MICKAI
Article · 30 June 2026

Aletheia: Continuous Internal Audit Backed by Tamper-Evident Evidence

Aletheia turns internal audit from a periodic, sample-based exercise into a continuous control over every AI-assisted test, with each result written to a post-quantum-signed, replayable evidence record your audit committee can trust.

Aletheia: Continuous Internal Audit Backed by Tamper-Evident Evidence
Author
Micky Irons
Published
30 June 2026
Follow Micky Irons
LinkedInX
Sovereign AIMickaiArtificial IntelligenceOpen Audit RecordPatents

The audit committee's hardest question

Aletheia: Continuous Internal Audit Backed by Tamper-Evident Evidence, illustration 1

Every audit committee eventually asks the same thing. How do we know the control actually ran, and how do we know the evidence in front of us has not been altered since? In most regulated firms the honest answer is uncomfortable. Audit runs on samples, on quarterly cycles, and on screenshots and spreadsheets that anyone with access could have edited after the fact. The test happened, but the proof that it happened lives in mutable files that no one can independently verify months later, when a regulator, a litigator, or a board member starts asking.

Aletheia is built to close that gap. It is the audit Studio inside Mickai, the sovereign AI operating system that regulated businesses own and run inside their own walls, on-prem and air-gapped. Aletheia runs control tests continuously rather than periodically, and every test it performs is written to the Operational Audit Record, the OAR: a tamper-evident, post-quantum-signed log that is replayable end to end. This is built and live, not a roadmap concept.

What Aletheia actually does

Aletheia: Continuous Internal Audit Backed by Tamper-Evident Evidence, illustration 2

Aletheia automates the internal audit function the way a senior auditor would run it, then removes the evidence problem that has dogged the profession for decades.

It does three things at once. First, it executes control tests on a continuous basis: access reviews, segregation-of-duties checks, reconciliation tie-outs, change-management approvals, transaction sampling, and policy conformance. Second, it captures the full context of each test as it runs, including the data examined, the rule applied, the model reasoning, and the conclusion reached. Third, it commits that context to the OAR so the result becomes a sealed, independently verifiable fact rather than a claim.

Because Mickai runs inside your perimeter, Aletheia tests the systems it can see directly. There is no export of sensitive records to a public-cloud model, no third-party processor in the chain, and no question about where the data went. For firms that legally cannot send data outside their own walls, that is not a feature. It is the precondition for using AI in audit at all.

Why the OAR changes the evidence conversation

Aletheia: Continuous Internal Audit Backed by Tamper-Evident Evidence, illustration 3

Most audit tooling logs activity. The difference with the OAR is what that log is worth when challenged.

Every entry is cryptographically signed using post-quantum schemes, so a record cannot be forged or back-dated even against an adversary with a future quantum computer. Entries are chained, so removing or editing one breaks the seal on everything after it, which makes silent tampering detectable rather than plausible. And the record is replayable, meaning an auditor or regulator can step back through exactly what Aletheia examined, in what order, against which rule version, and reach the same conclusion independently.

This turns a familiar weakness into a strength. The classic exposure in internal audit is the gap between the test and the evidence of the test. A control owner says the reconciliation passed. The working paper says it passed. But the working paper is a document someone could have produced after the fact. With Aletheia and the OAR, the evidence is generated at the moment of testing, sealed on creation, and verifiable by anyone with the public key. The board stops relying on trust in the process and starts relying on proof of the process.

Continuous, not quarterly

Aletheia: Continuous Internal Audit Backed by Tamper-Evident Evidence, illustration 4

Periodic audit was always a compromise with reality. You cannot manually test every transaction, so you sample, and you sample on a cycle because people are expensive and slow. The cost of that compromise is a blind window between cycles where a failing control looks healthy until the next review.

Aletheia removes the blind window. Controls are tested as conditions change, not when the calendar says so, and exceptions surface as they happen rather than at quarter end. The audit committee moves from a backward-looking sample to a live picture of control health, and every point on that picture is backed by a sealed OAR entry it can drill into. Internal audit stops being a snapshot and becomes a continuous assurance layer.

Where Aletheia sits in the wider system

Aletheia: Continuous Internal Audit Backed by Tamper-Evident Evidence, illustration 5

Aletheia is one of the Greek-named Studio modules inside Mickai, alongside Nomos for compliance, Astraea for legal, Nemesis for fraud and AML, Tyche for underwriting, and others. They share the same substrate and the same OAR, which means audit does not sit in a silo. When Nomos enforces a policy or Nemesis flags a transaction, Aletheia can test that the control behaved as designed, and the whole chain is written to one verifiable record. The OAR is also available on its own as OAR-as-a-Service for firms that want the tamper-evident evidence layer under their existing systems.

This matters for the buyer on both sides of the table. A regulated enterprise gets an audit function it owns outright. A platform or vendor that needs to prove its own controls gets an evidence layer it can license. Mickai is positioned as an ally to the wider AI ecosystem, not a replacement for it, and the OAR is a clear example: it is a trust substrate other systems can build on.

The moat under the claims

Aletheia: Continuous Internal Audit Backed by Tamper-Evident Evidence, illustration 6

None of this is incidental. Mickai holds 104 filed UK patent applications carrying roughly 2,340 claims, owned by Mickai LTD, with myself as inventor. These are filed rather than granted, and the point of filing is to establish priority and build a prior-art moat around the architecture, including the tamper-evident, post-quantum-signed audit record that Aletheia depends on.

The wider opportunity is well defined. Roughly 0.85 million UK businesses, about 15 percent, and around 5 million across the EU sit under rules that make public-cloud AI legally difficult, from PRA SS2/21 and UK GDPR special-category data to the NHS DSP Toolkit, the EU AI Act high-risk regime, ITAR and EAR, NIS Regulations, and the reach of the US CLOUD Act. The sovereign AI market is projected to grow from around USD 40 billion in 2025 to USD 148 billion by 2032. As a third-party momentum signal, in June 2026 I was ranked number four on Crunchbase by CB Rank for a person, with the Mickai company profile in the global top one to two percent. That is a dated snapshot of traction rather than a permanent claim, and we are building to scale from it. Mickai is a UK company with Birmingham manufacturing secured.

Getting involved

A pre-seed window is open to selected partners as Mickai scales. This is an invitation to get involved early in a sovereign AI operating system that is already built and live, not a sign of need. If your firm carries audit and assurance obligations that public-cloud AI cannot satisfy, or you want to evaluate Aletheia and the OAR inside your own walls, I would like to talk.

Reach me directly at micky@mickai.co.uk.

Micky Irons, founder and CEO of Mickai.

Frequently asked questions

What is Aletheia?

Aletheia is the audit Studio inside Mickai, the sovereign AI operating system. It runs internal audit control tests continuously rather than periodically and writes every test to a tamper-evident, post-quantum-signed evidence record called the OAR. It is built and live, and it runs inside a firm's own walls, on-prem or air-gapped.

What is the OAR and why does it matter for audit?

The Operational Audit Record is a tamper-evident, post-quantum-signed, chained log of every test Aletheia performs. Entries are signed on creation and chained so editing one breaks the seal on everything after it, which makes silent tampering detectable. The record is replayable, so an auditor or regulator can step back through exactly what was examined and reach the same conclusion independently.

How is this different from normal internal audit tooling?

Most tooling samples on a quarterly cycle and stores evidence in mutable files that could be edited after the fact. Aletheia tests controls continuously and seals the evidence at the moment of testing, so the board relies on proof of the process rather than trust in it.

Does Aletheia send our data to a public cloud?

No. Mickai runs inside your perimeter, on-prem or air-gapped. Aletheia tests the systems it can see directly, with no export to a public-cloud model and no third-party processor in the chain. For firms that legally cannot send data outside their walls, that is the precondition for using AI in audit at all.

How can I evaluate Aletheia or get involved?

A pre-seed window is open to selected partners as Mickai scales, and firms can request to evaluate Aletheia and the OAR inside their own walls. Contact Micky Irons, founder and CEO of Mickai, at micky@mickai.co.uk.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/aletheia-continuous-internal-audit-with-tamper-evident-evidence. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles