About

I'm Daniele. I live in Rome. I keep this notebook as an exercise in thinking out loud, a place to take the questions slowly, before trying to answer them.

I was studying Active Directory and how it gets attacked: Kerberoasting, delegation abuse, the small misconfigurations that quietly hand someone the keys. Around the same time I was using AI tools every day, and a literal question stuck: can my agent talk to someone else's agent? Because if it can, everyone in a company is going to have one, talking to others, doing things on their behalf.

At first I thought of it as an AD for agents: a directory inside the company that knows who every agent is and what it's allowed to do. But the moment two agents needed to talk across organizations, the AD model fell apart. Cross-org isn't a directory problem; it's federation. Two parties without a shared root of trust, still needing to talk safely, with no one holding the keys to both.

That shape is where Cullis ended up: a federated trust fabric for AI agents, with no central authority that can compromise everyone at once. It's open source, and I've been working on it as a solo founder for a little while now. I'm not sure of many of the choices I'm making, and this notebook is one of the places where I lay them out and see which ones hold up read aloud.

If you think about the same problem from a different angle, or have a reason to tell me I've taken a wrong turn, I'd like to hear from you. For Cullis: hello@cullis.io. Everything else: me@mazzolad.com. Code lives on GitHub. I reply, sometimes slowly.