Early Access · All certifications are currently free. Learn more

Research Library

The published research, intelligence feeds, and real-world data that drive the SXM living evaluator. Nothing here is hand-waving.

Our Research

The foundational paper behind the SXM trust framework, submitted for peer review at Emergent Scholarship.

AI University: A Trust Layer for Verifiable AI Agent Skills — Toward Rigorous Development, Testing, and Certification of Autonomous Capabilities

Citation: ES-2026-4759 Words: 4,247 Status: Submitted for peer review Publisher: Emergent Scholarship
As artificial intelligence agents proliferate across industries, their capabilities remain largely unverified, creating a critical trust gap in the emerging agent economy. This paper proposes AI University as a comprehensive trust layer for AI agent skill certification, drawing parallels from established credentialing systems whilst addressing the unique challenges of autonomous capabilities. We present a three-pillar framework for skill certification encompassing functional verification, security auditing, and performance benchmarking.

This paper establishes the theoretical and practical foundation for everything SXM does: why AI skills need independent certification, how the three-pillar framework works, and why continuous re-evaluation is non-negotiable.

Research That Feeds the Evaluator

The SXM evaluator evolves weekly by ingesting research from three distinct streams. Each stream contributes real test patterns that are run against every certified skill.

Published Research & Standards

  • OWASP LLM Top 10 (2026 edition) — mapped directly to our security test suite
  • MITRE ATLAS — adversarial threat landscape taxonomy for AI systems
  • NIST AI Risk Management Framework — governance and risk controls
  • arXiv papers on prompt injection, agent security, and LLM vulnerabilities
Example: The OWASP LLM01:2026 "Prompt Injection" category maps to 14 distinct test patterns in our security pillar, including direct injection, indirect injection via tool outputs, and multi-turn manipulation sequences.
Example: MITRE ATLAS technique AML.T0051 (LLM Prompt Injection) informed our encoding bypass tests, covering Base64, ROT13, Unicode, and mixed-encoding attack vectors.
Example: arXiv paper "Not What You've Signed Up For" (2023) on indirect prompt injection via retrieval-augmented generation led to dedicated RAG poisoning test patterns in the functional pillar.

Real-World Incidents

  • CVE-2026-1847: Unicode homoglyph bypass — became a test pattern within 24 hours of disclosure
  • Security advisories from Anthropic, OpenAI, Google DeepMind, and other major AI providers
  • Production incidents reported by the community and enterprise users
Example: When CVE-2026-1847 revealed that Unicode homoglyph characters could bypass input validation, we added homoglyph injection patterns to the evaluator the same day. Two certified skills were suspended until patched.

Internal Findings

  • Patterns discovered during SXM skill evaluations that reveal new attack surfaces
  • Novel attack vectors found whilst certifying submitted skills
  • Feedback loop: each finding feeds back into the evaluator for all future evaluations
Example: During evaluation of a code generation skill, we discovered that chained tool calls could leak system prompt fragments. This became a new cross-skill contamination test pattern applied to all submissions.

Intelligence Feed

Curated research drops that have directly informed evaluator updates. Each entry links to the source and maps to a certification pillar.

DateTitleRelevance to SXMPillar
10 Feb 2026 Anthropic Safety Lead Resigns: "The World Is In Peril" Internal safety culture at major AI providers directly affects the risk profile of skills built on their models. Validates the need for independent, external certification. Security
10 Feb 2026 Google: The Quantum Era Is Coming. Are We Ready to Secure It? Post-quantum cryptographic readiness informs long-term security patterns. Skills handling sensitive data must prepare for quantum-era threats. Security
10 Feb 2026 Agent Skills: Open Source Skills Marketplace for AI Coding Agents Growing open-source skills ecosystem increases the surface area for uncertified skills. Reinforces the market need for independent verification. Functional
10 Feb 2026 SemiAnalysis: Claude Code Is the Inflection Point Agentic coding tools are becoming primary development interfaces. Performance and reliability benchmarks for these tools feed directly into our performance pillar. Performance
11 Feb 2026 When the AI Goes Dark: Enterprise Resilience for Agentic AI Enterprise resilience patterns inform our failure-mode testing. Skills must degrade gracefully when upstream AI services become unavailable. Functional
11 Feb 2026 Social Workers' AI Tool Makes "Gibberish" Transcripts of Children's Accounts Real-world AI errors in high-stakes settings demonstrate why functional verification must include adversarial and edge-case inputs, not just happy-path testing. Functional
12 Feb 2026 AI Strategies Are Kind of Destined to Fail Enterprise AI deployment failures often stem from unverified capabilities. Independent certification reduces the risk of deploying skills that do not perform as claimed. Performance
12 Feb 2026 Amazon Bans Claude Code, Microsoft Asks Engineers to Test It Divergent enterprise policies on AI tools highlight the need for a neutral trust layer. SXM certification provides a common standard regardless of internal vendor politics. Security
12 Feb 2026 ChatGPT Is in Classrooms: How Should Educators Assess Student Learning? AI assessment in education parallels AI skill assessment. Evaluation methodology research informs how we design robust, cheat-resistant test patterns. Functional

Evolution Timeline

Live feed from the evaluator's evolution history. Every change is logged and available via GET /api/evolution/history.

Invalid Date
internal review
Added timeout handling under resource contention pattern based on evaluation of 5 submitted skills that all failed silently when upstream APIs were slow.
+1 added
Invalid Date
weekly scan
Added cross-skill data contamination, base64-encoded payload bypass, and MCP tool permission scope escalation. Updated environment variable leakage weight to 1.4. Updated memory accumulation test threshold from 50MB to 30MB based on production data.
+3 added 2 updated
Invalid Date
incident response
Emergency pattern added for environment variable leakage via error messages following security advisory sec-advisory-2026-feb-01. All certified skills queued for re-evaluation.
+1 added
Invalid Date
weekly scan
Added Unicode homoglyph bypass (CVE-2026-1847), system prompt extraction via few-shot priming, and output schema drift under adversarial inputs. Updated multi-turn injection weight from 1.0 to 1.5 based on incident frequency.
+3 added 1 updated
Invalid Date
weekly scan
Initial pattern extraction from OWASP LLM Top 10 2026, MITRE ATLAS, and 3 arxiv papers. Added multi-turn injection, indirect injection, graceful degradation, and output schema drift tests.
+4 added

Contribute Research

Help Us Strengthen the Evaluator

Found a vulnerability pattern we should test for? Discovered a new attack vector? We want to hear from you.

research@scientiaexmachina.co

Responsible Disclosure Policy

When we receive a new vulnerability pattern or attack vector:

We prioritise protecting users over publishing findings. Patterns go into the evaluator first. Details come second.