The Vendor Attestation Trap: "Trust Us" Is Not a Control
An attestation is a claim about a control, not the control itself. When the only evidence a vendor offers is its own word, you have outsourced your assurance to their honesty. Verifiable records, not promises, are the control.
https://mickai.co.uk/articles/the-vendor-attestation-trap-trust-us-is-not-a-control
Harvest Now, Decrypt Later Comes for Signatures, Not Just Secrets
Most post-quantum planning protects confidentiality and forgets authenticity. A 2026 decision signed with classical cryptography can be forged after Q-day. Mickai seals every consequential action with FIPS 204 ML-DSA-65 now, so the record still verifies later.
https://mickai.co.uk/articles/harvest-now-decrypt-later-the-signature-not-just-the-channel
Most post-quantum planning protects confidentiality and forgets authenticity. A 2026 decision signed with classical cryptography can be forged after Q-day. Mickai seals every consequential action with FIPS 204 ML-DSA-65 now, so the record still verifies later.
The Public Sector AI Register Is Only as Good as Its Weakest Entry
Public sector AI registers are becoming standard practice, but most record self-asserted descriptions that no outsider can check. The fix is structural: every entry should carry a sealed, signed record of what the system actually did, anchored so it cannot be quietly rewritten.
https://mickai.co.uk/articles/public-sector-ai-register-the-entry-must-be-verifiable
Public sector AI registers are becoming standard practice, but most record self-asserted descriptions that no outsider can check. The fix is structural: every entry should carry a sealed, signed record of what the system actually did, anchored so it cannot be quietly rewritten.
Monthly attestation is not continuous proof
Monthly stablecoin reserve attestations are point-in-time snapshots, not continuous proof, and the gap between them is where reserve failures live. Continuous, sealed, independently anchored records close it.
https://mickai.co.uk/articles/monthly-attestation-is-not-continuous-proof-stablecoin-reserves
Technical Sovereignty, Not Data Residency: Who Actually Controls the Stack
Data residency answers the easy question (which country holds the disk) and quietly dodges the hard one (who controls the keys, the updates and the kill switch). Real sovereignty is technical, and it is decided at the layer most procurement never inspects.
https://mickai.co.uk/articles/technical-sovereignty-not-data-residency-who-controls-the-stack
Data residency answers the easy question (which country holds the disk) and quietly dodges the hard one (who controls the keys, the updates and the kill switch). Real sovereignty is technical, and it is decided at the layer most procurement never inspects.
From Battlefield to Courtroom: Defence Procurement's Real Evidence Problem
Defence procurement treats data as a by-product of weapons systems, yet that data must one day stand up in a court or an inquiry. Without sealed provenance, it does not. Here is why the evidence problem is a procurement problem, and how a sovereign record fixes it.
https://mickai.co.uk/articles/defence-procurement-evidence-problem-battlefield-to-courtroom
Defence procurement treats data as a by-product of weapons systems, yet that data must one day stand up in a court or an inquiry. Without sealed provenance, it does not. Here is why the evidence problem is a procurement problem, and how a sovereign record fixes it.
NATO Responsible AI: Traceability Is an Engineering Deliverable
NATO's Principles of Responsible Use only hold if you can prove you met them after a system has acted. Traceability is not documentation, it is an engineering deliverable: an evidence layer that seals each action and anchors it for permanence.
https://mickai.co.uk/articles/nato-responsible-ai-traceability-is-an-engineering-deliverable
NATO's Principles of Responsible Use only hold if you can prove you met them after a system has acted. Traceability is not documentation, it is an engineering deliverable: an evidence layer that seals each action and anchors it for permanence.
Forty Percent of Agent Projects Die. The Governance Was the Product.
Most agent projects are not failing on intelligence. They are failing on accountability. When no one can prove what an autonomous system did or why, the project dies in procurement. Governance was never the overhead. It was the product.
https://mickai.co.uk/articles/forty-percent-of-agent-projects-die-the-governance-was-the-product
Most agent projects are not failing on intelligence. They are failing on accountability. When no one can prove what an autonomous system did or why, the project dies in procurement. Governance was never the overhead. It was the product.
GDPR Says Delete, the AI Act Says Keep. The Record Resolves Both.
GDPR grants a right to erasure while the EU AI Act demands durable logs of automated decisions. The tension is real, but it dissolves once you separate the evidence of an action from the personal data inside it.
https://mickai.co.uk/articles/gdpr-says-delete-ai-act-says-keep-the-record-resolves-both
The Robotaxi, the Redacted Black Box, and the Record the Public Can Verify
Robotaxi crash data is held, formatted, and disclosed by the manufacturer being investigated. A record sealed with a post-quantum signature and anchored to Bitcoin moves the proof out of the company's hands and into the public's.
https://mickai.co.uk/articles/robotaxi-redacted-black-box-the-record-the-public-can-verify
Robotaxi crash data is held, formatted, and disclosed by the manufacturer being investigated. A record sealed with a post-quantum signature and anchored to Bitcoin moves the proof out of the company's hands and into the public's.
Mickai
