The thesis: AI Agents are moving data at machine speed across workflows, platforms, and organizations, often without explicit human approval. Conventional security protects locations (firewalls, IAM, DLP), but once an Agent copies a file somewhere new, those controls don't follow. The file is unprotected.
Our approach is a new file primitive called .cake. Every .cake file carries quantum-resistant encryption, section-level access controls (down to individual paragraphs within a document), and tamper-evident audit logging as intrinsic properties. All encryption/decryption happens locally. We never see your files.
The key architectural decisions:
Zero-exposure: keys and encrypted files never coexist in the same place. Even we can't access your content. Section-level granularity: an Agent can be authorized to see one part of a document and redacted from another, within the same file. Every file open is a logged event, so unusual access patterns (an Agent opening hundreds of files in seconds) are caught in real time. We wrote up the full thinking in a whitepaper: https://honeycakefiles.com/whitepaper.html
The desktop app, CLI, and API are live. Happy to answer questions about the architecture or the threat model.