DEV Community: Micky Irons

The foundational UK sovereign-AI patents are filed. The collaboration door is open.

Micky Irons — Sun, 03 May 2026 02:43:49 +0000

The foundational UK sovereign-AI patents are filed

21 UK patent applications. 675 cryptographically signed claims. One inventor (Micky Irons). One filing reference (UK00004373277).

Ten of those twenty-one are load-bearing for any vendor building sovereign AI infrastructure for UK government, healthcare, defence, finance, or regulated enterprise.

## The load-bearing ten

1. **Trust Agent (Patent 01)** — privacy router and tamper-evident audit ledger
2. **Sovereign Security Framework (Patent 03)** — egress firewall, injection detection, per-tool rate limits
3. **Adaptive Multi-Tenant OS (Patent 04)** — cryptographic tenant isolation with voice-gated switching
4. **Privacy-Preserving Sovereign RAG (Patent 05)** — clearance-ceiling retrieval; absence indistinguishable from nonexistence
5. **Quantum-Safe Attestation, ML-DSA-65 (Patent 08)** — FIPS 204 signed audit ledger
6. **Typed-Action Ontology (Patent 12)** — hardware-bound actor identity, inverse-action schema
7. **First-Class Actions with Compensating Rollback (Patent 14)** — regulator-issued retroactive undo
8. **Decision Lineage and PQ-Signed Audit Ledger (Patent 16)** — causal DAG, regulator-verifiable
9. **Granular Row/Column ACL (Patent 18)** — per-voiceprint revocation with retroactive flagging
10. **Sentinel (Patent 21)** — universal AI-agent action interceptor + signed audit (91 new claims)

## An open invitation to collaborate

We would rather build with you than around you. The portfolio above was filed to make sovereign AI in the UK structurally British and structurally auditable. It was not filed to shut anyone out.

We are explicitly open to:

- Licensing collaborations with vendors building sovereign AI for UK government, NHS, defence, financial regulators, or regulated enterprise
- Joint architecture work with primes tendering for UK sovereign-AI contracts
- Engineering partnerships to integrate specific Mickai primitives (clearance-ceiling RAG, Sentinel, post-quantum signed audit) into existing platforms
- Defensive cross-licensing with peer sovereign-AI vendors to keep the substrate open for British operators

The contact is **press@mickai.co.uk**. The licensing path is direct, from the inventor.

[Read the full article on mickai.co.uk](https://mickai.co.uk/articles/twenty-one-uk-sovereign-ai-patents-collaboration-open)

*Originally published at [mickai.co.uk](https://mickai.co.uk/articles/twenty-one-uk-sovereign-ai-patents-collaboration-open).*

MCP marketplaces shipped LOLBAS malware. We audited 256 agents.

Micky Irons — Sun, 03 May 2026 02:15:33 +0000

I downloaded an AI agent. It was wired to invoke malware.

Six months ago a Mickai engineer downloaded an AI agent from a public MCP (Model Context Protocol) marketplace. It was wired to invoke a Living-Off-the-Land Binary (LOLBAS) chain that downloaded a remote payload through a signed Microsoft binary, executed without writing to disk, and left no signature for any static scan to catch.

None of the marketplaces caught it. So we built the one that does.

## What LOLBAS is, and why MCP agents are the perfect carrier

LOLBAS = Living Off the Land Binaries And Scripts. The technique abuses legitimate signed system binaries (powershell.exe, certutil.exe, mshta.exe, regsvr32.exe, msbuild.exe, wmic.exe and dozens of others) to download or execute a remote payload. Signature is genuine. Static scan is clean. Behavioural anomaly is buried inside arguments most endpoint protection products do not parse. Catalogued at [lolbas-project.github.io](https://lolbas-project.github.io). Maps to MITRE ATT&CK T1218 (Signed Binary Proxy Execution).

MCP agents are an ideal carrier. An MCP server ships as a small TS / Python / Node package, each tool can spawn arbitrary processes, the marketplace surface allows it. The user installs an agent that exposes a 'system info' tool. The host LLM invokes that tool. What actually runs is `powershell -EncodedCommand` plus a payload from a domain the user has never heard of.

There is no marketplace-side review that catches this. There is no user-side notification when it fires. There is no telemetry that surfaces compromise. The user is running malware they cannot see, in the trusted context of an AI tool they invited onto the machine.

## Trust Agent: 256 audited agents, 27-check pipeline

[Trust Agent](https://trust-agent.ai) is the productised result. 256 AI agents through a full 27-check audit. 20 industries: GCSE tutor, quantum-physics specialist, full C-suite team an SME can hire on the spot. Every agent carries a cryptographically verifiable certificate tied to a specific commit and a specific audit run. Every certificate is independently verifiable.

Trust Agent is powered by [Mickai](https://mickai.co.uk). Mickai is the audit framework, the signing infrastructure, the deterministic-placeholder primitives, and the copy-on-write sandbox under everything. 21 filed UK patent applications, 675 cryptographically signed claims, sole inventor.

## What users should do tonight

- Audit local MCP installs. Catalogue every agent, every tool definition, every spawned binary.
- Run any LOLBAS-aware static scan against the spawned-process surface.
- Move new agent installs to a vetted source. Trust Agent is one.
- Watch for the rest of this 5-part launch series.

[Read the full article on mickai.co.uk](https://mickai.co.uk/articles/mcp-marketplaces-shipped-lolbas-malware)

*Originally published at [mickai.co.uk](https://mickai.co.uk/articles/mcp-marketplaces-shipped-lolbas-malware).*

Why I built Mickai: sovereignty is a title deed, the cloud is a rental agreement

Micky Irons — Sun, 03 May 2026 01:40:45 +0000

By Micky Irons. Founder & sole inventor, Mickai. CEO, Trust-Agent.ai.

When I started filing the patents that became Mickai, I didn't have a product brief. I had a question.

Why is intelligence the only critical capability we lease?

We don't lease our title deeds. We don't lease our identity documents. We don't lease the keys to our houses. We hold them. They're ours. They sit in our drawer, our safe, our hands. We can show them, hide them, sign them, revoke them.

But intelligence, the most consequential tool of this decade, has become a rental agreement. Every prompt is a query against someone else's machine. Every output is logged, ranked, scored, and used to fine-tune the next generation of the same vendor's product. Every capability you build sits one pricing change away from disappearing. Every regulatory shift is one terms-of-service update away from rewriting your stack.

That's not sovereignty. That's a tenancy.

So I built Mickai.

What "sovereign AI" actually means

Sovereignty is not a vibe. It's a property. Specifically, three properties:

Locality. The compute and the model weights live on hardware you own. Not "edge-cached" or "hybrid". On-device. The query, the response, the intermediate tool calls, the retrieval index, the memory: all of it stays on your machine.
Identity binding. The system answers to a key you control. Not a vendor account. Not an OAuth grant. Not a tenant slug in someone's cloud. A cryptographic identity bound to your hardware, signed with post-quantum primitives (we use ML-DSA-65 / FIPS 204).
Auditability. Every prompt, every tool call, every model dispatch, every memory write is signed and chained on a ledger you can verify yourself with no reference to the vendor. If we vanished tomorrow, the ledger would still be readable, still verifiable, still yours.

Nothing on Mickai is "secret with the vendor". Nothing is "trust us". The substrate is mathematics.

What we actually shipped

25 specialist brains under a deterministic arbiter, locally orchestrated. Not 25 calls to the same cloud. 25 distinct local models, each with its own role.
Post-quantum signed audit ledger (ML-DSA-65). Every action chained, tamper-evident, locally verifiable.
Hardware-bound identity. Your Mickai answers to one signature only. Yours.
Voice module named Jarvis. (The voice is a module. The system is Mickai.)
Pre-commit dry-run simulation on every irreversible action.
Compensating rollback on every action.
Voice-biometric quorum for high-stakes operations.
Privacy-preserving sovereign RAG (the index never leaves your machine).

The provenance

Mickai Ltd. UK. Trademark UK00004373277. 20 patents filed at the UK Intellectual Property Office covering 584 claims, prosecution status. Sole inventor and signatory: me, Micky Irons.

Before Mickai, I was CMO of MetaEngine and Despace Protocol, founded Collector Crypt, and built into other Web3 / blockchain ventures. Approximately £350M raised across past startups. I have spent the last decade building things that move money and information without intermediaries. Mickai is the same thesis, applied to intelligence.

Why it matters now

If your business depends on AI today, ask yourself: when the vendor changes the price, the policy, or the model, what happens to your operating leverage?

The answer in 2026 is "you scramble". The answer with sovereign AI is "you don't notice". Because nothing changed. Your model is still on your machine. Your data is still where it was born. Your identity is still bound to your hardware. The vendor's decisions are not your decisions anymore.

Sovereignty is a title deed. The cloud is a rental agreement.

How to find out more

Site: mickai.co.uk
Press: press@mickai.co.uk
Founder: @mickyirons on LinkedIn
Brand on Mastodon: @Mickai@mastodon.social
Brand on Bluesky: mickai.bsky.social

If you build infrastructure-grade software and you have ever felt the operational pinch of a vendor moving the goalposts, this is the conversation we're trying to lead.

Replaces. Does not disrupt. Proves. Does not persuade.

— Micky Irons

Mickai is live: a sovereign AI operating system, engineered in the UK

Micky Irons — Sun, 03 May 2026 01:01:55 +0000

Mickai is live: a sovereign AI operating system, engineered in the UK

TL;DR. Mickai is a sovereign artificial intelligence operating system. On-device. User-owned. Cryptographically governed. UK00004373277. 20 patents at the UK IPO. 584 claims. Sole inventor: Micky Irons (CEO, Trust-Agent.ai).

What sovereign AI actually means

The AI runs on your hardware. Not in a vendor cloud. Every prompt, every tool call, every model dispatch is signed with post-quantum cryptography (ML-DSA-65, FIPS 204) and chained on a tamper-evident audit ledger you can verify yourself.

No cloud. No telemetry. No third-party data sharding.
Hardware-bound identity. Each Mickai instance answers to one signature only: yours.
25 specialist brains across 6 subsystems, locally orchestrated.
Voice module is named Jarvis.
Replaces, does not disrupt. Proves, does not persuade.

Why this matters

Most AI today is a rental agreement. You query a vendor cloud, the vendor logs your inputs, ranks your data, and uses it to fine-tune the next generation of their product. Sovereignty inverts that contract.

Sovereignty is a title deed. The cloud is a rental agreement.

Architecture briefly

25-brain cooperative intelligence under a deterministic arbiter
Privacy-preserving sovereign RAG
Pre-commit dry-run simulation for every action
Compensating rollback on every action
Voice-biometric quorum for high-stakes operations
ML-DSA-65 signatures, FIPS 204 compliant
Decision lineage and PQ-signed audit ledger

Provenance

Mickai is built and held by Micky Irons, British serial entrepreneur (CEO Trust-Agent.ai; previously CMO at MetaEngine and Despace Protocol; founder of Collector Crypt and other Web3 / blockchain ventures, with approximately £350M raised across past startups).

Mickai Ltd holds trademark UK00004373277 and 20 patents in prosecution at the UK Intellectual Property Office.

Learn more: https://mickai.co.uk
Press: press@mickai.co.uk

Sentinel: how Mickai stops AI agents from wiping your data

Micky Irons — Sun, 03 May 2026 00:55:25 +0000

Cursor wiped a production database and every backup in nine seconds. OpenAI Codex deleted around 328k files outside the project root. Claude Code shipped an --accept-data-loss flag and ran it without confirmation.

Five published, dated, named-victim incidents in five months from real AI coding agents. They are not edge cases. They are the natural endpoint of running an autonomous coding agent against a host operating system with the same privileges as the user, without an interceptor between the model and the syscalls.

Sentinel is the Mickai sub-component built specifically to make this class of failure impossible by construction.

It sits between every AI-agent process and the host OS, intercepting:

every file write and deletion
every shell command (classified against a destructive-pattern corpus before execution)
every git operation
every outbound network request
every prompt sent to a remote LLM (with deterministic-placeholder secret redaction + reverse mapping for inbound responses)

Every action gets a copy-on-write snapshot pre-staged before execution. Every session writes to a hash-chained Ed25519-signed audit ledger. Workspace operations happen in a copy-on-write shadow layer with a promotion gate so destructive bulk deletions cannot escape the sandbox.

The full architecture, the patent claim blocks, and the documented prior-art incidents are in the long-form article on mickai.co.uk:

Read the full article on mickai.co.uk

Originally published at mickai.co.uk.