GI GIFTS Generative Identity Forensics and Trust System
Technical overview

Identity assurance as a measurable engineering discipline.

GIFTS treats cloud identity review as an evidence workflow: collect read-only audit events, normalize them into identity sessions, score risky behavior, preserve uncertainty, and keep response decisions reviewable.

Problem framing

Why identity assurance needs more than one-time review

Identity systems govern access to cloud-hosted services, data paths, and administrative control surfaces. Many modern attacks rely on valid credentials, privilege misuse, policy gaps, and configuration drift rather than obviously malicious code alone. That means defensive value depends on traceable evidence, repeatable review, and clear separation between observed facts and hypotheses.

GIFTS is meant to help close that gap with portable methods that can be reviewed publicly and adapted across organizations.

Implementation shape

Five technical elements shape the current public package

1. Provider adapters and session contract

Normalizes CloudTrail, Okta, Entra, GitHub, and local provider exports into a stable identity-session contract with event IDs and reviewable identity context.

2. Policy-first scoring and explanations

Scores sessions with versioned policies, records top signals, preserves suppressions and baseline context, and writes analyst-readable reports.

3. Analyst operations layer

Stores findings in a local run store, supports reviews, alert states, response previews, dashboard views, and evidence bundles without sending notifications.

4. Public and lab evidence intake

Catalogs public/lab/private source candidates, transforms public CloudTrail-like data, and audits conversion loss before treating a trace as benchmark evidence.

5. Deep-path research layer

Keeps manifold/diffusion reconstruction as an analyst-support path with queue state, model-bundle status, calibration warnings, and uncertainty notes.

Deployment mindset

The public package stays read-only and local-first. It is designed to make a pilot evidence trail easier to inspect before any production deployment claim.

Public review scope

What is available publicly on this site

Included in the public site

  • framework summary and design overview
  • publication details and article links
  • cloud identity demo dashboard, report, triage snapshot, and response plan
  • current reference archive, GitHub repo, and public-data result note

Not part of the public release

  • proprietary employer systems
  • customer data
  • restricted operational workflows
  • confidential source code or internal implementation details
Continue reading

Next, review the publications or inspect the prototype package.

The publications page anchors the research record. The prototype page shows what is available for direct technical review.

Publications Prototype Updates