DESTILL.ai shield logoDESTILL.ai Verify a credential โ†’

The Honest Roadmap

What's real and independently verifiable today โ€” and what's still on the roadmap. We publish what we can prove and label the rest.

Two things you can test right now: the in-browser LEDGER verifier and the reproducible AEGIS benchmark. Everything โœ… is backed by passing tests; everything ๐Ÿšง is honestly not done yet.

๐ŸŸข Real today (verifiable)

CapabilityEvidence
ML-DSA-65 signing + verification (FIPS 204, post-quantum)โœ… 25/25 LEDGER tests; in-browser verify live-confirmed
RFC 6962 append-only transparency log (inclusion + consistency proofs)โœ… exhaustively tested across tree sizes
RFC 3161 independent trusted timestampโœ… live against public TSAs (freeTSA, DigiCert)
did:web issuer + browser verifierโœ… resolves & verifies client-side
AEGIS injection: 97.7% TPR / 4.0% FPR, ~1.7msโœ… public corpus, buyer-reproducible
AEGIS content: 79% TPR / 10% FPR (F1 0.814)โœ… on-prem open model

๐ŸŸก Roadmap (not done yet โ€” in the open)

CapabilityHonest status
Hardware key custody (HSM / AWS Nitro Enclave)๐Ÿšง software custody today; keys in process memory
Full TSA certificate-chain verification๐Ÿšง we verify grant + digest-match + time, not yet the cert chain
Production did:web hosting at the live domain๐Ÿšง staging exists; not yet served at /.well-known/did.json
Narrative/roleplay jailbreak recall๐Ÿšง ~16โ€“27% today (wildjailbreak); needs a trained model
๐Ÿ”ป The number we most want you to know we're weak on: against narrative/roleplay jailbreaks, injection recall drops to ~16โ€“27%. Standard injection attacks are caught at 97.7%; story-style ones are the open gap. We'd rather you read it here than discover it in a red-team.

What we retired

STENO, QFVC, and QFAI-C ("compression") were removed after we measured them: STENO's benchmark was salted from its own templates; QFVC wasn't a real codec. We don't sell numbers we can't reproduce.