We are excited to share that the DCF has received a Foresight Institute Grant to support the next stage of work on Endo.
Endo is an open-source object capability framework developed in cooperation with Agoric and stewarded by DCF. It gives people, AI systems, and other software a way to collaborate with confidence. This grant allows us to help accelerate that mission at a moment when the world needs practical tools for safe AI.
Foresight Institute has spent decades supporting research that strengthens the long-term future of humanity. Their work spans molecular machines, biotechnology, cryptography, and emerging systems for coordination. Having their support for Endo is meaningful for the team.
“The future will involve humans and AI systems working side by side. For that collaboration to be safe, we need mechanisms that keep authority bounded and understandable. Endo provides that structure. Supporting DCF in advancing this work aligns directly with Foresight Institute’s commitment to long-term, beneficial technology,” notes Allison Duettmann, Foresight Institute’s President and CEO.
AI now writes vast amounts of code. That code arrives in our editors quickly and with little friction. It also arrives with subtle risks. Some risks come from innocent mistakes. Some come from patterns that humans might miss on review. Some could come from systems that behave with intent. Today, that code runs with the full authority of the developer who accepts it, or in a container that a hallucination inspired by a sarcastic post in its training corpus can trivially breach.
Endo provides another path. Instead of trusting every component with complete control, Endo uses object capabilities and the Principle of Least Authority (POLA) to limit what code can do. Each part receives only the authority it needs. When code is fallible, the damage stays contained. Developers still benefit from rapid progress. They also gain a foundation for safety that becomes increasingly important with each new wave of AI tools. Not only is the container more secure, but the Endo-aware code can enforce policies on other code, whether or not that code is Endo-aware.
With this grant from Foresight Institute, DCF will be able to accelerate two concrete milestones.
- The first is an implementation of the Model Context Protocol or a similar technology that enables an AI to execute JavaScript within a tightly controlled environment.
- The second is a closed-loop capability system that allows the AI to request access to files while keeping the user in charge of each decision.
Together, these milestones show how developers can use AI tools without exposing their machines or organizations to unnecessary risk. AI-generated code often includes hidden bugs or unsafe patterns. Running that code within Endo’s confined environment prevents those mistakes from becoming security incidents. This offers a practical way to reduce supply chain risk at the point where code is created.
At DCF, our mission is to support the technologies and institutions that make cooperation more secure and more resilient. Endo sits at the center of that effort. AI is becoming a partner in how we write and run software. For that partnership to be safe, we need guardrails that actually hold up in real use.
“The agentic AI workforce is becoming a reality at an increasing pace. That pace of development runs the risk of outstripping the guardrails that are needed to protect individuals and institutions,” states Ric Shreves, President of DCF. “In that environment, the research and development of open source public goods that advance AI security is a consequential effort that deserves more attention and greater support. DCF is trying to fill part of that gap.”
The Endo team is eager to show what this approach can unlock. Years of work on object capabilities, HardenedJS, distributed Ocap protocols, and a petname system developed with grants from MetaMask, have laid the foundation. This grant helps us bring those ideas to a broader audience and into tools that developers already use.
Agoric Chief Scientist, Mark S. Miller adds, “Enforcing POLA on AI-written code preserves its functionality when things go well, but minimizes the damage when they do not. Object-capabilities enforce POLA compositionally, so mutually suspicious bits of code can cooperate with minimized risk.”
In the months ahead, we will share progress openly. Every milestone delivery will be public and every artifact will remain open source. Along the way we will publish updates, walkthroughs, and insights from the work as it unfolds.
We are grateful to Foresight Institute for their belief in this direction. Their support helps us move faster and helps shine a light on a problem that is already reaching every developer’s desk. The future of software will involve humans, AIs, and programs working together. Endo exists so they can do that safely.
For more information on Endo visit Endojs.org and check out our blog post outlining the collaborative work between Endo and DCF.
To get the latest and learn more about Foresight Institute, visit Foresight.org
