DEV Community

Cover image for Offline Verification: Proof That Outlives the Vendor
Micky Irons
Micky Irons

Posted on • Originally published at mickai.co.uk

Offline Verification: Proof That Outlives the Vendor

Offline Verification: Proof That Outlives the Vendor

By Micky Irons, founder of Mickai.

The problem with trusting a vendor's word

Mickai is a sovereign intelligence operating system that regulated businesses own and run inside their own walls. It is built and live today. It runs entirely on the customer's own hardware, on premises and air gapped, with zero data egress and no public cloud round trip. That last property is not a convenience. For a large and growing part of the economy, it is the only lawful way to use advanced AI at all.

Around 0.85 million UK businesses, about 15 percent, legally cannot send data to public cloud AI. Across the EU the figure is roughly 5 million. The reasons are not preference. They are PRA model-risk expectations (SS1/23), UK GDPR special category data, the NHS Data Security and Protection Toolkit, the EU AI Act high-risk classification, ITAR and EAR export controls, the NIS Regulations, and the extraterritorial reach of the US CLOUD Act. When a bank, a hospital, or a defence supplier runs a model, it must not only get the right answer. It must be able to prove, later and to a hostile auditor, exactly what happened.

This is where the usual AI stack fails. A cloud provider can show you a dashboard. It cannot give you evidence you can stand behind once the provider, the dashboard, and the account are gone. The trust is in the vendor, and the vendor is a single point of failure. We built Mickai to remove that dependency entirely.

Offline Verification: Proof That Outlives the Vendor

The Open Audit Record

At the centre of our approach is the Open Audit Record, or OAR. Every consequential action the system takes is signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768 for key encapsulation) and hash-chained into a tamper-evident, append-only ledger. The design goal is simple to state and hard to achieve. Anyone can verify the record offline, for decades, without trusting the vendor.

Consider what each of those words does. Offline means the verifier needs no connection to us, no live service, no API key. Append-only and hash-chained mean an entry cannot be altered or removed after the fact without breaking the chain, and the break is detectable by anyone holding a later hash. Post-quantum means the signatures are chosen to survive the arrival of cryptographically relevant quantum computers, so a record signed today does not quietly become forgeable a decade from now, which matters when retention obligations run that long. And without trusting the vendor is the part that changes the conversation with a regulator. The proof does not rest on our reputation, our uptime, or our continued existence. It rests on mathematics the auditor can check themselves.

We offer this as a capability inside the platform and as OAR-as-a-Service, so the same verifiable record can sit under systems that are not otherwise ours.

Offline Verification: Proof That Outlives the Vendor

Why reproducibility is a prerequisite, not a bonus

A verifiable record is only worth signing if the thing it records is itself defensible. An audit trail over a non-deterministic black box tells you what the box did once, not what it would do again. So we made determinism a design constraint from the start.

We run about fifty specialist models, 25 domain and 25 operational, with cross-model routing under a deterministic arbiter. The arbiter decides which models handle which part of a task and reconciles their outputs in a way that is reproducible, so the same inputs under the same policy yield the same result. That is what lets a signed record mean something. When we attest that the system produced a particular decision, an examiner can re-run the path and see the same outcome, rather than being asked to accept a probabilistic shrug.

We never disclose which base architectures sit underneath. What matters to the buyer is not the provenance of the weights but the behaviour of the whole: sovereign models, on your hardware, producing outputs you can reproduce and prove.

Offline Verification: Proof That Outlives the Vendor

Studios: serious function under Greek names

The models are organised into studios, each aimed at a regulated workload. Nemesis handles fraud and AML. Plutus covers finance and FP&A. Tyche runs underwriting, Prometheus runs forecasting, and Pythia runs business intelligence. Iris handles customer service, Vinis handles voice. Nomos covers compliance, Astraea covers legal, Aletheia covers audit, and Panacea covers clinical work. The Agentic Marketing Team runs marketing. Trust Agent is the perimeter, and OAR-as-a-Service exposes the audit record to the wider estate.

The names are drawn from Greek myth. The functions are entirely serious, and each studio inherits the same guarantees: it runs on the customer's hardware, and its consequential actions land in the Open Audit Record.

Attestation across many units

A single air-gapped unit can prove its own history. A fielded estate of them needs to agree. Pantheon, our post-quantum Layer 1 (currently on testnet), provides multi-node attestation across fielded units with no central server. Each unit contributes to a shared, verifiable view of what the estate has done, and that view survives the loss of any one node. There is no home base to compromise, and no single ledger to seize, because the attestation is distributed across the units themselves.

The intellectual property behind it

The architecture is protected. We hold 104 filed UK patent applications, roughly 2,340 claims, across 13 invention families, owned by Mickai LTD, named inventor Mickarle Sean Junior Wagstaff-Irons. These are filed, not granted. Filing establishes priority and builds a prior-art moat around the method, which is precisely the layer a competitor would need to copy to reach the same market. We are a UK company, Companies House 17166618, with Birmingham manufacturing secured, and Micky Irons is founder and CEO.

The market this unlocks

The sovereign AI market is roughly USD 40 billion in 2025, rising to about USD 148 billion by 2032. That growth is not driven by novelty. It is driven by the same regulations that keep 0.85 million UK firms and around 5 million EU firms out of the public cloud. As those rules tighten, the set of workloads that must run sovereign grows, and the set of vendors able to serve them lawfully stays small.

Our strategy has two sides. We sell sovereign AI directly to regulated firms the public cloud cannot lawfully reach. We also license the patented stack to the platforms that want to reach those firms. Internal analysis maps 196 companies and 311 patent-company pairs as potential licensees, including Microsoft, AWS, NVIDIA, Google, Adobe, and IBM. To be precise about what that is: it is potential-licensee sizing, not a signed book of business and not an infringement claim. The point is structural. A platform that adds a sovereign, verifiable layer instantly reaches a regulated market it cannot serve today, which is why we frame ourselves as an ally to the AI majors rather than a rival to any of them.

What this means for a regulated buyer

If you are the buyer, the value is concrete. Your data never leaves your walls, so the CLOUD Act, the export controls, and the special-category rules stop being blockers. Your AI decisions are reproducible under a deterministic arbiter, so a model-risk review has something to examine. And every consequential action is signed and chained into a record you, your regulator, or a court can verify offline, for decades, without ever having to trust us. That is the difference between using AI and being able to prove you used it responsibly. We built the whole stack so that proof outlives the vendor, including us.

Our pre-seed round is opening soon, and we welcome inquiries from interested partners by email at micky@mickai.co.uk or on LinkedIn.

FAQ

Can the Open Audit Record really be verified without contacting Mickai?

Yes. The record is hash-chained and signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768), and verification is an offline mathematical check. A verifier holding the record and the public keys can confirm integrity with no connection to us and no live service, which is the point of designing it to be checkable for decades.

Does running on our own hardware mean weaker models?

No. We run about fifty specialist models, 25 domain and 25 operational, routed under a deterministic arbiter, entirely on the customer's hardware, on premises and air gapped. Sovereignty is about where the compute and data sit, not about capability. The models are ours and the outputs are reproducible.

Are the patents granted?

They are filed, not granted. We hold 104 filed UK patent applications, roughly 2,340 claims, across 13 invention families, owned by Mickai LTD. Filing establishes priority and a prior-art moat around the method, which is the protection that matters at this stage.

Written by Micky Irons, founder of Mickai. Originally published at https://mickai.co.uk/articles/offline-verification. More from Mickai at mickai.co.uk.

Top comments (0)