MICKAI
Article · 1 July 2026

Aletheia for Trade Surveillance: Continuous Internal Audit With Tamper-Evident Evidence

Aletheia runs always-on internal audit across trading and surveillance data inside your own walls, producing post-quantum-signed evidence a regulator can verify after the fact.

Aletheia for Trade Surveillance: Continuous Internal Audit With Tamper-Evident Evidence
Author
Micky Irons
Published
1 July 2026
Follow Micky Irons
LinkedInX
Sovereign AIMickaiArtificial IntelligenceOpen Audit RecordPatents

The problem with surveillance you cannot prove

Aletheia for Trade Surveillance: Continuous Internal Audit With Tamper-Evident Evidence, illustration 1

Trade surveillance has a quiet weakness that compliance teams know well. The alerts fire, the cases get worked, the suppressions get logged, and then the model gets tuned again next quarter. When a regulator asks what the system actually did on a given day, the honest answer is often a reconstruction. Logs rotate. Thresholds were changed by someone who has since left. The vendor cannot tell you which version of which rule scored a trade eighteen months ago, and even if they could, you have no independent way to prove the record was not edited after the fact.

That gap is not a tooling problem. It is an evidence problem. Surveillance generates findings, but it rarely generates proof. Aletheia, the audit Studio inside Mickai, is built to close that gap by treating internal audit as a continuous, always-on process that writes tamper-evident evidence as it runs.

Mickai is a sovereign AI operating system, an SIOS. It is AI that a regulated business owns and runs inside its own walls, on-prem and air-gapped, with every action written to a tamper-evident, post-quantum-signed audit record we call the OAR. Aletheia is the Studio that turns that substrate into a working internal-audit capability for capital markets. It is built and live.

What continuous internal audit actually means

Aletheia for Trade Surveillance: Continuous Internal Audit With Tamper-Evident Evidence, illustration 2

Most internal audit is periodic. A team samples a window of activity, tests controls against a checklist, writes findings, and moves on. The model assumes that what happened between samples is broadly representative of what happened during them. In trading and surveillance, that assumption breaks. The interesting behaviour is rarely average. It clusters around month-end, around volatile sessions, around the exact moments your sampling is least likely to catch.

Aletheia inverts the model. Instead of sampling, it observes the full population continuously. It sits over your trade capture, your order management data, your communications surveillance output, and your existing alert engine, and it audits the controls themselves on every event rather than on a quarterly slice. Did the suppression that closed this alert follow policy? Was the threshold in force at the time the one that governance approved? Did a model recalibration happen outside the change-control window? These are control questions, and Aletheia asks them constantly rather than retrospectively.

The result is that internal audit stops being a backward-looking report and becomes a live state of assurance. You always know, right now, whether your surveillance controls are operating as designed, because the audit is running with them rather than after them.

Tamper-evident evidence is the point

Aletheia for Trade Surveillance: Continuous Internal Audit With Tamper-Evident Evidence, illustration 3

The difference between a log and evidence is whether anyone can trust it after the fact. A log you can edit is a note. Evidence is a record that proves its own integrity.

Every observation Aletheia makes is written to the OAR, the Mickai audit record. Each entry is hashed, chained to the entries before it, and signed with post-quantum cryptography. That last part matters more than it sounds. The audit records a regulated firm produces today need to remain verifiable for years, and the cryptographic assumptions that protect a signature today are not guaranteed to hold against the computers of the next decade. Post-quantum signing means the evidence Aletheia writes now is built to survive that horizon. A record signed in 2026 should still be provably untampered when someone reads it back long after the people who made it have moved on.

Because the record is chained and signed, a regulator, an external auditor, or your own second line can verify it independently. They do not have to trust Mickai, and they do not have to trust your operations team. They check the signatures and the chain, and either the evidence is intact or it is not. There is no quiet edit, no convenient gap, no "the logs from that period were lost." That is what after-the-fact verifiability means, and it is the property surveillance has been missing.

Why it has to run inside your walls

Aletheia for Trade Surveillance: Continuous Internal Audit With Tamper-Evident Evidence, illustration 4

Trade and surveillance data is among the most sensitive a firm holds. It is order flow, it is client identity, it is communications content, it is the firm's own positioning. Sending that to a third-party cloud to be audited recreates the exact exposure that PRA SS2/21, UK GDPR special-category handling, the NIS Regulations, and the CLOUD Act were written to address. For a large share of the market, public-cloud AI is not a risk decision at all. It is legally barred.

Aletheia runs on-prem and can run fully air-gapped. The data never leaves the building, the model never phones home, and the audit evidence is generated and held under the firm's own control. This is the structural reason the sovereign approach exists. Around 0.85 million UK businesses, roughly fifteen percent, sit under rules that keep them off public-cloud AI, with a further five million across the EU in the same position. The sovereign AI market reflects that pressure, growing from about 40 billion US dollars in 2025 toward 148 billion by 2032. Continuous internal audit is one of the clearest expressions of why on-prem matters. The whole value of the evidence collapses the moment it leaves your custody.

A Studio, not a point tool

Aletheia for Trade Surveillance: Continuous Internal Audit With Tamper-Evident Evidence, illustration 5

Aletheia is one of the Greek-named Studios that run on the Mickai substrate. Nemesis covers fraud and AML, Plutus covers finance, Nomos covers compliance, Astraea covers legal, and Aletheia covers audit. They share the same sovereign runtime and the same OAR, which means a finding in your surveillance audit and a case in Nemesis and a control test in Nomos all write to the same tamper-evident record. Internal audit stops being an island. It becomes a continuous read across the controls the rest of the business already runs, with one consistent evidentiary spine underneath all of it.

That shared substrate is the moat. Mickai holds 104 filed UK patent applications, roughly 2,340 claims, in the name of Mickai LTD, with myself as inventor. They are filed rather than granted, which gives a priority position and a prior-art moat rather than a marketing line. The sovereign audit record, the post-quantum signing path, and the way Studios share verifiable evidence are protected at the foundation, not bolted on at the surface.

Where this sits in the category

Aletheia for Trade Surveillance: Continuous Internal Audit With Tamper-Evident Evidence, illustration 6

Continuous, verifiable internal audit on sovereign infrastructure is precisely the kind of capability a hyperscaler cannot easily offer, because the proposition depends on the data never reaching them. That makes it a category an ally would want to own rather than compete with, and it is why the dual-buyer thesis holds. The IP estate and the on-prem requirement underwrite the enterprise value together.

The category is being recognised externally. In June 2026, Crunchbase ranked Micky Irons number four, with the Mickai company profile placing in the top one to two percent globally. That is a third-party momentum signal, not a finish line. Mickai is a UK company with Birmingham manufacturing secured, built and live, and building to scale.

If your firm carries surveillance obligations and you want internal audit that produces evidence a regulator can verify rather than reports they have to take on trust, I would like to talk. Reach me directly at micky@mickai.co.uk.

FAQ

Some quick answers for teams evaluating sovereign continuous audit for trade surveillance.

Frequently asked questions

What is Aletheia?

Aletheia is the audit Studio inside Mickai, the sovereign AI operating system. It runs continuous, always-on internal audit across trading and surveillance data and writes every observation to the OAR, a tamper-evident, post-quantum-signed audit record. It is built and live.

How is continuous audit different from periodic internal audit?

Periodic audit samples a window of activity and assumes it represents the rest. Aletheia observes the full population continuously and tests the controls themselves on every event, so you always know in real time whether your surveillance controls are operating as designed.

What does post-quantum-signed evidence mean for a regulator?

Each OAR entry is hashed, chained to the entries before it, and signed with post-quantum cryptography. A regulator, external auditor, or your own second line can verify the signatures and the chain independently, without trusting Mickai or your operations team. The evidence is built to remain verifiable for years.

Why does Aletheia have to run on-prem?

Trade and surveillance data is among the most sensitive a firm holds, and sending it to a third-party cloud recreates the exposure that PRA SS2/21, UK GDPR special-category handling, the NIS Regulations, and the CLOUD Act address. Aletheia runs on-prem and can run fully air-gapped, so the data and the evidence never leave the firm's custody.

How does Aletheia connect to the other Mickai Studios?

Aletheia shares the same sovereign runtime and the same OAR as the other Greek-named Studios, including Nemesis for fraud and AML and Nomos for compliance. Findings, cases, and control tests all write to one consistent tamper-evident record, giving internal audit a continuous read across the controls the business already runs.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/aletheia-continuous-audit-for-capital-markets-trade-surveillance. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles