A Security Claim You Cannot Verify Is Marketing

A claim you cannot check is not a security claim. It is a sentence.

That is the distinction the year 2026 has dragged into the open. We have spent a decade building an industry that produces assurances and almost none of it producing proof. A vendor tells you the model is safe. A report tells you the bug is real. A database tells you the flaw is critical. Each of these is an assertion, and an assertion is worth only what you can do to test it. When the answer is nothing, when your only available move is to trust the source, the assertion has stopped being security and become a kind of advertising. It markets confidence. It delivers nothing you can stand on in front of a regulator, or in front of a counterparty who has decided, sensibly, to trust no one.

The year the disclosures stopped being checkable

Look at what happened to one of the most respected open source projects in the world. In January 2026 its maintainers closed their bug bounty programme, accepting no new submissions. The reason was not a shortage of researchers. It was a flood of them, or rather a flood of machine-generated reports wearing the costume of research. Around a fifth of submissions in the prior year were what the project came to call slop: technically fluent text describing vulnerabilities that did not exist, citing code that was never written. Only a sliver of all reports described a genuine, security-relevant flaw. A programme six years old, having paid out tens of thousands of dollars, was shut down because the cost of disproving false claims had overwhelmed the value of finding true ones.

Sit with the asymmetry, because it is the whole story. Generating a plausible vulnerability claim now costs seconds. Verifying it costs a maintainer, often an unpaid volunteer, hours or days. When a claim cannot be cheaply reproduced, the claimant wins by default and the defender drowns. The market did not reward better security. It rewarded the appearance of it, produced at scale, and the people doing the actual checking walked away.

When the registry of record loses the ability to verify

The rot is not confined to one project's inbox. In April 2026 the national body that maintains the United States vulnerability database, the registry the entire software industry treats as ground truth, conceded that it would no longer enrich most entries. It would analyse only the highest-risk vulnerabilities, those known to be exploited or affecting federal and critical software. Everything else now sits in a queue marked not scheduled. The backlog had swollen from roughly thirteen thousand unprocessed entries in mid 2024 to more than twenty-seven thousand by the end of 2025, with submissions for 2026 projected to pass sixty thousand.

Then an independent oversight review delivered the line that should end a thousand procurement conversations. When independent evaluators rescored the database's severity ratings, the official scores matched their judgement only around an eighth of the time. Three quarters of surveyed users said they had already reduced their reliance on it. The registry of record had become a registry of assertions that the record keeper itself could no longer verify. The number in the field said critical. There was no longer anyone behind it who had checked.

Trust is not a feeling, it is a property of the system

Here is the principle underneath both stories, and it is older than artificial intelligence. Trust is not a virtue you extend to a counterparty. It is a property you either build into a system or leave out of it. A disclosure that asks you to take the vendor's word has externalised the cost of verification onto you, then quietly removed your ability to pay it. The incentives point the wrong way. The party making the claim is rewarded for volume and confidence. The party relying on the claim bears the whole burden of proof and is handed no tools to discharge it.

Regulators have noticed, which is why the language of the new rules is the language of evidence rather than attestation. The European Union Artificial Intelligence Act, whose high-risk obligations become enforceable in August 2026, does not ask providers to promise their systems are traceable. Its logging provisions require records that are tamper evident, automatically generated, retained, and capable of being examined. The standard is shifting from tell me it is safe to show me a record I can inspect without your cooperation. That second demand is the only one a serious counterparty has ever cared about.

What a checkable record actually requires

I built Mickai because I was tired of being asked to take things on faith, and I refuse to ask anyone to take Mickai on faith either. Mickai is a Sovereign Intelligence Operating System: fifty brains, twenty-five domain and twenty-five operational, running on the Poseidon silicon substrate. None of that matters to the argument I am making here. What matters is the Open Audit Record, and how it is constructed, because it is built to satisfy exactly the party who trusts nothing.

Every action the system takes is signed before it executes, not described afterward. The signature lands first, then the act follows, so the record cannot be a flattering reconstruction written once the outcome is known. The records form an append-only, hash-chained ledger, where each entry binds to the one before it, so a single altered line breaks the chain and the break is visible to anyone who looks. The signatures are post-quantum, using the Module Lattice Digital Signature Algorithm at parameter set sixty-five, the scheme finalised as Federal Information Processing Standard 204 in August 2024. And the whole thing is verifiable offline, by a verifier that runs in the browser, with no network call and no request made of us. You do not ask Mickai whether the record is sound. You check it yourself, on your own machine, against mathematics rather than against my reputation.

The claim should stand or fall on evidence

To make the proof durable rather than merely local, the audit root anchors to Pantheon, Mickai's sovereign Layer 1 blockchain, whose own root settles to Bitcoin. The point is not the chain for its own sake. The point is that the record's integrity no longer depends on anyone choosing to behave well, me least of all. This is also why I am precise about Mickai's own posture. The company is Mickai LTD, Companies House number 17166618, in the United Kingdom. We hold one hundred and one filed United Kingdom patent applications across roughly two thousand two hundred and thirty-four claims, owned by the company, with myself as named inventor. They are filed. I will tell you only that they are filed, because anything more would be a claim you would have to take on trust, and the entire point of this essay is that you should not have to.

So let me end where these two collapses force us to end. A security claim that cannot be independently verified is marketing. It may be sincere marketing. It may even be true. But to a regulator, to a counterparty, to a maintainer buried under a thousand confident lies, sincerity and truth that cannot be checked are worth precisely nothing. The only disclosure that survives the year we are living through is one designed so the claim stands or falls on evidence a sceptic can examine alone. Build that, and you no longer need to be believed. Fail to build it, and no amount of reputation will save you, because reputation was never the thing being tested. The record was.