Public technical overview

Read-only identity evidence for cloud audit logs.

The Generative Identity Forensics and Trust System (GIFTS) turns provider-style audit events into sessionized identity findings, analyst-readable reports, local dashboards, and dry-run response plans without executing provider actions.

Inspect the prototype See evidence updates

Cloud identity demo CloudTrail-style records converted into sessions, findings, dashboard, and response plan.

Public-data result Splunk AWS CreateAccessKey trace: 75 raw events, 39 valid GIFTS sessions.

Analyst console Local review queue, alert state, deep-enrichment queue, and response-preview review.

Safety posture Read-only ingestion, dry-run exports, explicit claim boundaries, and no automatic enforcement.

Why this matters

Identity is an upstream security control point. When identity posture degrades through credential misuse, excessive permissions, weak controls, or misconfiguration drift, attackers can gain legitimate-looking access that slips past many traditional defenses.

What GIFTS does

From provider logs to defensible review packets

GIFTS is currently a reference implementation for cloud identity evidence review. It sessionizes audit events, scores suspicious identity behavior, records what is known and uncertain, and keeps response activity in a governed dry-run lane.

Sessionized identity evidence

Converts CloudTrail, Okta, Entra, GitHub, and local provider exports into a stable session contract for scoring and analyst review.

Workflow findings and reports

Produces JSONL, CSV, markdown reports, dashboards, and triage snapshots that explain why a session needs attention.

Dry-run response governance

Builds response previews and execution ledgers for manual or test-tenant review while keeping provider actions disabled in the public reference package.

Public and lab corpus path

Tracks public datasets, disposable lab traces, conversion-loss reports, and source manifests so future benchmark claims stay reviewable.

Deep and manifold research path

The paper motivates geodesic anomaly detection and manifold diffusion. The current implementation keeps that path demo-scale and labels reconstruction output as analyst-support hypotheses, not facts.

Current evidence

Recent implementation progress is now public-reviewable.

The May 2026 implementation adds a product-shaped cloud identity incident demo, public/lab source cataloging, Splunk public-data validation, and conversion-cap audit reporting. These are still reference-implementation results, not production accuracy claims.

Review demo evidence Open Splunk result note Open GitHub repo

Start here

What you can review today

This public release stays focused on the materials most useful to first-time visitors: the current prototype, the implementation evidence, the publications, and the contact page.

Use the publications, prototype, updates, and contact pages as the main public entry points into the current GIFTS materials.

Review the publications Inspect the prototype See updates Get in touch

Project lead

Public technical work maintained by Kingdom Mutala Akugri

About the work

GIFTS is public technical work by Kingdom Mutala Akugri, whose focus areas include cloud identity and security engineering, anomaly-detection methods, and applied security evaluation. This site is intended to provide a clear public entry point for the research lineage, prototype materials, and technical framing behind GIFTS.

Current public focus areas

cloud identity and access security
applied security evaluation
anomaly detection in security contexts
portable reference architectures for cloud-hosted systems

Why portable

Built to be explainable, reviewable, and adaptable beyond one internal environment

Engineering problem, not only a policy problem

Practical identity assurance depends on measurable controls, repeatable evaluation, and deployment realism. GIFTS is designed around that engineering mindset rather than around abstract policy statements alone.

Cloud-agnostic by design

The framework is intended to produce reusable logic, reference architectures, and evaluation guidance that can be studied and adapted across organizations without requiring one employer-specific implementation.