Demonstrated, not asserted

Research & independent-verifiable evidence

Our claims are peer-review-format, measured on public corpora, and reproducible by a third party. We publish our failure modes as first-class results. Below: the preprints, the numbers, and how to check them yourself.

Preprints

Two working papers — AI Summit Styria 2026 (IT-Security)

Status: preprints, submitted to AIS26; peer review in progress. Not yet a published proceedings paper — stated precisely.

Preprint · in reviewIEEE formatPost-quantumEU AI Act

A Sovereign, Reproducible Trust Layer for LLM Systems

Two-Number Prompt-Injection Detection with Post-Quantum, Browser-Verifiable Audit Receipts

A sovereign, CPU-first LLM trust layer. AEGIS reports injection detection and content safety as two never-fused numbers on public corpora; LEDGER/POAW emits FIPS-204 ML-DSA-65-signed, RFC-3161-timestamped, browser-verifiable receipts mapped to EU AI Act Art. 12/Annex IV. Includes a deception-indistinguishability measurement (four attacker models + a same-population control) and candidly disclosed gaps.

97.7% / 4.0%injection TPR / FPR
3309-bytereal ML-DSA-65 sigs
96crypto assertions
Download PDF (5 pp)
Preprint · in reviewIEEE formatFairnessMultilingual

English-Tuned by Default

Measuring and Mitigating Multilingual Over-Blocking in a Sovereign LLM Injection Firewall

A measured fairness study: an English-tuned guardrail over-blocks non-English benign users 4–5× (16.1% multilingual FPR vs ~4% English, n=46,440). An opt-in stopword-ratio dampener cuts it 20.5%→10.5% at zero English-side change — a non-discrimination dimension the AI Act cares about, measured and mitigated honestly.

16.1%multilingual benign FPR
→10.5%opt-in dampener
n=46,440public corpus
Download PDF (4 pp)
Don't trust us — check it

Independently verifiable

The point of the design is that a third party can confirm every claim without trusting our servers.

Browser-verify a receipt

A real ML-DSA-65-signed credential + RFC-3161 timestamp, checked offline against a published did:web key — no issuer server involved.

Open the verifier →

Reproduce the numbers

Headline metrics regenerate from an open harness over 100% public corpora — no NDA, no private test set. Every value traces to a dated JSON manifest.

  • Two-number scorecard, one command
  • Public corpora only
  • Dated, traceable manifests

▶ 60-second POAW explainer

Honest scope. Two subsystems are proven and measured (AEGIS injection guardrail; POAW audit substrate); other cascade layers are research and labelled as such. We disclose gaps in the same breath as strengths — narrative-jailbreak detection is capped, key custody is software-only today (hardware roadmap), and "mapping to EU AI Act duties" is not a claim of conformity. Core methods are patent pending (provisional filed 04/2026; non-provisional filed). This restraint is deliberate — it is why the evidence is trustworthy.