Every major shift in the internet's history eventually produced a trust layer.
The web got HTTPS. Email got DKIM. Software got code signing. Financial transactions got cryptographic audit trails.
AI has nothing.
Right now, every AI system on the planet "GPT, Claude, Gemini, Llama," every fine-tuned model deployed in your company's infrastructure, is generating content, code, decisions, and autonomous actions with zero verifiable provenance. There is no cryptographic record of what was generated, when, by which model, under what conditions, or whether it has been altered since.
This isn't a minor gap. It's a civilisational infrastructure hole, and it's getting more dangerous every day AI deployment accelerates.
The problem is already costing real money
Consider what happens today when:
A financial regulator asks a bank to prove exactly what their AI credit scoring system said about a specific customer six months ago. The bank pulls server logs. Maybe. If they were logging the right things. In a format that proves nothing cryptographically.
A court asks a law firm to verify whether a legal brief was AI-generated or human-written, and if AI-generated, which model produced it. There is no reliable answer. AI detectors have proven false positive rates. There is no signed certificate to check.
A healthcare compliance officer needs to document that their AI diagnostic assistant was running with safety constraints active when it produced a recommendation that is now part of a malpractice investigation. They have nothing.
An enterprise CISO discovers their AI agent has been sending customer communications for eight months. A customer dispute requires proving exactly what the agent said. The logs exist but carry no cryptographic integrity, they could have been modified.
These situations are happening right now. Not hypothetically. The legal, financial, and reputational cost runs into billions annually and is growing proportionally with AI deployment.
Why existing solutions don't solve this
Adobe's Content Credentials and the C2PA standard are the closest thing to a solution, and they're genuinely well-designed. But they were built for media: images, video, audio created by humans with AI assistance. They don't address AI-generated text, code, datasets, or autonomous agent actions. They don't handle multi-model pipelines. They have no enterprise compliance layer. And they don't touch open-source model deployments at all.
Watermarking approaches like Google's SynthID are even more limited. Watermarks can be stripped. They provide detection probability, not cryptographic proof. For legal and regulatory purposes, probable is not the same as provable.
There is no SSL/TLS equivalent for AI outputs. No Certificate Authority for AI systems. No standard that says: this content was verifiably generated by this AI system, at this time, under these conditions, and has not been modified since.
What the solution actually looks like technically
The architecture I've been working on centres on a few core components:
An Attestation Object: a signed JSON structure containing the SHA-256 hash of the AI input and output (not the content itself, privacy by design), the model identifier and version hash, a timestamp anchored to an RFC 3161 Timestamp Authority, the provider's cryptographic identity, and active policy constraints at generation time.
A Certificate Hierarchy: Root CA → Provider CA → Per-provider signing certificates, with full X.509 v3 chain validation and OCSP revocation support. Hardware Security Module backed, FIPS 140-2 Level 3.
A Verification Layer: public API, browser extension, SDK integrations, and enterprise plugins that allow any party to verify any attested content independently, without trusting the attestation provider beyond the root certificate.
A Modification Chain: delta attestation for content that is legitimately edited after AI generation, maintaining provenance through the full content lifecycle rather than just the generation event.
The hard technical problems are genuinely interesting:
How do you attest to open-source model outputs where there's no centralised provider to issue certificates?
How do you build multi-model provenance chains when a document passes through GPT-4, Claude, and a Mistral fine-tune before reaching a human?
How do you implement zero-knowledge proofs that verify specific properties of a generation ("safety filtering was active") without revealing the content itself?
How do you design agent action attestation for autonomous AI systems executing real-world actions across multiple sessions?
These are unsolved problems. The cryptographic primitives exist. The systems architecture is tractable. What doesn't exist yet is someone building the full stack with the right combination of cryptographic rigour, enterprise compliance understanding, and the regulatory relationships to make it a standard rather than just a product.
The regulatory window is open right now
The EU AI Act's transparency and audit trail provisions are in enforcement. The US is moving toward AI accountability frameworks. The C2PA standard exists as a foundation but needs a horizontal enterprise implementation layer. No dominant commercial player has claimed this position.
In the history of internet infrastructure, the window between "the standard needs to exist" and "one company owns the standard" is short. Certificate Authorities, DNS registrars, CDN providers, in each case, early movers who achieved regulatory recognition became permanently entrenched infrastructure.
That window is open for AI attestation right now. It will not stay open for long.
What I'm building and who I'm looking for
I've developed an institutional-grade technical blueprint for this infrastructure, the full PKI architecture, attestation object specification, provider integration pathways, regulatory strategy, and business model.
I'm at the stage of finding a technical co-founder to own the cryptographic architecture and backend engineering.
Specifically I'm looking for someone with:
Strong backend engineering (Python, Go, or Rust)
Genuine interest in cryptography, PKI, or security infrastructure
Experience shipping real systems, not just side projects
The ability to work equity-only at this stage while we close our first design partners and accelerator funding
Intellectual curiosity about the problem, this should feel like an interesting engineering challenge, not just a job
What I'm offering is a significant equity stake, a genuinely unsolved problem at the right moment in history, and a blueprint serious enough that three enterprise organisations are already in design partner conversations.
If the technical problem I've described resonates with how you think about infrastructure, or if you have thoughts on the architecture, I'd genuinely like to hear from you. Drop a comment or send me a message.
This is the kind of infrastructure that, if built correctly, becomes invisible and essential. Like all the best infrastructure.
Victor — Founder, AI Notary
Building the trust layer the AI economy doesn't have yet.
Top comments (0)