DEV Community

Cover image for The Open Audit Record, Explained
Micky Irons
Micky Irons

Posted on • Originally published at mickai.co.uk

The Open Audit Record, Explained

The Open Audit Record, Explained

By Micky Irons, founder of Mickai.

What the Open Audit Record is

We built the Open Audit Record because the hardest question a regulated firm faces after an AI decision is not what the model produced, but whether anyone can prove, later and independently, what actually happened. Logs can be edited. Vendors can be acquired, wound down, or breached. A screenshot proves nothing to a regulator two years after the fact. So we made the record itself the primitive, and we made it survive us.

Every consequential action taken inside our system is signed under post-quantum cryptography (FIPS 204 ML-DSA-65, with ML-KEM-768 for key establishment) and hash-chained into a tamper-evident, append-only ledger. The chain is the point. Each entry commits to the one before it, so a single altered record breaks every link that follows. Anyone holding the ledger can verify it offline, for decades, without trusting us and without calling home to a server. We designed the OAR so that our own good behaviour is not something you have to take on faith. You can check it.

The Open Audit Record, Explained

Why signed logging is not enough

Most audit trails are a database table with write access. Whoever controls the table controls the truth, and that includes the vendor. The moment your evidence depends on the continued cooperation of a supplier, you do not have evidence, you have a promise. Regulators know this, which is why model-risk and data-protection regimes increasingly ask not just what a system did, but how the record of it can be trusted.

We answer that with three properties that hold together. The record is append-only, so nothing can be quietly removed. It is hash-chained, so nothing can be silently altered without detection. And it is signed with post-quantum keys, so the signatures remain sound against the class of attacks that will render today's classical cryptography readable in the coming decade. A record that is verifiable today but forgeable in fifteen years is not an audit record, it is a liability with a delay on it. We chose ML-DSA-65 and ML-KEM-768 precisely because a compliance ledger has to outlive the cryptographic era it was written in.

The Open Audit Record, Explained

How the OAR works in practice

We run about fifty specialist models, twenty-five domain and twenty-five operational, with cross-model routing under a deterministic arbiter. Determinism matters here for a reason that is easy to miss. Because the arbiter is deterministic, the same inputs produce the same outputs, so an entry in the ledger is not just a note that something happened, it is a reproducible claim. An auditor can take the recorded inputs, replay them, and get the recorded result. The OAR captures the decision, the model path, and the arbitration, and binds them into the chain so the reconstruction is exact rather than approximate.

Because everything runs on your own hardware, on premises and air-gapped, the record is generated where the work happens and never leaves your walls. There is zero data egress and no public cloud round trip. The ledger is yours from the first byte. We do not hold a copy you have to request, and there is no vendor-side store to subpoena, breach, or lose. If a fielded unit needs to prove its record against others, our Layer 1, Pantheon, provides multi-node attestation across units with no central server. Pantheon is on testnet today, extending the same offline-verifiable guarantee from one machine to many.

The Open Audit Record, Explained

OAR-as-a-Service, and the studios it sits under

The OAR is not a bolt-on. It runs beneath every studio we ship, so the evidence is a by-product of the work rather than a separate reporting exercise. Nemesis handles fraud and AML, Plutus covers finance and FP&A, Tyche does underwriting, Prometheus does forecasting, Iris runs customer service, Nomos handles compliance, Astraea covers legal, Panacea is clinical, Pythia is business intelligence, and Aletheia is audit itself. Vinis carries voice, the Agentic Marketing Team runs growth, and Trust Agent holds the perimeter. Each one writes to the same signed ledger, which means an investigator looking at a fraud alert, an underwriting call, and the compliance check around them reads a single continuous chain of custody rather than three disconnected systems.

We also offer OAR-as-a-Service for teams that want the record layer around processes we did not build, so the same post-quantum, offline-verifiable guarantee can wrap a wider estate. The naming across our studios is drawn from Greek myth. The function underneath is deliberately unglamorous, which is how compliance infrastructure should be.

Who legally cannot use the alternative

There is a large market of organisations that cannot lawfully send their data to public cloud AI, and for whom a verifiable local record is not a preference but a requirement. Around 0.85 million UK businesses, roughly 15 percent, sit in that position, and roughly 5 million do across the EU. The reasons are concrete. PRA model-risk expectations under SS1/23 ask firms to evidence and govern the models they rely on. UK GDPR special category data and the NHS Data Security and Protection Toolkit constrain where sensitive records may be processed. The EU AI Act places high-risk systems under strict documentation and traceability duties. ITAR and EAR, the NIS Regulations, and the US CLOUD Act all bear on where data may sit and who can compel access to it.

For a firm inside any of those regimes, an audit record that lives on someone else's infrastructure, verifiable only while that supplier stays in business, is a structural weakness. The OAR removes the dependency. The evidence is local, self-verifying, and durable, which is exactly the posture those rules were written to require. This is the wider context in which we build. The sovereign AI market was roughly USD 40 billion in 2025 and is projected to reach about USD 148 billion by 2032, and the regulatory drivers behind that growth are the same ones that make the OAR necessary rather than optional.

The record as a moat, for us and for a platform

We hold 104 filed UK patent applications, roughly 2,340 claims across 13 invention families, owned by Mickai LTD, with named inventor Mickarle Sean Junior Wagstaff-Irons. These are filed, not granted. Filing establishes priority and a prior-art moat around the architecture, including the way the OAR binds post-quantum signing, hash-chaining, and deterministic arbitration into a single verifiable record. Our thesis is dual-buyer by design. We sell sovereign AI to the regulated firms the public cloud cannot lawfully reach, and we license the patented stack to the platforms that want to reach them. Internal analysis maps 196 companies and 311 patent-company pairs as potential licensees, a group that includes Microsoft, AWS, NVIDIA, Google, Adobe, and IBM. That is potential-licensee sizing, not a signed book and not an infringement claim. We are an ally to the AI majors, not an adversary of them. A platform that adds a sovereign, self-verifying record layer instantly becomes lawful for a market it cannot serve today, and that is a capability worth having on the right side of the ledger rather than the wrong one.

Where this leaves a regulated buyer

The Open Audit Record turns compliance from a narrative you assert into a fact anyone can check. It runs inside your walls, on your hardware, with no egress, and it produces evidence that outlives cryptographic eras, vendor relationships, and the vendor itself. Mickai LTD is a UK company, Companies House 17166618, with Birmingham manufacturing secured, founded and led by Micky Irons. We built this to be verified, and we would rather you verified it than believed it. Our pre-seed round is opening soon, and we welcome inquiries from interested partners by email at micky@mickai.co.uk or on LinkedIn.

Does the OAR require trusting Mickai to be honest?

No. The ledger is append-only, hash-chained, and signed under post-quantum cryptography, and it can be verified offline by anyone holding it. Verification does not depend on us being present, cooperative, or even still in business, which is the property that makes it useful as evidence.

Why post-quantum cryptography for an audit log?

A compliance record has to remain trustworthy for many years, often longer than classical cryptography is expected to stay secure. We sign with FIPS 204 ML-DSA-65 and use ML-KEM-768 so the record stays sound against future attacks. An audit trail that becomes forgeable partway through its retention period would fail exactly when it is needed.

Can the OAR cover systems Mickai did not build?

Yes. Through OAR-as-a-Service, the same signed, offline-verifiable record layer can wrap processes beyond our own studios, so a wider estate inherits the same tamper-evident chain of custody rather than a patchwork of separate logs.

Written by Micky Irons, founder of Mickai. Originally published at https://mickai.co.uk/articles/open-audit-record-explained. More from Mickai at mickai.co.uk.

Top comments (0)