diff --git a/literate/neurosymbolic.org b/literate/neurosymbolic.org
index ae009b3..224a603 100644
--- a/literate/neurosymbolic.org
+++ b/literate/neurosymbolic.org
@@ -45,10 +45,10 @@ The harness maintains a neutral registry of backends. Skills (like the LLM Gatew
 #+end_src
 
 ** Provider Cascade
-Intelligence is often a matter of availability. The cascade defines the order in which backends are attempted. Skills can dynamically override this list to optimize for cost, speed, or privacy.
+The ordered list of backends to attempt for neural reasoning. This list is ~nil~ by default and must be populated by skills (e.g., the LLM Gateway or Token Accountant) during the harness boot sequence.
 
 #+begin_src lisp :tangle ../src/neuro.lisp
-(defvar *provider-cascade* '(:openrouter :gemini-api))
+(defvar *provider-cascade* nil)
 #+end_src
 
 ** Register Associative Backend
diff --git a/literate/protocol.org b/literate/protocol.org
index 89602c3..ecf9aee 100644
--- a/literate/protocol.org
+++ b/literate/protocol.org
@@ -66,13 +66,14 @@ The ~frame-message~ function prepares an outgoing Lisp string for transmission.
   (let ((len (length msg-string))
         (enforce-hmac (uiop:getenv "HARNESS_PROTOCOL_ENFORCE_HMAC")))
     (if (and enforce-hmac (string-equal enforce-hmac "true"))
-        (let* ((secret (or (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET") "default-insecure-key"))
-               (key (ironclad:ascii-string-to-byte-array secret))
-               (hmac (ironclad:make-mac :hmac key :sha256))
-               (payload-bytes (ironclad:ascii-string-to-byte-array msg-string)))
-          (ironclad:update-mac hmac payload-bytes)
-          (let ((signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
-            (format nil "~(~6,'0x~)~a~a" len signature msg-string)))
+        (let ((secret (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET")))
+          (unless secret (error "HARNESS_PROTOCOL_HMAC_SECRET is required when security is enabled."))
+          (let* ((key (ironclad:ascii-string-to-byte-array secret))
+                 (hmac (ironclad:make-mac :hmac key :sha256))
+                 (payload-bytes (ironclad:ascii-string-to-byte-array msg-string)))
+            (ironclad:update-mac hmac payload-bytes)
+            (let ((signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
+              (format nil "~(~6,'0x~)~a~a" len signature msg-string))))
         (format nil "~(~6,'0x~)~a" len msg-string))))
 #+end_src
 
@@ -100,14 +101,15 @@ Parsing is the high-security inverse of framing. This function acts as the final
         (error "Message length mismatch. Expected ~a, got ~a" expected-len (length actual-msg)))
       
       (when use-hmac
-        (let* ((secret (or (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET") "default-insecure-key"))
-               (key (ironclad:ascii-string-to-byte-array secret))
-               (hmac (ironclad:make-mac :hmac key :sha256))
-               (payload-bytes (ironclad:ascii-string-to-byte-array actual-msg)))
-          (ironclad:update-mac hmac payload-bytes)
-          (let ((expected-signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
-            (unless (string-equal signature expected-signature)
-              (error "Harness Protocol Integrity Failure: HMAC mismatch")))))
+        (let ((secret (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET")))
+          (unless secret (error "HARNESS_PROTOCOL_HMAC_SECRET is required when security is enabled."))
+          (let* ((key (ironclad:ascii-string-to-byte-array secret))
+                 (hmac (ironclad:make-mac :hmac key :sha256))
+                 (payload-bytes (ironclad:ascii-string-to-byte-array actual-msg)))
+            (ironclad:update-mac hmac payload-bytes)
+            (let ((expected-signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
+              (unless (string-equal signature expected-signature)
+                (error "Harness Protocol Integrity Failure: HMAC mismatch"))))))
       
       ;; SECURITY: Disable the reader's ability to execute code during parsing
       (let ((*read-eval* nil))
diff --git a/src/neuro.lisp b/src/neuro.lisp
index 016e1e7..2af3735 100644
--- a/src/neuro.lisp
+++ b/src/neuro.lisp
@@ -2,7 +2,7 @@
 
 (defvar *neuro-backends* (make-hash-table :test 'equal))
 
-(defvar *provider-cascade* '(:openrouter :gemini-api))
+(defvar *provider-cascade* nil)
 
 (defun register-neuro-backend (name fn) (setf (gethash name *neuro-backends*) fn))
 
diff --git a/src/protocol.lisp b/src/protocol.lisp
index af96068..897a3bd 100644
--- a/src/protocol.lisp
+++ b/src/protocol.lisp
@@ -13,13 +13,14 @@
   (let ((len (length msg-string))
         (enforce-hmac (uiop:getenv "HARNESS_PROTOCOL_ENFORCE_HMAC")))
     (if (and enforce-hmac (string-equal enforce-hmac "true"))
-        (let* ((secret (or (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET") "default-insecure-key"))
-               (key (ironclad:ascii-string-to-byte-array secret))
-               (hmac (ironclad:make-mac :hmac key :sha256))
-               (payload-bytes (ironclad:ascii-string-to-byte-array msg-string)))
-          (ironclad:update-mac hmac payload-bytes)
-          (let ((signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
-            (format nil "~(~6,'0x~)~a~a" len signature msg-string)))
+        (let ((secret (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET")))
+          (unless secret (error "HARNESS_PROTOCOL_HMAC_SECRET is required when security is enabled."))
+          (let* ((key (ironclad:ascii-string-to-byte-array secret))
+                 (hmac (ironclad:make-mac :hmac key :sha256))
+                 (payload-bytes (ironclad:ascii-string-to-byte-array msg-string)))
+            (ironclad:update-mac hmac payload-bytes)
+            (let ((signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
+              (format nil "~(~6,'0x~)~a~a" len signature msg-string))))
         (format nil "~(~6,'0x~)~a" len msg-string))))
 
 (defun parse-message (framed-string)
@@ -42,14 +43,15 @@
         (error "Message length mismatch. Expected ~a, got ~a" expected-len (length actual-msg)))
       
       (when use-hmac
-        (let* ((secret (or (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET") "default-insecure-key"))
-               (key (ironclad:ascii-string-to-byte-array secret))
-               (hmac (ironclad:make-mac :hmac key :sha256))
-               (payload-bytes (ironclad:ascii-string-to-byte-array actual-msg)))
-          (ironclad:update-mac hmac payload-bytes)
-          (let ((expected-signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
-            (unless (string-equal signature expected-signature)
-              (error "Harness Protocol Integrity Failure: HMAC mismatch")))))
+        (let ((secret (uiop:getenv "HARNESS_PROTOCOL_HMAC_SECRET")))
+          (unless secret (error "HARNESS_PROTOCOL_HMAC_SECRET is required when security is enabled."))
+          (let* ((key (ironclad:ascii-string-to-byte-array secret))
+                 (hmac (ironclad:make-mac :hmac key :sha256))
+                 (payload-bytes (ironclad:ascii-string-to-byte-array actual-msg)))
+            (ironclad:update-mac hmac payload-bytes)
+            (let ((expected-signature (ironclad:byte-array-to-hex-string (ironclad:produce-mac hmac))))
+              (unless (string-equal signature expected-signature)
+                (error "Harness Protocol Integrity Failure: HMAC mismatch"))))))
       
       ;; SECURITY: Disable the reader's ability to execute code during parsing
       (let ((*read-eval* nil))