Our claims are peer-review-format, measured on public corpora, and reproducible by a third party. We publish our failure modes as first-class results. Below: the preprints, the numbers, and how to check them yourself.
Status: preprints, submitted to AIS26; peer review in progress. Not yet a published proceedings paper — stated precisely.
Two-Number Prompt-Injection Detection with Post-Quantum, Browser-Verifiable Audit Receipts
A sovereign, CPU-first LLM trust layer. AEGIS reports injection detection and content safety as two never-fused numbers on public corpora; LEDGER/POAW emits FIPS-204 ML-DSA-65-signed, RFC-3161-timestamped, browser-verifiable receipts mapped to EU AI Act Art. 12/Annex IV. Includes a deception-indistinguishability measurement (four attacker models + a same-population control) and candidly disclosed gaps.
Measuring and Mitigating Multilingual Over-Blocking in a Sovereign LLM Injection Firewall
A measured fairness study: an English-tuned guardrail over-blocks non-English benign users 4–5× (16.1% multilingual FPR vs ~4% English, n=46,440). An opt-in stopword-ratio dampener cuts it 20.5%→10.5% at zero English-side change — a non-discrimination dimension the AI Act cares about, measured and mitigated honestly.
The point of the design is that a third party can confirm every claim without trusting our servers.
A real ML-DSA-65-signed credential + RFC-3161 timestamp, checked offline against a published did:web key — no issuer server involved.
Headline metrics regenerate from an open harness over 100% public corpora — no NDA, no private test set. Every value traces to a dated JSON manifest.