Digital Security

Predator Files: The Spyware Scandal That Shook the World

2023 Digital Security

5Ghoul: 5G NR Attacks on Mobile Devices

2024 Digital Security

Europol Data Breach: A Detailed Analysis

Digital Security EviToken Technology Technical News

EviCore NFC HSM Credit Cards Manager | Secure Your Standard and Contactless Credit Cards

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

Articles Digital Security EviVault Technology NFC HSM technology Technical News

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester

Articles Cryptocurrency Digital Security Technical News

Securing IEO STO ICO IDO and INO: The Challenges and Solutions

Articles Cyberculture Digital Security Technical News

Protect Meta Account Identity Theft with EviPass and EviOTP

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2023 Articles Cyberculture Digital Security Technical News

Strong Passwords in the Quantum Computing Era

2024 Digital Security

PrintListener: How to Betray Fingerprints

En Ciberseguretat Sobirana ↑ Aquest article forma part de la nostra secció de Seguretat Digital, continuant la nostra recerca sobre els exploits de maquinari de confiança zero i les contramesures.

▸ Punts Clau

  • Vulnerabilitat Confirmada: Les passkeys sincronitzades al núvol (Apple, Google, Microsoft) no són 100% resistents al phishing.
  • Nova Amenaça: La falsificació de la sol·licitud en temps real explota la interfície d’usuari en lloc de la criptografia.
  • Impacte Estratègic: Les infraestructures crítiques i les agències governamentals han de migrar a credencials lligades al dispositiu i a solucions sobiranes fora de línia (NFC HSM, claus segmentades).

Què és un Atac de WebAuthn API Hijacking?

Un atac d’intercepció de WebAuthn a través d’una sol·licitud d’autenticació falsificable (WebAuthn API Hijacking) consisteix a imitar en temps real la finestra d’autenticació mostrada per un sistema o navegador. Per tant, l’atacant no busca trencar l’algorisme criptogràfic; en lloc d’això, reprodueix la interfície d’usuari (UI) en el moment exacte en què la víctima espera veure una sol·licitud legítima. Els enganys visuals, el cronometratge precís i la sincronització perfecta fan que l’engany sigui indistingible per a l’usuari.

Exemple simplificat:
Un usuari creu que està aprovant una connexió al seu compte bancari a través d’una sol·licitud legítima del sistema d’Apple o Google. En realitat, està interactuant amb un quadre de diàleg clonat per l’atacant. Com a resultat, l’adversari captura la sessió activa sense alertar la víctima.
▸ En resum: A diferència dels atacs de phishing “clàssics” a través de correu electrònic o llocs web fraudulents, la falsificació de la sol·licitud en temps real té lloc durant l’autenticació, quan l’usuari té més confiança.

Història de les Vulnerabilitats de Passkey / WebAuthn

Malgrat la seva robustesa criptogràfica, les passkeys — basades en els estàndards oberts WebAuthn i FIDO2 de la FIDO Alliance — no són invulnerables. La història de les vulnerabilitats i les recerques recents confirmen que el punt feble sovint resideix en la interacció de l’usuari i l’entorn d’execució (navegador, sistema operatiu). La indústria va adoptar oficialment les passkeys el 5 de maig de 2022, després d’un compromís d’Apple, Google i Microsoft per estendre el seu suport a les seves respectives plataformes.

Cronologia exhaustiva de l'evolució de les vulnerabilitats Passkey i WebAuthn (2012-2025), des de la creació de FIDO fins als atacs d'IA, destacant solucions com PassCypher per a la ciberseguretat a Andorra i Catalunya.
Evolució Accelerada de les Vulnerabilitats Passkey i WebAuthn (2012-2025): Una cronologia detallada que il·lustra els punts d’inflexió clau en la seguretat de les credencials, des de la fundació de FIDO fins a l’aparició de l’IA com a multiplicador d’amenaces, incloent-hi les revelacions de la DEF CON 33 i l’emergència de solucions sobiranes com PassCypher, crucial per a la protecció digital a Andorra i Catalunya.

Cronologia de la Vulnerabilitat Passkeys

  • SquareX – Navegadors Compromesos (agost 2025):

    A la DEF CON 33, una demostració va mostrar que una extensió o script maliciós pot interceptar el flux de WebAuthn per substituir les claus. Vegeu l’anàlisi de TechRadar i l’informe de SecurityWeek.

  • CVE-2025-31161 (març/abril 2025):

    Salt d’autenticació a CrushFTP mitjançant una condició de carrera. Font Oficial del NIST.

  • CVE-2024-9956 (març 2025):

    Apoderament de comptes mitjançant Bluetooth a Android. Aquest atac va demostrar que un atacant pot desencadenar remotament una autenticació maliciosa a través d’un intent `FIDO:/`. Anàlisi de Risky.Biz. Font Oficial del NIST.

  • CVE-2024-12604 (març 2025):

    Emmagatzematge en text clar de dades sensibles a Tap&Sign, explotant una mala gestió de contrasenyes. Font Oficial del NIST.

  • CVE-2025-26788 (febrer 2025):

    Salt d’autenticació al Servidor FIDO de StrongKey. Font Detallada.

  • Passkeys Pwned – Segrest de l’API basat en el navegador (inicis de 2025):

    Un estudi de recerca va mostrar que el navegador, com a mediador únic, pot ser un punt de fallada. Llegiu l’anàlisi de Security Boulevard.

  • CVE-2024-9191 (novembre 2024):

    Exposició de contrasenyes a través d’Okta Device Access. Font Oficial del NIST.

  • CVE-2024-39912 (juliol 2024):

    Enumeració d’usuaris a través d’una fallada a la biblioteca PHP `web-auth/webauthn-lib`. Font Oficial del NIST.

  • Atacs de tipus CTRAPS (2024):

    Aquests atacs a nivell de protocol (CTAP) exploten els mecanismes d’autenticació per a accions no autoritzades. Per a més informació sobre els atacs a nivell de protocol FIDO, vegeu aquesta presentació de Black Hat sobre les vulnerabilitats de FIDO.

  • Primer Desplegament a Gran Escala (setembre 2022):

    Apple va ser el primer a desplegar passkeys a gran escala amb el llançament d’iOS 16, fent d’aquesta tecnologia una realitat per a centenars de milions d’usuaris. Comunicat de Premsa Oficial d’Apple.

  • Llançament i Adopció de la Indústria (maig 2022):

    La FIDO Alliance, unida per Apple, Google i Microsoft, va anunciar un pla d’acció per estendre el suport de les passkeys a totes les seves plataformes. Comunicat de Premsa Oficial de la FIDO Alliance.

  • Atacs de Cronometratge a keyHandle (2022):

    Una vulnerabilitat que permet la correlació de comptes mesurant les variacions de temps en el processament dels `keyHandles`. Vegeu l’article d’IACR ePrint 2022.

  • Phishing de Mètodes de Recuperació (des del 2017):

    Els atacants utilitzen proxies AitM (com Evilginx, que va aparèixer el 2017) per amagar l’opció de passkey i forçar un retorn a mètodes menys segurs que es poden capturar. Més detalls sobre aquesta tècnica.

  • Black Hat FIDO 2017 → CTRAPS (CTAP Replay / Protocol-level Attacks):

    A la conferència Black Hat USA 2017 es van presentar vulnerabilitats a nivell de protocol CTAP, demostrant la possibilitat de repetir missatges d’autenticació per realitzar accions no autoritzades.
    Vegeu la presentació oficial de Black Hat.

La IA com a Multiplicador de la Vulnerabilitat Passkeys

La intel·ligència artificial no és una fallada de seguretat, sinó un catalitzador que fa que els atacs existents siguin més eficaços. Des de l’aparició dels models d’IA generativa com GPT-3 (2020) i DALL-E 2 (2022), han aparegut noves capacitats per a l’automatització d’amenaces. Aquests desenvolupaments permeten notablement:

  • Atacs a Gran Escala (des del 2022): La IA generativa permet als atacants crear sol·licituds d’autenticació i missatges de phishing personalitzats per a un volum massiu d’objectius, augmentant l’efectivitat del phishing de mètodes de recuperació.
  • Recerca de Vulnerabilitats Accelerada (des del 2023): La IA es pot utilitzar per automatitzar la cerca de fallades de seguretat, com l’enumeració d’usuaris o la detecció de fallades lògiques en el codi d’implementació.
Nota Històrica — Els riscos associats a les sol·licituds falsificables a WebAuthn ja van ser plantejats per la comunitat a l’issue #1965 de W3C GitHub (abans de la demostració de la DEF CON 33). Això demostra que la interfície d’usuari ha estat reconeguda des de fa temps com un punt feble en l’autenticació anomenada “resistent al phishing”.

“Aquestes vulnerabilitats recents i històriques ressalten el paper crític del navegador i del model de desplegament (device-bound vs. synced). Reforcen la crida a arquitectures sobiranes que estiguin desconnectades d’aquests vectors de compromís.”

Vulnerabilitat Passkeys i del Model de Sincronització

Una de les vulnerabilitats de seguretat de les passkeys més debatudes no concerneix el protocol WebAuthn en si mateix, sinó el seu model de desplegament. La majoria de les publicacions sobre el tema diferencien entre dos tipus de passkeys:

  • Passkeys lligades al dispositiu: Emmagatzemades en un dispositiu físic (com una clau de seguretat de maquinari o una Secure Enclave). Aquest model es considera generalment molt segur perquè no es sincronitza a través d’un servei de tercers.
  • Passkeys sincronitzades: Emmagatzemades en un gestor de contrasenyes o un servei al núvol (iCloud Keychain, Google Password Manager, etc.). Aquestes passkeys es poden sincronitzar a través de múltiples dispositius. Per a més detalls sobre aquesta distinció, consulteu la documentació de la FIDO Alliance.

La vulnerabilitat rau aquí: si un atacant aconsegueix comprometre el compte del servei al núvol, podria potencialment obtenir accés a les passkeys sincronitzades a tots els dispositius de l’usuari. Aquest és un risc que les passkeys lligades al dispositiu no comparteixen. La recerca acadèmica, com aquest article publicat a arXiv, explora aquesta qüestió, destacant que “la seguretat de les passkeys sincronitzades es concentra principalment en el proveïdor de passkeys.”

Aquesta distinció és crucial perquè la implementació de passkeys sincronitzades vulnerables contradiu l’esperit mateix d’un MFA anomenat resistent al phishing, ja que la sincronització introdueix un intermediari i una superfície d’atac addicional. Això justifica la recomanació de la FIDO Alliance de prioritzar les passkeys lligades al dispositiu per a la màxima seguretat.

La Demostració de la DEF CON 33 – WebAuthn API Hijacking en Acció

El WebAuthn API Hijacking és el fil conductor d’aquesta secció: expliquem breument el camí d’atac mostrat a la DEF CON 33 i com una sol·licitud falsificable va permetre la presa de control de la sessió en temps real, abans de detallar les proves en viu i els fragments de vídeo.

Passkeys Pwned — La Vulnerabilitat Passkeys a la DEF CON 33

Durant la DEF CON 33, l’equip d’Allthenticate va presentar una xerrada titulada “Passkeys Pwned: Turning WebAuthn Against Itself.”
Aquesta sessió va demostrar com els atacants podien explotar el WebAuthn API Hijacking per comprometre passkeys sincronitzades en temps real utilitzant una sol·licitud d’autenticació falsificable.

Utilitzant la frase provocadora “Passkeys Pwned”, els investigadors van emfatitzar deliberadament que fins i tot les credencials anomenades resistents al phishing poden ser segrestades quan la pròpia interfície d’usuari és el punt feble.

Proves de WebAuthn API Hijacking a la DEF CON 33

A Las Vegas, al cor de la DEF CON 33 (del 8 a l’11 d’agost de 2025), la comunitat de hackers més respectada del món va presenciar una demostració que va fer que molts es remoguessin. De fet, els investigadors d’Allthenticate van mostrar en viu que una passkey sincronitzada vulnerable – malgrat ser etiquetada com a “resistent al phishing” – podia ser enganyada. Llavors, què van fer? Van executar un atac de WebAuthn API Hijacking (falsificació de la sol·licitud del sistema) del tipus de falsificació de la sol·licitud d’autenticació en temps real. Van crear un quadre de diàleg d’autenticació fals, perfectament cronometrat i visualment idèntic a la UI legítima. En última instància, l’usuari creia que estava validant una autenticació legítima, però l’adversari va segrestar la sessió en temps real. Aquesta prova de concepte fa tangible la “Fallada d’Intercepció de WebAuthn de les Passkeys” a través d’una sol·licitud falsificable en temps real.

Fragments de Vídeo — WebAuthn API Hijacking en la Pràctica

Per visualitzar la seqüència, mireu el clip següent: mostra com el WebAuthn API Hijacking sorgeix d’un simple engany de la UI que alinea el temps i l’aparença amb la sol·licitud del sistema esperada, conduint a una captura de sessió sense problemes.

Autors Oficials i Mitjans de la DEF CON 33
Shourya Pratap Singh, Jonny Lin, Daniel Seetoh — investigadors d’Allthenticate, autors de la demo “Your Passkey is Weak: Phishing the Unphishable”.
Vídeo d’Allthenticate a TikTok — explicació directa per l’equip.
Vídeo de la DEF CON 33 Las Vegas (TikTok) — un cop d’ull a la conferència.
Fragments destacats de la DEF CON 33 (YouTube) — incloent la fallada de les passkeys.

▸ Resum

La DEF CON 33 va demostrar que les passkeys sincronitzades vulnerables poden ser compromeses en viu quan una sol·licitud d’autenticació falsificable s’insereix al flux de WebAuthn.

Comparació – Fallada d’Intercepció de WebAuthn: Falsificació de Sol·licitud vs. DOM Clickjacking

A la DEF CON 33, dues grans troballes de recerca van sacsejar la confiança en els mecanismes d’autenticació moderns. De fet, ambdós exploten les fallades relacionades amb la interfície d’usuari (UX) en lloc de la criptografia, però els seus vectors i objectius difereixen radicalment.

Comparació de l'arquitectura de PassCypher i FIDO WebAuthn destacant la resistència al phishing i els riscos de falsificació de sol·licituds
Comparació de les arquitectures de PassCypher i FIDO WebAuthn mostrant per què les Passkeys són vulnerables al WebAuthn API hijacking mentre que PassCypher elimina els riscos de falsificació de sol·licituds.

Falsificació de Sol·licitud en Temps Real

DOM Clickjacking

  • Autors: Un altre equip d’investigadors (DEF CON 33).
  • Objectiu: Gestors de credencials, extensions, passkeys emmagatzemades.
  • Vector: iframes invisibles, Shadow DOM, scripts maliciosos per segrestar l’autocompletat.
  • Impacte: Exfiltració silenciosa de credencials, passkeys i claus de la cartera de criptomonedes.

▸ Conclusió clau: Aquest article se centra exclusivament en la falsificació de sol·licituds, que il·lustra una fallada d’intercepció de WebAuthn important i posa en dubte la promesa de “passkeys resistents al phishing”. Per a un estudi complet sobre DOM clickjacking, consulteu l’article relacionat.

Implicacions Estratègiques – Passkeys i Vulnerabilitats d’UX

Com a resultat, la “Fallada d’Intercepció de WebAuthn de les Passkeys” ens obliga a repensar l’autenticació al voltant de models sense sol·licitud i sense núvol.

▸ Anàlisi
No és la criptografia el que falla, sinó la il·lusió d’immunitat. La intercepció de WebAuthn demostra que el risc resideix en la UX, no en l’algorisme.

Regulacions i Conformitat – MFA i Intercepció de WebAuthn

Documents oficials com la guia de la CISA sobre MFA resistent al phishing o la directiva OMB M-22-09 insisteixen en aquest punt: l’autenticació és “resistent al phishing” només si cap intermediari pot interceptar o segrestar el flux de WebAuthn.
En teoria, les passkeys de WebAuthn respecten aquesta regla. A la pràctica, però, la vulnerabilitat passkeys sincronitzades obre una fallada d’intercepció que els atacants poden explotar a través d’una sol·licitud d’autenticació falsificable.

A Europa, tant la directiva NIS2 com la certificació SecNumCloud reiteren el mateix requisit: cap dependència de serveis de tercers no controlats.

Com a tal, la “Fallada d’Intercepció de WebAuthn de les Passkeys” contradiu l’esperit d’un MFA anomenat resistent al phishing, perquè la sincronització introdueix un intermediari.

En altres paraules, un núvol dels EUA que gestiona les vostres passkeys queda fora de l’abast d’una sobirania digital estricta.

▸ Resum

Una passkey sincronitzada vulnerable pot comprometre el requisit d’un MFA resistent al phishing (CISA, NIS2) quan un atac d’intercepció de WebAuthn és possible.

Estadístiques Europees i Francòfones – Phishing en Temps Real, Intercepció de WebAuthn i la Vulnerabilitat Passkeys

Els informes públics confirmen que els atacs de phishing avançats — incloent tècniques en temps real — representen una amenaça major a la Unió Europea i a la zona francòfona.

  • Unió Europea — ENISA: Segons l’informe Threat Landscape 2024, el phishing i l’enginyeria social representen el 38% dels incidents reportats a la UE, amb un augment notable dels mètodes de Adversary-in-the-Middle i de la falsificació de sol·licituds en temps real, associada a la intercepció de WebAuthn. Font: ENISA Threat Landscape 2024
  • França — Cybermalveillance.gouv.fr: El 2023, el phishing va generar el 38% de les sol·licituds d’assistència, amb més d’1.5M de consultes relacionades amb aquest tipus d’atac. Les estafes de falsos assessors bancaris van augmentar un +78% respecte al 2022, sovint mitjançant sol·licituds d’autenticació falsificables. Font: Informe d’Activitat 2023
  • Canadà (Francòfon) — Centre Canadenc per a la Ciberseguretat: L’Avaluació Nacional d’Amenaces Cibernètiques 2023-2024 indica que el 65% de les empreses esperen patir un atac de phishing o ransomware. El phishing segueix sent un vector preferit per eludir l’MFA, incloent-hi mitjançant la intercepció del flux de WebAuthn. Font: Avaluació Oficial
▸ Lectura Estratègica
La falsificació de sol·licituds en temps real no és un experiment de laboratori; forma part d’una tendència en què el phishing s’adreça a la interfície d’autenticació en lloc dels algorismes, amb un ús creixent de l’atac d’intercepció de WebAuthn.

Cas d’Ús Sobirà – Neutralitzant la Vulnerabilitat Passkeys

En un escenari pràctic, una autoritat reguladora reserva les passkeys sincronitzades per a portals públics de baix risc. Per contra, l’opció PassCypher elimina la causa fonamental de la “Fallada d’Intercepció de WebAuthn de les Passkeys” eliminant la sol·licitud, el núvol i qualsevol exposició al DOM.
Per a sistemes crítics (govern, operacions sensibles, infraestructures vitals), desplega PassCypher en dues formes:

Per què PassCypher Elimina la Vulnerabilitat Passkeys

Les solucions PassCypher contrasten radicalment amb les passkeys FIDO que són vulnerables a l’atac d’intercepció de WebAuthn:

  • Sense sol·licitud del sistema operatiu/navegador — per tant, sense sol·licitud d’autenticació falsificable.
  • Sense núvol — sense sincronització vulnerable ni dependència de tercers.
  • Sense DOM — sense exposició a scripts, extensions o iframes.
✓ Sobirania: En eliminar la sol·licitud, el núvol i el DOM, PassCypher elimina qualsevol punt d’ancoratge per a la fallada d’intercepció de WebAuthn (falsificació de sol·licituds) revelada a la DEF CON 33.

PassCypher NFC HSM — Eliminant el Vector d’Atac de Falsificació de Sol·licituds WebAuthn

L’atac d’Allthenticate a la DEF CON 33 demostra que els atacants poden falsificar qualsevol sistema que depèn d’una sol·licitud del sistema operatiu/navegador. PassCypher NFC HSM elimina aquest vector: no hi ha sol·licitud, ni sincronització al núvol, els secrets estan encriptats de per vida en un nano-HSM NFC, i es validen amb un toc físic. Funcionament per a l’usuari:

  • Toc NFC obligatori — validació física sense interfície de programari.
  • HID BLE Mode AES-128-CBC — transmissió fora del DOM, resistent als keyloggers.
  • Ecosistema Zero-DOM — cap secret apareix mai al navegador.

▸ Resum

A diferència de les passkeys sincronitzades vulnerables, PassCypher NFC HSM neutralitza l’atac d’intercepció de WebAuthn perquè una sol·licitud d’autenticació falsificable no existeix.

WebAuthn Hijacking i la Vulnerabilitat Passkeys Neutralitzats per PassCypher NFC HSM

Tipus d’Atac Vector Estat
Falsificació de Sol·licitud Diàleg fals del sistema operatiu/navegador Neutralitzat (sense sol·licitud)
Phishing en Temps Real Validació capturada en viu Neutralitzat (toc NFC obligatori)
Registre de Tecles Captura de teclat Neutralitzat (HID BLE encriptat)

PassCypher HSM PGP — Claus Segmentades contra el Phishing

L’altre pilar, PassCypher HSM PGP, aplica la mateixa filosofia: sense sol·licitud explotable.
Els secrets (credencials, passkeys, claus SSH/PGP, TOTP/HOTP) resideixen en contenidors encriptats AES-256 CBC PGP, protegits per un sistema patentat de claus segmentades.

  • Sense sol·licitud — per tant, no hi ha finestra per falsificar.
  • Claus segmentades — són inexportables i s’acoblen només a la memòria RAM.
  • Desencriptació efímera — el secret desapareix immediatament després d’utilitzar-lo.
  • Sense núvol — no hi ha sincronització vulnerable.

▸ Resum

PassCypher HSM PGP elimina la superfície d’atac de la sol·licitud falsificada en temps real: proporciona autenticació de maquinari, claus segmentades i validació criptogràfica sense exposició al DOM ni al núvol.

Comparació de la Superfície d’Atac

Criteri Passkeys Sincronitzades (FIDO) PassCypher NFC HSM PassCypher HSM PGP
Sol·licitud d’Autenticació No No
Núvol de Sincronització No No
Clau Privada Exportable No (UI atacable) No No
WebAuthn Hijacking/Intercepció Present Absent Absent
Dependència de l’Estàndard FIDO No No
▸ Anàlisi En eliminar la sol·licitud d’autenticació falsificable i la sincronització al núvol, l’atac d’intercepció de WebAuthn demostrat a la DEF CON 33 desapareix completament.

Senyals Febles – Tendències Relacionades amb la Intercepció de WebAuthn

▸ Senyals Febles Identificats

  • L’adopció generalitzada d’atacs a la UI en temps real, incloent la intercepció de WebAuthn mitjançant una sol·licitud d’autenticació falsificable.
  • Una dependència creixent de núvols de tercers per a la identitat, que augmenta l’exposició de les passkeys sincronitzades vulnerables.
  • Una proliferació d’esquives a través de l’enginyeria social assistida per IA, aplicada a les interfícies d’autenticació.

Glossari Estratègic

Una revisió dels conceptes clau utilitzats en aquest article, per entendre la Vulnerabilitat Passkeys i les solucions.

  • Passkey / Passkeys

    Una credencial digital sense contrasenya basada en l’estàndard FIDO/WebAuthn, dissenyada per ser “resistent al phishing.”

    • Passkey (singular): Es refereix a una única credencial digital emmagatzemada en un dispositiu (p. ex., Secure Enclave, TPM, YubiKey).
    • Passkeys (plural): Es refereix a la tecnologia en general o a múltiples credencials, incloses les passkeys sincronitzades emmagatzemades als núvols d’Apple, Google o Microsoft. Aquestes són particularment vulnerables al WebAuthn API Hijacking (falsificació de la sol·licitud en temps real demostrada a la DEF CON 33).
  • Passkeys Pwned

    Títol de la xerrada a la DEF CON 33 d’Allthenticate (“Passkeys Pwned: Turning WebAuthn Against Itself”). Destaca com el WebAuthn API Hijacking pot comprometre les passkeys sincronitzades en temps real, demostrant que no són 100% resistents al phishing.

  • Passkeys sincronitzades vulnerables

    Emmagatzemades en un núvol (Apple, Google, Microsoft) i utilitzables a través de múltiples dispositius. Ofereixen un avantatge d’UX però una debilitat estratègica: dependència d’una sol·licitud d’autenticació falsificable i del núvol.

  • Passkeys lligades al dispositiu

    Lligades a un sol dispositiu (TPM, Secure Enclave, YubiKey). Més segures perquè no tenen sincronització al núvol.

  • Sol·licitud (Prompt)

    Un quadre de diàleg del sistema o del navegador que demana la validació de l’usuari (Face ID, empremta digital, clau FIDO). Aquest és l’objectiu principal de la falsificació.

  • Atac d’Intercepció de WebAuthn

    També conegut com a WebAuthn API Hijacking, aquest atac manipula el flux d’autenticació falsificant la sol·licitud del sistema/navegador i imitant la interfície d’usuari en temps real. L’atacant no trenca la criptografia, sinó que intercepta el procés de WebAuthn a nivell d’UX (p. ex., una sol·licitud de Face ID o d’empremta digital clonada). Vegeu la especificació oficial de W3C WebAuthn i la documentació de la FIDO Alliance.

  • Falsificació de la sol·licitud en temps real

    La falsificació en viu d’una finestra d’autenticació, que és indistingible per a l’usuari.

  • DOM Clickjacking

    Un atac que utilitza iframes invisibles i Shadow DOM per segrestar l’autocompletat i robar credencials.

  • Zero-DOM

    Una arquitectura sobirana on cap secret s’exposa al navegador o al DOM.

  • NFC HSM

    Un mòdul de maquinari segur que està fora de línia i és compatible amb HID BLE AES-128-CBC.

  • Claus segmentades

    Claus criptogràfiques que es divideixen en segments i només es tornen a muntar en memòria volàtil.

  • Credencial lligada al dispositiu

    Una credencial adjunta a un dispositiu físic que no és transferible ni clonable.

▸ Propòsit Estratègic: Aquest glossari mostra per què l’atac d’intercepció de WebAuthn apunta a la sol·licitud i a l’UX, i per què PassCypher elimina aquest vector per disseny.

FAQ Tècnica (Integració i Casos d’Ús)

  • P: Com podem resoldre la Vulnerabilitat Passkeys?

    R: Sí, la millor manera de mitigar la Vulnerabilitat Passkeys és amb un model híbrid: manteniu FIDO per a casos d’ús comuns i adopteu PassCypher per a l’accés crític per eliminar completament els vectors d’intercepció.

  • P: Quin és l’impacte en la UX sense una sol·licitud del sistema?

    R: L’acció es basa en el maquinari (toc NFC o validació HSM). No hi ha cap sol·licitud o quadre de diàleg d’autenticació falsificable per suplantar, la qual cosa resulta en una eliminació total del risc de phishing en temps real.

  • P: Com podem revocar una clau compromesa?

    R: Simplement revoqueu l’HSM o la clau en si mateixa. No hi ha cap núvol a purgar ni cap compte de tercers a contactar.

  • P: PassCypher protegeix contra la falsificació de sol·licituds en temps real?

    R: Sí. L’arquitectura PassCypher elimina completament la sol·licitud del sistema operatiu/navegador, eliminant així la superfície d’atac explotada a la DEF CON 33.

  • P: Podem integrar PassCypher en una infraestructura regulada per NIS2?

    R: Sí. Els mòduls NFC HSM i HSM PGP compleixen amb els requisits de sobirania digital i neutralitzen els riscos associats a les passkeys sincronitzades vulnerables.

  • P: Les passkeys lligades al dispositiu són completament inviolables?

    R: No, però eliminen el risc d’intercepció de WebAuthn basat en el núvol. La seva seguretat depèn llavors de la robustesa del maquinari (TPM, Secure Enclave, YubiKey) i de la protecció física del dispositiu.

  • P: Un malware local pot reproduir una sol·licitud de PassCypher?

    R: No. PassCypher no es basa en una sol·licitud de programari; la validació es basa en el maquinari i és fora de línia, per la qual cosa no existeix cap visualització falsificable.

  • P: Per què els núvols de tercers augmenten el risc?

    R: Les passkeys sincronitzades vulnerables emmagatzemades en un núvol de tercers poden ser objectiu d’atacs Adversary-in-the-Middle o d’intercepció de WebAuthn si la sol·licitud es veu compromesa.

  • P: Hi ha suport tècnic local a Andorra o Catalunya?

    R: Sí. Com a empresa andorrana, oferim un suport tècnic directe i local, la qual cosa facilita la implementació i la resolució de problemes per a empreses de la regió, garantint una comunicació fluida i una resposta ràpida.

  • P: Com puc adquirir els HSM físics des d’Andorra o Catalunya?

    R: L’adquisició es fa directament a través del nostre lloc web i el procés d’enviament o lliurament in situ està optimitzat per a Andorra i la regió catalana, la qual cosa garanteix una logística ràpida i eficient. No hi ha cap complicació d’importació.

Consell CISO/CSO – Protecció Universal i Sobirana

Per saber com protegir-se de la intercepció de WebAuthn, és important saber que EviBITB (Embedded Browser-In-The-Browser Protection) és una tecnologia integrada a PassCypher HSM PGP, inclosa la seva versió gratuïta. Detecta i elimina automàticament o manualment els iframes de redirecció utilitzats en atacs BITB i de falsificació de sol·licituds, eliminant així el vector d’intercepció de WebAuthn.

  • Desplegament Immediat: És una extensió gratuïta per als navegadors Chromium i Firefox, escalable per a un ús a gran escala sense una llicència de pagament.
  • Protecció Universal: Funciona fins i tot si l’organització encara no ha migrat a un model sense sol·licituds.
  • Compatibilitat Sobirana: Funciona amb PassCypher NFC HSM Lite (99 €) i el PassCypher HSM PGP complet (129 €/any).
  • Sense Contrasenya Complet: Tant PassCypher NFC HSM com HSM PGP poden reemplaçar completament FIDO/WebAuthn per a tots els camins d’autenticació, amb zero sol·licituds, zero núvol i 100% sobirania.

Recomanació Estratègica:
Desplegueu EviBITB immediatament a totes les estacions de treball per neutralitzar la falsificació de BITB/sol·licituds, i després planifiqueu la migració de l’accés crític a un model PassCypher complet per eliminar permanentment la superfície d’atac.

FAQ CISOs/CSOs

P: Quin és l’impacte regulador de la Vulnerabilitat Passkeys?

R: Aquest tipus d’atac pot comprometre el compliment dels requisits de MFA “resistent al phishing” definits per la CISA, NIS2 i SecNumCloud. L’existència d’una Vulnerabilitat Passkeys en el vostre sistema fa que l’organització s’enfronti a sancions del GDPR (i de la Llei 29/2021 d’Andorra) i a una qüestió sobre les seves certificacions de seguretat.

P: Existeix una protecció universal i gratuïta contra la Vulnerabilitat Passkeys?

R: Sí. EviBITB és una tecnologia integrada a PassCypher HSM PGP, inclosa la seva versió gratuïta. Bloqueja els iframes de redirecció (Browser-In-The-Browser) i elimina el vector de sol·licitud d’autenticació falsificable explotat en la intercepció de WebAuthn. Es pot desplegar immediatament a gran escala sense una llicència de pagament.

P: Hi ha solucions per a la Vulnerabilitat Passkeys?

R: Sí. PassCypher NFC HSM i PassCypher HSM PGP són solucions completes i sobiranes sense contrasenya que aborden directament la Vulnerabilitat Passkeys: permeten l’autenticació, la signatura i l’encriptació sense infraestructura FIDO, amb zero sol·licituds falsificables, zero núvols de tercers i una arquitectura 100% controlada.

P: Quin és el pressupost mitjà i el ROI d’una migració a un model sense sol·licitud?

R: Segons l’estudi Temps Dedicat als Mètodes d’Autenticació, un professional perd una mitjana de 285 hores/any en autenticacions clàssiques, la qual cosa representa un cost anual d’uns 8.550 $ (basat en 30 $/h). PassCypher HSM PGP redueix aquest temps a ~7 h/any, i PassCypher NFC HSM a ~18 h/any. Fins i tot amb el model complet (129 €/any) o l’NFC HSM Lite (99 € de compra única), el punt d’equilibri s’assoleix en pocs dies o poques setmanes, i l’estalvi net supera 50 vegades el cost anual en un context professional.

P: Com podem gestionar una flota híbrida (llegat + moderna)?

R: Manteniu FIDO per a usos de baix risc mentre els substituïu gradualment per PassCypher NFC HSM i/o PassCypher HSM PGP en entorns crítics. Aquesta transició elimina les sol·licituds explotables i manté la compatibilitat amb les aplicacions.

P: Quines mètriques hem de seguir per mesurar la reducció de la superfície d’atac?

R: El nombre d’autenticacions a través de sol·licituds del sistema vs. autenticació per maquinari, incidents relacionats amb la intercepció de WebAuthn, temps mitjà de correcció i el percentatge d’accessos crítics migrats a un model sobirà sense sol·licituds.

Pla d’Acció CISO/CSO

Per als professionals de la ciberseguretat a Andorra i Catalunya, la Vulnerabilitat Passkeys és un senyal d’alerta. L’estratègia digital busca la màxima sobirania, i els models sense sol·licitud i sense núvol — encarnats per HSMs sobirans com PassCypher — redueixen radicalment la superfície d’atac.

Acció Prioritària Impacte Esperat
Implementar solucions per a la Vulnerabilitat Passkeys, substituint-les per PassCypher NFC HSM (99 €) i/o PassCypher HSM PGP (129 €/any) Elimina la sol·licitud falsificable, elimina la intercepció de WebAuthn i permet un accés sobirà sense contrasenya amb un període de recuperació de la inversió de dies segons l’estudi sobre el temps d’autenticació
Migrar a un model PassCypher complet per a entorns crítics Elimina tota la dependència de FIDO/WebAuthn, centralitza la gestió sobirana d’accessos i secrets, i maximitza els guanys de productivitat mesurats per l’estudi
Desplegar EviBITB (tecnologia integrada a PassCypher HSM PGP, versió gratuïta inclosa) Ofereix una protecció immediata i sense costos contra BITB i el phishing en temps real mitjançant la falsificació de sol·licituds
Endurir la UX (signatures visuals, elements no clonables) Complica els atacs a la UI, el clickjacking i la recuperació
Auditar i registrar els fluxos d’autenticació Detecta i segueix qualsevol intent de segrest de flux o d’atacs Adversary-in-the-Middle
Alinear-se amb NIS2, SecNumCloud i GDPR Redueix el risc legal i proporciona proves de conformitat
Alinear-se amb la Llei 29/2021 d’Andorra Reforça la sobirania digital, evita la dependència de tercers i assegura la conformitat amb el marc legal del Principat
Formar els usuaris sobre les amenaces d’interfície falsificable Enforteix la vigilància humana i la detecció proactiva
]

Perspectives Estratègiques davant la Vulnerabilitat Passkeys

El missatge de la DEF CON 33 és clar: la seguretat de l’autenticació es guanya o es perd a la interfície. En altres paraules, mentre l’usuari validi les sol·licituds d’autenticació gràfica sincronitzades amb un flux de xarxa, el phishing en temps real i la intercepció de WebAuthn continuaran sent possibles.

La Vulnerabilitat Passkeys, lligada a la sincronització al núvol, és una preocupació major per a les organitzacions que busquen la sobirania digital.

A curt termini, cal generalitzar l’ús de **solucions lligades al dispositiu** per a aplicacions sensibles. Això és el primer pas per contrarestar la Vulnerabilitat Passkeys. A mitjà termini, l’objectiu és eliminar la UI falsificable dels camins crítics. Finalment, la trajectòria recomanada serà eliminar permanentment la Vulnerabilitat Passkeys dels camins crítics mitjançant una transició gradual a un model PassCypher complet, proporcionant una solució definitiva per a les passkeys vulnerables en un context professional.

WebAuthn API Hijacking: A CISO’s Guide to Nullifying Passkey Phishing

Movie poster-style image of a cracked passkey and fishing hook. Main title: 'WebAuthn API Hijacking', with secondary phrases: 'Passkeys Vulnerability', 'DEF CON 33', and 'Why PassCypher Is Not Vulnerable'. Relevant for cybersecurity in Andorra.

WebAuthn API Hijacking: A critical vulnerability, unveiled at DEF CON 33, demonstrates that synced passkeys can be phished in real time. Indeed, Allthenticate proved that a spoofable authentication prompt can hijack a live WebAuthn session.

Executive Summary — The WebAuthn API Hijacking Flaw

▸ Key Takeaway — WebAuthn API Hijacking

We provide a dense summary (≈ 1 min) for decision-makers and CISOs. For a complete technical analysis (≈ 13 min), however, you should read the full article.

Imagine an authentication method lauded as phishing-resistant — namely, synced passkeys — and then exploited live at DEF CON 33 (August 8–11, 2025, Las Vegas). So what was the vulnerability? It was a WebAuthn API Hijacking flaw (an interception attack on the authentication flow), which allowed for passkeys real-time prompt spoofing.

This single demonstration, in fact, directly challenges the proclaimed security of cloud-synced passkeys and opens the debate on sovereign alternatives. We saw two key research findings emerge at the event: first, real-time prompt spoofing (a WebAuthn interception attack), and second, DOM extension clickjacking. Notably, this article focuses exclusively on prompt spoofing because it undeniably undermines the “phishing-resistant” promise for vulnerable synced passkeys.

▸ Summary

The weak link is no longer cryptography; instead, it is the visual trigger. In short, attackers compromise the interface, not the cryptographic key.

Strategic Insight This demonstration, therefore, exposes a historical flaw: attackers can perfectly abuse an authentication method called “phishing-resistant” if they can spoof and exploit the prompt at the right moment.

Chronique à lire
Article to Read
Estimated reading time: ≈ 13 minutes (+4–5 min if you watch the embedded videos)
Complexity level: Advanced / Expert
Available languages: CAT · EN · ES · FR
Accessibility: Optimized for screen readers
Type: Strategic Article
Author: Jacques Gascuel, inventor and founder of Freemindtronic®, designs and patents sovereign hardware security systems for data protection, cryptographic sovereignty, and secure communications. As an expert in ANSSI, NIS2, GDPR, and SecNumCloud compliance, he develops by-design architectures capable of countering hybrid threats and ensuring 100% sovereign cybersecurity.

Official Sources

TL; DR

  • At DEF CON 33 (August 8–11, 2025), Allthenticate researchers demonstrated a WebAuthn API Hijacking path: attackers can hijack so-called “phishing-resistant” passkeys via real-time prompt spoofing.
  • The flaw does not reside in cryptographic algorithms; rather, it’s found in the user interface—the visual entry point.
  • Ultimately, this revelation demands a strategic revision: we must prioritize device-bound passkeys for sensitive use cases and align deployments with threat models and regulatory requirements.

2022 2026 Digital Security

EviDNA cryptographie ADN | mémoire Jacques Gascuel

2026 Digital Security

EviDNA DNA Cryptography | Jacques Gascuel Memory

2025 2026 Digital Security Technical News

Quantum computer 6100 qubits ⮞ Historic 2025 breakthrough

2025 2026 Digital Security

WhatsApp zero-click vulnerability and runtime compromise

2026 Cyber Doctrine Digital Security

Whisper Leak side-channel and LLM token leakage

2023 2026 Digital Security Phishing

BITB Attacks: How to Avoid Phishing by iFrame

2026 Digital Security

Zero-Knowledge Downgrade Attacks — Structural Risks

2025 Cyberculture Digital Security

Browser Fingerprinting Tracking: Metadata Surveillance in 2026

2023 2026 Digital Security

CVE-2023-32784 : Pourquoi PassCypher protège vos secrets

2023 2026 Digital Security

CVE-2023-32784 Protection with PassCypher NFC HSM

2024 Digital Security

Why Encrypt SMS? FBI and CISA Recommendations

2025 Digital Security

Persistent OAuth Flaw: How Tycoon 2FA Hijacks Cloud Access

2026 Crypto Currency Cryptocurrency Digital Security

Ledger Security Breaches from 2017 to 2026: How to Protect Yourself from Hackers

2025 Digital Security

Bot Telegram Usersbox : l’illusion du contrôle russe

2026 Awards Cyberculture Digital Security Distinction Excellence EviOTP NFC HSM Technology EviPass EviPass NFC HSM technology EviPass Technology finalists PassCypher PassCypher

Quantum-Resistant Passwordless Manager — PassCypher finalist, Intersec Awards 2026 (FIDO-free, RAM-only)

2025 Cyberculture Cybersecurity Digital Security EviLink

CryptPeer messagerie P2P WebRTC : appels directs chiffrés de bout en bout

2025 CyptPeer Digital Security EviLink

Missatgeria P2P WebRTC segura — comunicació directa amb CryptPeer

2025 Digital Security

Russia Blocks WhatsApp: Max and the Sovereign Internet

2025 Digital Security

Spyware ClayRat Android : faux WhatsApp espion mobile

2025 Digital Security

Android Spyware Threat Clayrat : 2025 Analysis and Exposure

2023 Digital Security

WhatsApp Hacking: Prevention and Solutions

2025 Digital Security Technical News

Sovereign SSH Authentication with PassCypher HSM PGP — Zero Key in Clear

2025 Digital Security Tech Fixes Security Solutions Technical News

SSH Key PassCypher HSM PGP — Sécuriser l’accès multi-OS à un VPS

2025 Digital Security Technical News

Générateur de mots de passe souverain – PassCypher Secure Passgen WP

2025 Digital Security Technical News

Ordinateur quantique 6100 qubits ⮞ La percée historique 2025

2025 Cyberculture Digital Security

Authentification multifacteur : anatomie, OTP, risques

2025 Digital Security

Email Metadata Privacy: EU Laws & DataShielder

2025 Digital Security

Chrome V8 confusió RCE — Actualitza i postura Zero-DOM

2025 Digital Security

Chrome V8 confusion RCE — Your browser was already spying

2024 Cyberculture Digital Security

Russian Cyberattack Microsoft: An Unprecedented Threat

2025 Digital Security

Chrome V8 Zero-Day: CVE-2025-6554 Actively Exploited

2025 Digital Security

APT29 Exploits App Passwords to Bypass 2FA

2025 Digital Security

Signal Clone Breached: Critical Flaws in TeleMessage

2025 Digital Security

APT29 Spear-Phishing Europe: Stealthy Russian Espionage

2025 Digital Security

APT44 QR Code Phishing: New Cyber Espionage Tactics

2024 Digital Security

BitLocker Security: Safeguarding Against Cyberattacks

2024 Digital Security

French Minister Phone Hack: Jean-Noël Barrot’s G7 Breach

2024 Digital Security

Cyberattack Exploits Backdoors: What You Need to Know

2021 Cyberculture Digital Security Phishing

Phishing Cyber victims caught between the hammer and the anvil

2024 Digital Security

Google Sheets Malware: The Voldemort Threat

2024 Articles Digital Security News

Russian Espionage Hacking Tools Revealed

2024 Digital Security Spying Technical News

Side-Channel Attacks via HDMI and AI: An Emerging Threat

2024 Digital Security Technical News

Apple M chip vulnerability: A Breach in Data Security

Digital Security Technical News

Brute Force Attacks: What They Are and How to Protect Yourself

2023 Digital Security

Predator Files: The Spyware Scandal That Shook the World

2023 Digital Security

5Ghoul: 5G NR Attacks on Mobile Devices

2024 Digital Security

Europol Data Breach: A Detailed Analysis

Digital Security EviToken Technology Technical News

EviCore NFC HSM Credit Cards Manager | Secure Your Standard and Contactless Credit Cards

2024 Cyberculture Digital Security News Training

Andorra National Cyberattack Simulation: A Global First in Cyber Defense

Articles Digital Security EviVault Technology NFC HSM technology Technical News

EviVault NFC HSM vs Flipper Zero: The duel of an NFC HSM and a Pentester

Articles Cryptocurrency Digital Security Technical News

Securing IEO STO ICO IDO and INO: The Challenges and Solutions

Articles Cyberculture Digital Security Technical News

Protect Meta Account Identity Theft with EviPass and EviOTP

2024 Digital Security

Cybersecurity Breach at IMF: A Detailed Investigation

2023 Articles Cyberculture Digital Security Technical News

Strong Passwords in the Quantum Computing Era

2024 Digital Security

PrintListener: How to Betray Fingerprints

In Sovereign Cybersecurity ↑ This article is part of our Digital Security section, continuing our research on zero-trust hardware exploits and countermeasures.

 ▸ Key Points

  • Confirmed Vulnerability: Cloud-synced passkeys (Apple, Google, Microsoft) are not 100% phishing-resistant.
  • New Threat: Real-time prompt spoofing exploits the user interface rather than cryptography.
  • Strategic Impact: Critical infrastructure and government agencies must migrate to device-bound credentials and sovereign offline solutions (NFC HSM, segmented keys).

What is a WebAuthn API Hijacking Attack?

A WebAuthn interception attack via a spoofable authentication prompt (WebAuthn API Hijacking) consists of imitating in real time the authentication window displayed by a system or browser. Consequently, the attacker does not seek to break the cryptographic algorithm; instead, they reproduce the user interface (UI) at the exact moment the victim expects to see a legitimate prompt. Visual lures, precise timing, and perfect synchronization make the deception indistinguishable to the user.

Simplified example:
A user thinks they are approving a connection to their bank account via a legitimate Apple or Google system prompt. In reality, they are interacting with a dialog box cloned by the attacker. As a result, the adversary captures the active session without alerting the victim.
▸ In short: Unlike “classic” phishing attacks via email or fraudulent websites, the real-time prompt spoofing takes place during authentication, when the user is most confident.

History of Passkey / WebAuthn Vulnerabilities

Despite their cryptographic robustness, passkeys — based on the open standards WebAuthn and FIDO2 from the FIDO Alliance — are not invulnerable. The history of vulnerabilities and recent research confirms that the key weakness often lies in the user interaction and the execution environment (browser, operating system). The industry officially adopted passkeys on May 5, 2022, following a commitment from Apple, Google, and Microsoft to extend their support on their respective platforms.

Timeline illustrating the accelerated evolution of Passkey and WebAuthn vulnerabilities from 2012 to 2025, including FIDO Alliance creation, phishing methods, CVEs, and the WebAuthn API Hijacking revealed at DEF CON 33.
Accelerated Evolution of Passkey and WebAuthn Vulnerabilities (2012-2025): A detailed timeline highlighting key security events, from the foundation of the FIDO Alliance to the emergence of AI as a threat multiplier and the definitive proof of the WebAuthn API Hijacking at DEF CON 33.

Timeline of Vulnerabilities

  • SquareX – Compromised Browsers (August 2025):

    At DEF CON 33, a demonstration showed that a malicious extension or script can intercept the WebAuthn flow to substitute keys. See the TechRadar analysis and the SecurityWeek report.

  • CVE-2025-31161 (March/April 2025):

    Authentication bypass in CrushFTP via a race condition. Official NIST Source.

  • CVE-2024-9956 (March 2025):

    Account takeover via Bluetooth on Android. This attack demonstrated that an attacker can remotely trigger a malicious authentication via a FIDO:/ intent. Analysis from Risky.Biz. Official NIST Source.

  • CVE-2024-12604 (March 2025):

    Cleartext storage of sensitive data in Tap&Sign, exploiting poor password management. Official NIST Source.

  • CVE-2025-26788 (February 2025):

    Authentication bypass in StrongKey FIDO Server. Detailed Source.

  • Passkeys Pwned – Browser-based API Hijacking (Early 2025):

    A research study showed that the browser, as a single mediator, can be a point of failure. Read the Security Boulevard analysis.

  • CVE-2024-9191 (November 2024):

    Password exposure via Okta Device Access. Official NIST Source.

  • CVE-2024-39912 (July 2024):

    User enumeration via a flaw in the PHP library web-auth/webauthn-lib. Official NIST Source.

  • CTRAPS-type Attacks (2024):

    These protocol-level attacks (CTAP) exploit authentication mechanisms for unauthorized actions. For more information on FIDO protocol-level attacks, see this Black Hat presentation on FIDO vulnerabilities.

  • First Large-Scale Rollout (September 2022):

    Apple was the first to deploy passkeys on a large scale with the release of iOS 16, making this technology a reality for hundreds of millions of users. Official Apple Press Release.

  • Industry Launch & Adoption (May 2022):

    The FIDO Alliance, joined by Apple, Google, and Microsoft, announced an action plan to extend passkey support across all their platforms. Official FIDO Alliance Press Release.

  • Timing Attacks on keyHandle (2022):

    A vulnerability allowing account correlation by measuring time variations in the processing of keyHandles. See IACR ePrint 2022 article.

  • Phishing of Recovery Methods (since 2017):

    Attackers use AitM proxies (like Evilginx, which appeared in 2017) to hide the passkey option and force a fallback to less secure methods that can be captured. More details on this technique.

AI as a Threat Multiplier

Artificial intelligence is not a security flaw, but a catalyst that makes existing attacks more effective. Since the emergence of generative AI models like GPT-3 (2020) and DALL-E 2 (2022), new capabilities for automating threats have appeared. These developments notably allow for:

  • Large-scale Attacks (since 2022): Generative AI enables attackers to create custom authentication prompts and phishing messages for a massive volume of targets, increasing the effectiveness of phishing of recovery methods.
  • Accelerated Vulnerability Research (since 2023): AI can be used to automate the search for security flaws, such as user enumeration or the detection of logical flaws in implementation code.
Historical Note — The risks associated with spoofable prompts in WebAuthn were already raised by the community in W3C GitHub issue #1965 (before the DEF CON 33 demonstration). This shows that the user interface has long been recognized as a weak link in so-called “phishing-resistant” authentication.

“These recent and historical vulnerabilities highlight the critical role of the browser and the deployment model (device-bound vs. synced). They reinforce the call for sovereign architectures that are disconnected from these vectors of compromise.”

Vulnerability of the Synchronization Model

One of the most debated passkeys security vulnerabilities does not concern the WebAuthn protocol itself, but its deployment model. Most publications on the subject differentiate between two types of passkeys:

  • Device-bound passkeys: Stored on a physical device (like a hardware security key or Secure Enclave). This model is generally considered highly secure because it is not synchronized via a third-party service.
  • Synced passkeys: Stored in a password manager or a cloud service (iCloud Keychain, Google Password Manager, etc.). These passkeys can be synchronized across multiple devices. For more details on this distinction, refer to the FIDO Alliance documentation.

The vulnerability lies here: if an attacker manages to compromise the cloud service account, they could potentially gain access to the synced passkeys across all the user’s devices. This is a risk that device-bound passkeys do not share. Academic research, such as this paper published on arXiv, explores this issue, highlighting that “the security of synced passkeys is primarily concentrated with the passkey provider.”

This distinction is crucial because the implementation of vulnerable synced passkeys contradicts the very spirit of a so-called phishing-resistant MFA, as synchronization introduces an intermediary and an additional attack surface. This justifies the FIDO Alliance’s recommendation to prioritize device-bound passkeys for maximum security.

The DEF CON 33 Demonstration – WebAuthn API Hijacking in Action

WebAuthn API Hijacking is the central thread of this section: we briefly explain the attack path shown at DEF CON 33 and how a spoofable prompt enabled real-time session takeover, before detailing the live evidence and the video highlights.

Passkeys Pwned — DEF CON 33 Talk on WebAuthn

During DEF CON 33, the Allthenticate team presented a talk titled “Passkeys Pwned: Turning WebAuthn Against Itself.”
This session demonstrated how attackers could exploit WebAuthn API Hijacking to
compromise synced passkeys in real time using a spoofable authentication prompt.

By using the provocative phrase “Passkeys Pwned,” the researchers deliberately emphasized that even so-called phishing-resistant credentials can be hijacked when the user interface itself is the weak link.

Evidence of WebAuthn API Hijacking at DEF CON 33

In Las Vegas, at the heart of DEF CON 33 (August 8–11, 2025), the world’s most respected hacker community witnessed a demonstration that made many squirm. In fact, researchers at Allthenticate showed live that a vulnerable synced passkey – despite being labeled “phishing-resistant” – could be tricked. So what did they do? They executed a WebAuthn API Hijacking attack (spoofing the system prompt) of the spoofable authentication prompt type (real-time prompt spoofing). They created a fake authentication dialog box, perfectly timed and visually identical to the legitimate UI. Ultimately, the user believed they were validating a legitimate authentication, but the adversary hijacked the session in real time. This proof of concept makes the “Passkeys WebAuthn Interception Flaw” tangible through a real-time spoofable prompt.

Video Highlights — WebAuthn API Hijacking in Practice

To visualize the sequence, watch the clip below: it shows how WebAuthn API Hijacking emerges from a simple UI deception that aligns timing and look-and-feel with the expected system prompt, leading to seamless session capture.

Official Authors & Media from DEF CON 33
▸ Shourya Pratap Singh, Jonny Lin, Daniel Seetoh — Allthenticate researchers, authors of the demo “Your Passkey is Weak: Phishing the Unphishable”.
Allthenticate Video on TikTok — direct explanation by the team.
DEF CON 33 Las Vegas Video (TikTok) — a glimpse of the conference floor.
Highlights DEF CON 33 (YouTube) — including the passkeys flaw.

▸ Summary

DEF CON 33 demonstrated that vulnerable synced passkeys can be compromised live when a spoofable authentication prompt is inserted into the WebAuthn flow.

Comparison – WebAuthn Interception Flaw: Prompt Spoofing vs. DOM Clickjacking

At DEF CON 33, two major research findings shook confidence in modern authentication mechanisms. Indeed, both exploit flaws related to the user interface (UX) rather than cryptography, but their vectors and targets differ radically.

Architecture comparison of PassCypher vs FIDO WebAuthn authentication highlighting phishing resistance and prompt spoofing risks
Comparison of PassCypher and FIDO WebAuthn architectures showing why Passkeys are vulnerable to WebAuthn API hijacking while PassCypher eliminates prompt spoofing risks.

Real-Time Prompt Spoofing

  • Author: Allthenticate (Las Vegas, DEF CON 33).
  • Target: vulnerable synced passkeys (Apple, Google, Microsoft).
  • Vecteur: spoofable authentication prompt, perfectly timed to the legitimate UI (real-time prompt spoofing).
  • Impact: WebAuthn interception attack that causes “live” phishing; the user unknowingly validates a malicious request.

DOM Clickjacking

  • Authors: Another team of researchers (DEF CON 33).
  • Target: Credential managers, extensions, stored passkeys.
  • Vecteur: invisible iframes, Shadow DOM, malicious scripts to hijack autofill.
  • Impact: Silent exfiltration of credentials, passkeys, and crypto-wallet keys.

▸ Key takeaway: This article focuses exclusively on prompt spoofing, which illustrates a major WebAuthn interception flaw and challenges the promise of “phishing-resistant passkeys.” For a complete study on DOM clickjacking, please see the related article.

Strategic Implications – Passkeys and UX Vulnerabilities

As a result, the “Passkeys WebAuthn Interception Flaw” forces us to rethink authentication around prompt-less and cloud-less models.

  • We should no longer consider vulnerable synced passkeys to be invulnerable.
  • We must prioritize device-bound credentials for sensitive environments.
  • We need to implement UX safeguards: detecting anomalies in authentication prompts and using non-spoofable visual signatures.
  • We should train users on the threat of real-time phishing via a WebAuthn interception attack.
▸ Insight
It is not cryptography that is failing, but the illusion of immunity. WebAuthn interception demonstrates that the risk lies in the UX, not the algorithm.

Regulations & Compliance – MFA and WebAuthn Interception

Official documents such as the CISA guide on phishing-resistant MFA or the OMB M-22-09 directive insist on this point: authentication is “phishing-resistant” only if no intermediary can intercept or hijack the WebAuthn flow.
In theory, WebAuthn passkeys respect this rule. In practice, however, the implementation of vulnerable synced passkeys opens an interception flaw that attackers can exploit via a spoofable authentication prompt.

In Europe, both the NIS2 directive and the SecNumCloud certification reiterate the same requirement: no dependence on un-mastered third-party services.

As such, the “Passkeys WebAuthn Interception Flaw” contradicts the spirit of a so-called phishing-resistant MFA, because synchronization introduces an intermediary.

In other words, a US cloud managing your passkeys falls outside the scope of strict digital sovereignty.

▸ Summary

A vulnerable synced passkey can compromise the requirement for phishing-resistant MFA (CISA, NIS2) when a WebAuthn interception attack is possible.

European & Francophone Statistics – Real-time Phishing and WebAuthn Interception

Public reports confirm that advanced phishing attacks — including real-time techniques — represent a major threat in the European Union and the Francophone area.

  • European Union — ENISA: According to the Threat Landscape 2024 report, phishing and social engineering account for 38% of reported incidents in the EU, with a notable increase in Adversary-in-the-Middle methods and real-time prompt spoofing, associated with WebAuthn interception. Source: ENISA Threat Landscape 2024
  • France — Cybermalveillance.gouv.fr: In 2023, phishing generated 38% of assistance requests, with over 1.5M consultations related to this type of attack. Fake bank advisor scams jumped by +78% vs. 2022, often via spoofable authentication prompts. Source: 2023 Activity Report
  • Canada (Francophone) — Canadian Centre for Cyber Security: The National Cyber Threat Assessment 2023-2024 indicates that 65% of businesses expect to experience a phishing or ransomware attack. Phishing remains a preferred vector for bypassing MFA, including via WebAuthn flow interception. Source: Official Assessment
▸ Strategic Reading
Real-time prompt spoofing is not a lab experiment; it is part of a trend where phishing targets the authentication interface rather than algorithms, with increasing use of the WebAuthn interception attack.

Sovereign Use Case – Neutralizing WebAuthn Interception

In a practical scenario, a regulatory authority reserves synced passkeys for low-risk public portals. Conversely, the PassCypher choice eliminates the root cause of the “Passkeys WebAuthn Interception Flaw” by removing the prompt, the cloud, and any DOM exposure.
For critical systems (government, sensitive operations, vital infrastructure), it deploys PassCypher in two forms:

  • PassCypher NFC HSM — offline hardware authentication, with no server and BLE AES-128-CBC keyboard emulation. Consequently, no spoofable authentication prompt can exist.
  • PassCypher HSM PGP — sovereign management of inexportable segmented keys, with cryptographic validation that is cloud-free and synchronization-free.
    ▸ Result
    In this model, the prompt vector exploited during the WebAuthn interception attack at DEF CON 33 is completely eliminated from critical pathways.

Why PassCypher Eliminates the WebAuthn Interception Risk

PassCypher solutions stand in radical contrast to FIDO passkeys that are vulnerable to the WebAuthn interception attack:

  • No OS/browser prompt — thus no spoofable authentication prompt.
  • No cloud — no vulnerable synchronization or third-party dependency.
  • No DOM — no exposure to scripts, extensions, or iframes.
✓ Sovereignty: By removing the prompt, cloud, and DOM, PassCypher eliminates any anchor point for the WebAuthn interception flaw (prompt spoofing) revealed at DEF CON 33.

PassCypher NFC HSM — Eliminating the WebAuthn Prompt Spoofing Attack Vector

Allthenticate’s attack at DEF CON 33 proves that attackers can spoof any system that depends on an OS/browser prompt. PassCypher NFC HSM removes this vector: there is no prompt, no cloud sync, secrets are encrypted for life in a nano-HSM NFC, and validated by a physical tap. User operation:

  • Mandatory NFC tap — physical validation with no software interface.
  • HID BLE AES-128-CBC Mode — out-of-DOM transmission, resistant to keyloggers.
  • Zero-DOM Ecosystem — no secret ever appears in the browser.

▸ Summary

Unlike vulnerable synced passkeys, PassCypher NFC HSM neutralizes the WebAuthn interception attack because a spoofable authentication prompt does not exist.

WebAuthn API Hijacking Neutralized by PassCypher NFC HSM

Attack Type Vector Status
Prompt Spoofing Fake OS/browser dialog Neutralized (zero prompt)
Real-time Phishing Live-trapped validation Neutralized (mandatory NFC tap)
Keystroke Logging Keyboard capture Neutralized (encrypted HID BLE)

PassCypher HSM PGP — Segmented Keys Against Phishing

The other pillar, PassCypher HSM PGP, applies the same philosophy: no exploitable prompt.
Secrets (credentials, passkeys, SSH/PGP keys, TOTP/HOTP) reside in AES-256 CBC PGP encrypted containers, protected by a patented system of segmented keys.

  • No prompt — so there is no window to spoof.
  • Segmented keys — they are inexportable and assembled only in RAM.
  • Ephemeral decryption — the secret disappears immediately after use.
  • Zero cloud — there is no vulnerable synchronization.

▸ Summary

PassCypher HSM PGP eliminates the attack surface of the real-time spoofed prompt: it provides hardware authentication, segmented keys, and cryptographic validation with no DOM or cloud exposure.

Attack Surface Comparison

Criterion Synced Passkeys (FIDO) PassCypher NFC HSM PassCypher HSM PGP
Authentication Prompt Yes No No
Synchronization Cloud Yes No No
Exportable Private Key No (attackable UI) No No
WebAuthn Hijacking/Interception Present Absent Absent
FIDO Standard Dependency Yes No No
▸ Insight By removing the spoofable authentication prompt and cloud synchronization, the WebAuthn interception attack demonstrated at DEF CON 33 disappears completely.

Weak Signals – Trends Related to WebAuthn Interception

▸ Weak Signals Identified

  • The widespread adoption of real-time UI attacks, including WebAuthn interception via a spoofable authentication prompt.
  • A growing dependency on third-party clouds for identity, which increases the exposure of vulnerable synced passkeys.
  • A proliferation of bypasses through AI-assisted social engineering, applied to authentication interfaces.

Strategic Glossary

A review of the key concepts used in this article, for both beginners and advanced readers.

  • Passkey / Passkeys

    A passwordless digital credential based on the FIDO/WebAuthn standard, designed to be “phishing-resistant.

    • Passkey (singular): Refers to a single digital credential stored on a device (e.g., Secure Enclave, TPM, YubiKey).
    • Passkeys (plural): Refers to the general technology or multiple credentials, including synced passkeys stored in Apple, Google, or Microsoft clouds. These are particularly vulnerable to WebAuthn API Hijacking (real-time prompt spoofing demonstrated at DEF CON 33).
  • Passkeys Pwned

    Title of the DEF CON 33 talk by Allthenticate (“Passkeys Pwned: Turning WebAuthn Against Itself”). It highlights how WebAuthn API Hijacking can compromise synced passkeys in real time, proving that they are not 100% phishing-resistant.

  • Vulnerable synced passkeys

    Stored in a cloud (Apple, Google, Microsoft) and usable across multiple devices. They offer a UX advantage but a strategic weakness: dependence on a spoofable authentication prompt and the cloud.

  • Device-bound passkeys

    Linked to a single device (TPM, Secure Enclave, YubiKey). More secure because they lack cloud synchronization.

  • Prompt

    A system or browser dialog box that requests a user’s validation (Face ID, fingerprint, FIDO key). This is the primary target for spoofing.

  • WebAuthn Interception Attack

    Also known as WebAuthn API Hijacking, this attack manipulates the authentication flow by spoofing the system/browser prompt and imitating the user interface in real time. The attacker does not break cryptography, but intercepts the WebAuthn process at the UX level (e.g., a cloned fingerprint or Face ID prompt). See the official W3C WebAuthn specification and FIDO Alliance documentation.

  • Real-time prompt spoofing

    The live spoofing of an authentication window, which is indistinguishable to the user.

  • DOM Clickjacking

    An attack using invisible iframes and Shadow DOM to hijack autofill and steal credentials.

  • Zero-DOM

    A sovereign architecture where no secret is exposed to the browser or the DOM.

  • NFC HSM

    A secure hardware module that is offline and compatible with HID BLE AES-128-CBC.

  • Segmented keys

    Cryptographic keys that are split into segments and only reassembled in volatile memory.

  • Device-bound credential

    A credential attached to a physical device that is non-transferable and non-clonable.

▸ Strategic Purpose: This glossary shows why the WebAuthn interception attack targets the prompt and UX, and why PassCypher eliminates this vector by design.

Technical FAQ (Integration & Use Cases)

  • Q: Are there any solutions for vulnerable passkeys?

    A: Yes, in a hybrid model. Keep FIDO for common use cases and adopt PassCypher for critical access to eliminate WebAuthn interception vectors.

  • Q: What is the UX impact without a system prompt?

    A: The action is hardware-based (NFC tap or HSM validation). There is no spoofable authentication prompt or dialog box to impersonate, resulting in a total elimination of the real-time phishing risk.

  • Q: How can we revoke a compromised key?

    A: You simply revoke the HSM or the key itself. There is no cloud to purge and no third-party account to contact.

  • Q: Does PassCypher protect against real-time prompt spoofing?

    A: Yes. The PassCypher architecture completely eliminates the OS/browser prompt, thereby removing the attack surface exploited at DEF CON 33.

  • Q: Can we integrate PassCypher into a NIS2-regulated infrastructure?

    A: Yes. The NFC HSM and HSM PGP modules comply with digital sovereignty requirements and neutralize the risks associated with vulnerable synced passkeys.

  • Q: Are device-bound passkeys completely inviolable?

    A: No, but they do eliminate the risk of cloud-based WebAuthn interception. Their security then depends on the hardware’s robustness (TPM, Secure Enclave, YubiKey) and the physical protection of the device.

  • Q: Can a local malware reproduce a PassCypher prompt?

    A: No. PassCypher does not rely on a software prompt; the validation is hardware-based and offline, so no spoofable display exists.

  • Q: Why do third-party clouds increase the risk?

    A: Vulnerable synced passkeys stored in a third-party cloud can be targeted by Adversary-in-the-Middle or WebAuthn interception attacks if the prompt is compromised.

CISO/CSO Advice – Universal & Sovereign Protection

To learn how to protect against WebAuthn interception, it’s important to know that EviBITB (Embedded Browser-In-The-Browser Protection) is a built-in technology in PassCypher HSM PGP, including its free version. t automatically or manually detects and removes redirection iframes used in BITB and prompt spoofing attacks, thereby eliminating the WebAuthn interception vector.

  • Immediate Deployment: It is a free extension for Chromium and Firefox browsers, scalable for large-scale use without a paid license.
  • Universal Protection: It works even if the organization has not yet migrated to a prompt-free model.
  • Sovereign Compatibility: It works with PassCypher NFC HSM Lite (99 €) and the full PassCypher HSM PGP (129 €/year).
  • Full Passwordless: Both PassCypher NFC HSM and HSM PGP can completely replace FIDO/WebAuthn for all authentication pathways, with zero prompts, zero cloud, and 100% sovereignty.

Strategic Recommendation:
Deploy EviBITB immediately on all workstations to neutralize BITB/prompt spoofing, then plan the migration of critical access to a full-PassCypher model to permanently remove the attack surface.

Frequently Asked Questions for CISOs/CSOs

Q: What is the regulatory impact of a WebAuthn interception attack?

A: This type of attack can compromise compliance with “phishing-resistant” MFA requirements defined by CISA, NIS2, and SecNumCloud. In case of personal data compromise, the organization faces GDPR sanctions and a challenge to its security certifications.

Q: Is there a universal and free protection against BITB and prompt spoofing?

A: Yes. EviBITB is an embedded technology in PassCypher HSM PGP, including its free version. It blocks redirection iframes (Browser-In-The-Browser) and removes the spoofable authentication prompt vector exploited in WebAuthn interception. It can be deployed immediately on a large scale without a paid license.

Q: Are there any solutions for vulnerable passkeys?

A: Yes. PassCypher NFC HSM and PassCypher HSM PGP are complete sovereign passwordless solutions: they allow authentication, signing, and encryption without FIDO infrastructure, with zero spoofable prompts, zero third-party clouds, and a 100% controlled architecture.

Q: What is the average budget and ROI of a migration to a prompt-free model?

A: According to the Time Spent on Authentication study, a professional loses an average of 285 hours/year on classic authentications, representing an annual cost of about $8,550 (based on $30/h). PassCypher HSM PGP reduces this time to ~7 h/year, and PassCypher NFC HSM to ~18 h/year. Even with the full model (129 €/year) or the NFC HSM Lite (99 € one-time purchase), the breakeven point is reached in a few days to a few weeks, and net savings exceed 50 times the annual cost in a professional context.

Q: How can we manage a hybrid fleet (legacy + modern)?

A: Keep FIDO for low-risk uses while gradually replacing them with PassCypher NFC HSM and/or PassCypher HSM PGP in critical environments. This transition removes exploitable prompts and maintains application compatibility.

Q: What metrics should we track to measure the reduction in attack surface?

A: The number of authentications via system prompts vs. hardware authentication, incidents related to WebAuthn interception, average remediation time, and the percentage of critical accesses migrated to a sovereign prompt-free model.

CISO/CSO Action Plan

Priority Action Expected Impact
Implement solutions for vulnerable passkeys by replacing them with PassCypher NFC HSM (99 €) and/or PassCypher HSM PGP (129 €/year) Eliminates the spoofable prompt, removes WebAuthn interception, and enables sovereign passwordless access with a payback period of days according to the study on authentication time
Migrate to a full-PassCypher model for critical environments Removes all FIDO/WebAuthn dependency, centralizes sovereign management of access and secrets, and maximizes productivity gains measured by the study
Deploy EviBITB (embedded technology in PassCypher HSM PGP, free version included) Provides immediate, zero-cost protection against BITB and real-time phishing via prompt spoofing
Harden the UX (visual signatures, non-cloneable elements) Complicates UI attacks, clickjacking, and redress
Audit and log authentication flows Detects and tracks any attempt at flow hijacking or Adversary-in-the-Middle attacks
Align with NIS2, SecNumCloud, and GDPR Reduces legal risk and provides proof of compliance
Train users on spoofable interface threats Strengthens human vigilance and proactive detection

Strategic Outlook

The message from DEF CON 33 is clear: authentication security is won or lost at the interface. In other words, as long as the user validates graphical authentication prompts synchronized with a network flow, real-time phishing and WebAuthn interception will remain possible.

Thus, prompt-free and cloud-free models — embodied by sovereign HSMs like PassCypher — radically reduce the attack surface.

In the short term, generalize the use of device-bound solutions for sensitive applications. In the medium term, the goal is to eliminate the spoofable UI from critical pathways. Ultimately, the recommended trajectory will permanently eliminate the “Passkeys WebAuthn Interception Flaw” from critical pathways through a gradual transition to a full-PassCypher model, providing a definitive solution for vulnerable passkeys in a professional context.