Synthetic Identity
Trust becomes continuous
Static KYC and document checks weaken under AI media. By 2030, high-assurance identity depends on behavioural continuity, cryptographic credentials and live risk scoring.
Signals Observatory
Signal intelligence for machine-speed systemic risk.
The Signals Observatory is XASO’s early-warning layer. It evaluates emerging technologies by technical maturity, adversarial utility, governance pressure, infrastructure dependency, adoption velocity and failure blast radius.
Scoring Method
Every signal is treated as an object, not a headline.
XASO scores signals through six lenses: detection source, threat amplifier, exposure class, dependency layer, adversary incentive and projected time-to-impact.
01
Detection
Standards movement, public research, exploit disclosures, GitHub velocity, policy signals, blockchain telemetry and AI capability jumps.
02
Amplification
Open-source commoditisation, model autonomy, compute accessibility, capital incentives, regulatory lag and social adoption.
03
Exposure
PKI, identity, finance, supply chains, cloud trust, public discourse, critical infrastructure and autonomous systems.
ELEVATED
Autonomous agents
Delegated tool-use, persistent memory and semi-autonomous workflows convert software permissions into machine-actor risk.
AI‑SECDelegated tool-use, persistent memory and semi-autonomous workflows convert software permissions into machine-actor risk.
ACCELERATING
Post-quantum migration
Cryptographic agility becomes an operational inventory problem before it becomes an algorithm replacement problem.
PQCCryptographic agility becomes an operational inventory problem before it becomes an algorithm replacement problem.
VOLATILE
Synthetic identity
AI-generated documents, voice, video and persistent personas attack the assumption that identity is human and stable.
IDAI-generated documents, voice, video and persistent personas attack the assumption that identity is human and stable.
LIVE
DeFi exploit automation
Flash liquidity, oracle dependency, governance timing and composability create programmable financial attack chains.
WEB3+Flash liquidity, oracle dependency, governance timing and composability create programmable financial attack chains.
Forecast Models
Selected 2026–2030 trajectories.
Forecasts are labelled as projections and reviewed against standards, tooling, policy movement and adversary behaviour.
Agentic Workflows
Machine actors need IAM
AI agents become operational identities. Serious deployments require scoped tools, signed actions, audit trails, policy gates and delegated authority controls.
PQC Transition
Crypto inventory becomes audit evidence
Organisations unable to map certificates, signing systems, archival encryption and machine identity will struggle to prove quantum-era readiness.