https://felixbillieres.github.io/tags/provider-agnostic/Recent content in Provider-Agnostic on Elliot BeltHugo -- gohugo.ioenfelix.billieres@ecole2600.com (Elliot Belt)felix.billieres@ecole2600.com (Elliot Belt)© 2026 Elliot BeltWed, 17 Jun 2026 00:00:00 +0000https://felixbillieres.github.io/posts/credential-blind-agentic-pentesting-part-1/Wed, 17 Jun 2026 00:00:00 +0000felix.billieres@ecole2600.com (Elliot Belt)https://felixbillieres.github.io/posts/credential-blind-agentic-pentesting-part-1/I want an AI agent that can do offensive and defensive security work without ever leaking a credential, a hostname, an IP or a domain to the model provider, and to keep that property no matter which provider sits behind the API. This is Part I of the research. It covers the threat model, the state of the art, the core mechanism (bidirectional tokenization with host-side resolution), and four experiments that run on real HackTheBox machines, including an autonomous agent that drives a real domain controller while seeing nothing but opaque tokens.