G

Security Model

Security Model

Overview#

Security in Gao Internet is based on a layered model.

Because Gao combines open protocols, hosted service interfaces, wallets, domains, payments, AI systems, and decentralized infrastructure, security must be approached across multiple layers rather than as a single control point.

This document provides a public overview of the Gao security model.

Security Principles#

Gao Internet follows several core security principles:

  • non-custodial by default

  • least privilege where possible

  • explicit trust boundaries

  • layered defense

  • public transparency for user-facing trust assumptions

  • secure-by-design developer patterns

Layered Security Model#

1. Protocol Layer Security

Core protocols should minimize trust in centralized operators.

Goals include:

  • auditable logic

  • simple and explicit trust assumptions

  • minimized privileged control

  • careful upgrade patterns where applicable

2. Service Layer Security

Hosted Gao services must protect:

  • availability

  • service integrity

  • configuration safety

  • abuse resistance

  • API reliability

3. Wallet and Identity Security

Wallet-linked user flows must preserve user control.

Goals include:

  • self-custody

  • explicit signing intent

  • minimal exposure to phishing-style interactions

  • identity resolution clarity

4. Payment Security

Payment systems must reduce ambiguity and prevent unsafe or misleading flows.

Goals include:

  • explicit payment destinations

  • verifiable metadata

  • replay protection where relevant

  • invoice or request integrity

5. AI and Agent Security

AI-native systems require additional controls.

Goals include:

  • bounded permissions

  • clear execution scope

  • tool access control

  • auditable workflow boundaries

6. Infrastructure Security

DePIN and network-backed services must consider:

  • node reliability

  • service integrity

  • infrastructure abuse

  • update safety

  • dependency risks

Trust Boundaries#

Developers and users should understand the difference between:

  • protocol-level behavior

  • hosted service behavior

  • third-party application behavior

  • wallet behavior

  • chain behavior

Not all Gao-related components carry the same trust model.

A secure Gao integration should explicitly document:

  • what is on-chain

  • what is off-chain

  • what Gao operates

  • what the app developer operates

  • what the user controls

Non-Custodial Design#

Gao is designed around non-custodial interaction patterns.

Gao should not require users to surrender private keys or transfer general custody of assets to use core infrastructure.

Where applications or third parties introduce custodial behavior, they should clearly disclose that behavior to users.

Secure Identity and Domain Flows#

Identity and domain-linked systems should aim to prevent:

  • spoofed resolution

  • ambiguous payment destinations

  • impersonation through UI confusion

  • silent record substitution

Applications should show users clear resolution results before critical actions.

Secure Payment Flows#

Payment-enabled applications on Gao should:

  • clearly display the payee

  • clearly display the asset and amount

  • clearly display the user action being signed

  • use signed metadata or verifiable references where applicable

  • prevent accidental replay or duplicate execution where possible

Applications should never hide the true payment destination behind vague UI.

Service Security#

Hosted Gao services should use strong operational practices, including:

  • access control

  • monitoring

  • dependency management

  • configuration review

  • incident response preparation

  • change control for critical systems

AI and Agent Security Considerations#

AI agents should not receive unlimited authority by default.

Safe AI-native design should include:

  • explicit permissions

  • scoped actions

  • approval boundaries for sensitive actions

  • logging or audit trails where appropriate

  • separation of suggestion and execution where needed

Third-Party Risk#

Third-party applications built on Gao may introduce their own risks.

Gao does not control all applications using the ecosystem.

Users and developers should evaluate:

  • third-party security practices

  • hosting assumptions

  • custody model

  • signing behavior

  • dependency trust

Security Responsibilities#

Gao Responsibilities

Gao-operated services are responsible for protecting the systems they operate.

Developer Responsibilities

Developers are responsible for securing their applications built on Gao.

User Responsibilities

Users are responsible for protecting their wallets, devices, and credentials.

Security is shared across the ecosystem.

Public Security Communication#

Public-facing documentation should clearly explain:

  • trust assumptions

  • known limitations

  • user responsibilities

  • disclosure pathways for vulnerabilities

Security communication should reduce confusion, not create false confidence.

Scope of This Document#

This document is a public overview, not a full internal security playbook.

More detailed security specifications may exist for individual protocol and service components.