If the core problem highlighted by CrowdStrike is unverified intent, then the solution must begin by making intent a first-class security object. Armoriq’s Intent Assurance Plane (IAP) provides this capability: it transforms the reasoning behind AI-generated code into a cryptographically verifiable structure, and ensures that every code modification is tied to a provable intent. Here is how IAP addresses AI-coded software vulnerabilities step by step.
Step 1: Every code generation request creates a signed plan
When a developer asks an AI agent to fix a bug, refactor a method, or generate a new component, IAP converts this request into a structured plan. The plan is expressed as a Canonical Structured Reasoning Graph (CSRG), which captures:
- the reasoning steps the agent intends to take,
- the files it intends to touch,
- the tools it plans to use,
- and the boundaries of the expected change.
IAP anchors this plan with a cryptographic Merkle root and signs it, creating a verifiable intent token. This becomes the foundation for all subsequent actions.
Step 2: The AI agent receives a Composite Ephemeral Identity
Unlike traditional service accounts, IAP generates a new ephemeral identity for each code-generation task. This identity cannot escalate, drift, or be reused. It ties the user, the agent runtime, the repository context, and the plan root into one principal. If the agent tries to act outside the boundaries of the plan, the composite identity simply cannot authenticate the action.
Step 3: Every file modification must prove it belongs to the plan
When the AI agent attempts to write code to a file, open additional libraries, generate new components, modify configuration files, or trigger CI/CD workflows, it must present:
- the signed intent token, and
- a Merkle inclusion proof showing that the action appears in the committed CSRG.
If the action is not in the plan, it is blocked automatically. This stops the entire class of vulnerabilities CrowdStrike warns about hallucinated imports, off-plan modifications, and unintended write paths.
Step 4: Refactorings and additional steps require Trust Updates
If the agent realizes mid-task that it needs to perform more steps than originally planned (e.g., adjusting a second file, adding a type wrapper, updating documentation), IAP requires a Trust Update, which re-anchors the plan, generates a new Merkle root, issues a fresh intent token, and records the update in a tamper-evident audit log. This reauthorization step makes hidden changes and gradual drift impossible.
Step 5: Developers and security teams get a verifiable chain of reasoning
Every commit, re-anchor, and CI-triggered action is logged as an immutable Merkle entry. This provides forensic lineage for every code modification, instant visibility into intent drift, and verifiable assurance that generated code matches the stated goal. Even subtle or complex vulnerabilities precisely the kind CrowdStrike highlights become detectable.
Step 6: Vulnerabilities introduced by AI finally become preventable
With IAP:
- Agents cannot modify files outside their signed plan.
- Code generation cannot silently expand in scope.
- Prompt injection cannot manipulate the agent into producing malicious code.
- Dangerous cross-file interactions cannot occur without reauthorization.
- Security teams gain audit-grade insight into why each change happened.
This is the missing layer in enterprise AI tooling. Instead of trying to detect unsafe output after the fact, IAP prevents unsafe output by verifying intent before execution.
Closing Perspective
AI-generated code is only dangerous when its underlying reasoning is invisible. IAP flips the model: reasoning becomes transparent, intent becomes enforceable, and every action must prove its legitimacy. By anchoring every code-generation step to a verifiable plan, Armoriq ensures that AI assistance accelerates development without compromising security. CrowdStrike exposed the problem. IAP delivers the solution. Talk to us if you are interested to know more.
