Purpose-built cryptographic audit for EU AI Act Art.12/53 — tamper-rejecting at ingress, tamper-evident after write — operator-independent. Regulator-ready evidence.
EU AI Act GPAI/Art.53 · Aug 2, 2026 (confirmed) · high-risk (Art.12) deferred to Dec 2027 (Digital Omnibus, provisional)
Distributed infrastructure — LLM inference cluster, CDN edge, payment system — generates inter-node traffic that is hard to audit in real time. One compromised node can rewrite its own logs, forge timestamps, or replay transactions, and conventional monitoring never sees it.
Hydra-Audit commits every operation cryptographically: timestamps anchored to multiple independent sources (Roughtime, NTP — GPS/GEO: roadmap), AEAD-sealed (ChaCha20Poly1305) per event, with Ed25519 Merkle batch attestation. Any counterparty — regulator, partner, auditor — verifies the proof without trusting the issuer's clock or infrastructure. 11 Byzantine attack vectors detected automatically — Sybil, NTP, BGP, DNS and SDN classes defended by GRG adaptive switch (multi-source consensus and ordering) combined with ctx_id binding (context isolation), HMAC (integrity), and Ed25519 (un-resignable signature) — one set, not isolated checks; GPS-spoofing cross-check via GEO ±10ns anchor on roadmap — each logged with tamper-evident evidence. Built on TTTPS (Temporal Token for TLS Protocol — individual IETF I-D, draft-helmprotocol-tttps-03).
1. Rejected at ingress. Replayed, stale, cross-context, or binding-mismatched tokens never enter the chain. Invalid inputs are refused before any record is written — the chain only contains events that passed cryptographic validation at the moment of submission.
2. Hash-linked + Ed25519-signed. Each event commits to the hash of the previous event and is signed with Ed25519. Any post-write edit — by any party, including the operator — breaks chain integrity: the digest changes, and the mismatch is immediately visible to anyone running verification.
3. Independently verifiable. Verification requires only the published public key — no access to Kenosian infrastructure, no trust in the issuer. The operator cannot silently rewrite history. The evidence stands on its own.
Traditional audit logs can be tampered — a compromised node modifies its own logs, shifts timestamps, or suppresses records. Hydra-Audit turns any tampering into a verifiable mismatch that any holder of the public key can detect:
AI companies face two converging legal obligations that TTTPS audit chains directly address.
| Obligation | What the law requires | How TTTPS Audit provides it |
|---|---|---|
| EU AI Act Art.53 General-purpose AI models — GPAI provenance |
Document training data: sources, dates, scope. Art.53 GPAI obligations mandatory Aug 2, 2026; GPAI Code of Practice = voluntary compliance path (parallel self-regulatory track). | PoT seal on each training batch ingestion — cryptographic timestamp of what data was used and when. JSON-LD structured for regulatory submission. Art.53 enforcement: August 2, 2026. |
| EU AI Act Art.12 High-risk AI systems — event logging |
Automatic log retention for regulatory inspection | 90-day retention, JSON-LD structured for regulatory submission — regulator-ready without manual reconstruction. chain_integrity: true (796/796 events, Redis AOF restart-verified). |
| EU AI Act Art.15 Accuracy & cybersecurity documentation |
High-risk AI must document accuracy, robustness, cybersecurity throughout lifecycle | 7 Byzantine attack vectors actively detected (6 more on roadmap); tamper-evident accuracy documentation chain — cryptographic proof of system integrity state at every operation |
| MiFID II 7-year retention EU 2014/65 Art.25 |
Financial infrastructure audit records retained 7 years | Full tier: 3-year on-platform retention + archival export path. 7-year MiFID II retention chain: $0.03/GB long-term storage (Enterprise tier). Chain continuity enforced — gaps invalidate regulatory submission. |
| Copyright defense NYT vs OpenAI pattern |
Prove what data was trained on, and when | PoT chain per training batch — if a dataset was not ingested on a given date, the chain proves it; if it was, the chain proves the scope |
Seal the training pipeline at ingestion and you get a tamper-evident record: "At 2026-03-15T14:23Z, batch X from source Y was ingested." Infeasible to forge under standard cryptographic assumptions. Independently verifiable. Structured for regulatory and legal proceedings.
| Attack Type | Detection Method | Status |
|---|---|---|
| Token Replay | Commitment chain deduplication | ✓ Active |
| Timestamp Drift | Multi-source time anchor comparison | ✓ Active |
| Signature Forgery | AEAD tag + blake3 Merkle verification | ✓ Active |
| Flood DDoS | Rate-limit + token budget enforcement | ✓ Active |
| Ordering Attack | Sequence integrity check | ✓ Active |
| Cross-Pool Replay | ctx_id scope isolation | ✓ Active |
| Sybil | Node identity binding + ctx_id binding + Ed25519 + GRG adaptive switch — one set | ✓ Active (one set: GRG switch + ctx_id + HMAC + Ed25519) |
| GPS Spoofing | GEO ±10ns anchor cross-check | 🔜 Roadmap (GEO) |
| NTP Injection | GRG adaptive switch (multi-source time consensus) + HMAC integrity + ctx_id binding + Ed25519 — one set | ✓ Active (one set: GRG switch + ctx_id + HMAC + Ed25519) |
| BGP Hijacking | GRG adaptive switch (route/source anomaly) + HMAC + ctx_id binding + Ed25519 (un-resignable without issuer key) — one set | ✓ Active (one set: GRG switch + ctx_id + HMAC + Ed25519) |
| DNS Poisoning | GRG adaptive switch + pinned issuer pubkey + ctx_id binding + Ed25519 + HMAC — one set | ✓ Active (one set: GRG switch + ctx_id + HMAC + Ed25519) |
| SDN Flow | GRG adaptive switch (ordering integrity) + HMAC per-chunk seal + ctx_id binding + Ed25519 — one set | ✓ Active (one set: GRG switch + ctx_id + HMAC + Ed25519) |
| Protocol Violation | State machine conformance | ✓ Active |
| Product | Audit Integration | Detail |
|---|---|---|
| TTTPS | Native | Every PoT token is an audit event. The audit trail IS the protocol — no additional instrumentation required. |
| Hydra-KV | Per-chunk seal | Every KV cache chunk transfer between prefill and decode nodes generates a TTTPS seal. Audit captures: sending node, receiving node, timestamp, chunk hash, and attack detection result. |
| Hydra-CDN | Per-delivery seal | Every content chunk delivery generates a TTTPS seal. Full forensic delivery trail per chunk — queryable by content owners and regulators. |
| Standalone | Drop-in layer | Hydra-Audit can be deployed as a standalone Byzantine audit layer for any distributed system — payment processors, telcos, inference APIs — with no dependency on other Hydra components. |
TTTPS and Hydra-Audit are not two products bolted together — they are one set, layered. TTTPS verifies; audit attests.
TTTPS verifies — at pre-ingestion, it binds each event to verifiable time, order, and context, and refuses anything backdated, replayed, or reordered before it is written. That is the live integrity check on every event.
Hydra-Audit attests — it sits on top of that verified stream and makes it queryable and provable after the fact: the tamper-evident trail a regulator, partner, or auditor reads months later, exported as JSON-LD and checked with the published public key alone.
One produces the evidence at the moment of the event; the other preserves and serves it for inspection. The audit trail is not a separate log to reconcile — it is the TTTPS commitment chain, read back.
How to layer audit on a TTTPS deployment
No re-architecting: if TTTPS is sealing your flow, the audit layer is a configuration step, not a second integration.
Once an audit chain is established, it becomes load-bearing compliance infrastructure — not optional middleware.
| Timeline | What accumulates | Switching cost |
|---|---|---|
| Month 1–3 | Operational audit baseline established | Low — early integration phase |
| Month 6 | EU AI Act submission window opens | Chain continuity required — gaps in the record invalidate the submission |
| Month 12+ | SOC 2 / ISO 27001 annual audit cycle | Historical chain required — past records cannot be reconstructed on a new system |
Regulatory audit submissions reference a continuous chain. Migrating to a different audit system mid-cycle means the prior chain cannot be reproduced — the record breaks. The continuity requirement is enforced by regulators, not by Kenosian.
To our knowledge, no purpose-built IETF-track cryptographic AI audit solution combines training-data provenance, tamper-evident retention, and Byzantine fault detection for EU AI Act compliance. MLflow · W&B · DataDog do not, by themselves, provide a purpose-built cryptographic audit chain for Art.12 or Art.53. Art.53 (GPAI) enforcement: August 2, 2026. Art.12 (high-risk) enforcement: 2026-08-02 under current law, deferred to 2027-12-02 under EU Digital Omnibus provisional agreement (pending formal adoption). Maximum penalty: €15M or 3% of global annual turnover per Art.12/53 violation (Art.99).
→ 2026 Global AI Regulatory Enforcement Timeline — jurisdiction-by-jurisdiction breakdown
Hydra-Audit provides structured audit data in formats accepted by regulatory bodies and compatible with standard compliance tooling.
| Format | Description | Use Case |
|---|---|---|
| JSON-LD | Structured, machine-readable audit log | Automated compliance reporting — compatible with any compliance tooling |
| Prometheus | Real-time metrics (attack counts, ratios) | SOC dashboard integration, live Byzantine fault monitoring |
| Grafana | Visual dashboard (access on request) | Audit team review — contact peter@kenosian.com for access |
| CSV export | Tabular attack log | Manual review, spreadsheet import |
Regulatory Alignment
| Regulation | Requirement | Hydra-Audit Coverage |
|---|---|---|
| SOC 2 Type II CC7.1 / CC7.2 | Security monitoring, incident detection evidence | Prometheus metrics + Grafana dashboard = auditor-ready continuous evidence |
| ISO 27001:2022 Controls 8.15, 8.16, 8.17 | Logging, monitoring, clock synchronization | Tamper-evident log with AEAD seals and blake3 Merkle commitments; NTP multi-source sync auditable per-event |
| PCI DSS v4.0 Req.10.3.2 / 10.5.1 / 10.6 | Audit log protection, integrity, review | Cryptographic log integrity; 90-day retention; automated review via Prometheus alerts |
| DORA Art.10 EU 2022/2554 | ICT threat detection mechanisms | 7 Byzantine attack types actively detected (6 on roadmap), logged with cryptographic evidence |
| GDPR Art.5(2) / Art.32 EU | Accountability principle, technical security measures | Per-operation cryptographic commitment; JSON-LD export for DPA submission |
| MiFIR Art.22c RTS EU MiFIR, Art.22c (clock-sync mandate, pending application date) · implements RTS 25 ±1ms | Financial infrastructure audit trail — ±1ms clock synchronization for HFT | Colocation PTP ±1µs (SVC target) — would exceed ±1ms by 1000× on SVC PTP; GEO/GEO ±10ns — roadmap |
| EU AI Act Art.53 EU 2024/1689 | Training data documentation for general-purpose AI models | PoT-sealed ingestion log per training batch — source, date, scope recorded with tamper-evident cryptographic commitment |
| EU AI Act Art.12 EU 2024/1689 — current law: Aug 2, 2026 → deferred to Dec 2, 2027 under Digital Omnibus provisional agreement (pending formal adoption) | Automatic event logging + log retention for high-risk AI systems | Every event sealed with TTTPS: 90-day retention; JSON-LD structured for regulatory submission; chain_integrity: true — 796/796 events, Redis AOF restart-verified. Enforcement: 2026-08-02 under current law; deferred to 2027-12-02 under EU Digital Omnibus provisional agreement (pending formal adoption). Maximum penalty Art.99: €15M or 3% of global annual turnover. |
| TRAI India | Telecom timestamp integrity | Format aligned with TRAI audit requirements |
| CERT-In India | Cyber incident reporting | Cryptographic evidence admissible for CERT-In submissions |
| FedRAMP Rev.5 US Federal Risk and Authorization Management Program | AU-3 / AU-9 — Audit event content, protection of audit information | Tamper-evident log with AEAD+blake3 Merkle; 90-day retention; FIPS-compatible export |
| MAS TRM 2021 + AIRG 2025 Section 6.5 + AI Risk Mgmt Guidelines, Singapore | Audit logging for financial system operations | Per-event PoT-sealed log with cryptographic chain integrity; queryable for MAS examination |
| APRA CPG 234 Australia Prudential Regulation Authority | Information security audit trail for regulated entities | Ed25519-signed audit chain; Prometheus dashboard satisfies continuous monitoring guidance |
| PIPL Art.51-55 China Personal Information Protection Law | Data processing record-keeping, security audits | Tamper-evident processing log per data subject operation; JSON-LD export for CAC submission |
# Query audit log (authenticated) curl "https://api.kenosian.com/audit?ctx_id=<pool-id>&window=86400" \ -H "X-API-Key: <your-key>"
Response (GCP internal measurement):
{
"ctx_id": "prod-pool-01",
"window_secs": 86400,
"total_requests": 14823,
"byzantine_total": 31,
"byzantine_ratio": 0.0021,
"attack_breakdown": {
"REPLAY": 18,
"DRIFT": 7,
"FORGE": 4,
"FLOOD": 2,
"ORDERING": 0,
"INVALID": 0
}
}
Prometheus Metrics
curl https://api.kenosian.com/metrics
tttps_attack_total{type="replay"} 18
tttps_attack_total{type="drift"} 7
tttps_attack_total{type="forge"} 4
tttps_byzantine_ratio 0.0021
tttps_valid_count 14792
tttps_requests_total 14823
Live Demo — Byzantine Detection
# Step 1: Generate token
curl -X POST https://api.kenosian.com/api/demo/pot/generate \
-H "Content-Type: application/json" \
-d '{"ctx_id":"audit-demo"}'
# Step 2: Verify clean token
curl -X POST https://api.kenosian.com/api/demo/pot/verify \
-H "Content-Type: application/json" \
-d '{"ctx_id":"audit-demo","token":"<from step 1>"}'
# → {"valid":true,"attack_type":null}
# Step 3: Replay attack — submit same token again
curl -X POST https://api.kenosian.com/api/demo/pot/verify \
-H "Content-Type: application/json" \
-d '{"ctx_id":"audit-demo","token":"<same token>"}'
# → {"valid":false,"attack_type":"REPLAY"}
Designed to be handed to an auditor without additional preparation.
| Audience | What they see | Use case |
|---|---|---|
| Engineering team | Real-time Byzantine event rate, node health, QUIC path quality | Ops monitoring — live Prometheus feed, visual |
| Legal / Compliance team | Training batch ingestion log, attack-free periods, regulatory event summary | EU AI Act audit preparation — no manual log reconstruction |
| C-suite | "0 attacks today · 14,792 verified transfers · chain intact" | Board-level compliance posture in one number |
| External auditor | JSON-LD export — machine-readable, verifiable without Kenosian infrastructure | Regulatory submission (EU AI Act, SOC 2, ISO 27001) |
Access on request — peter@kenosian.com
EU AI Act Art.53 (GPAI) enforcement begins August 2, 2026. Art.12 (high-risk AI): 2026-08-02 under current law, deferred to 2027-12-02 under EU Digital Omnibus provisional agreement (pending formal adoption). MLflow does not, by itself, provide a purpose-built cryptographic audit chain for Art.12. Weights & Biases does not, by itself, provide a purpose-built cryptographic audit chain for Art.12. DataDog does not, by itself, provide a purpose-built cryptographic audit chain for Art.12. Building it yourself takes 12+ months — and cryptographic audit chains require specialized expertise to get right.
Hydra-Audit is a purpose-built drop-in solution generating training data records designed to be unforgeable under standard cryptographic assumptions — structured to support EU, Korean, and Vietnamese regulatory proceedings. Engineering teams adopt Hydra-KV for inference speed. Legal and compliance teams renew Hydra-Audit because the chain is load-bearing compliance infrastructure — a gap in the record invalidates the regulatory submission.
Target accounts on colocation fabric — illustrative, pre-engagement (LOI stage).
Target PoPs: LD4, FR5, AM3, NY4, CH1, SK1 (Financial) · SV1, NY2, FR5, SL1, SG1 (AI Inference)
Tier 1 — Institutional · €12,000/mo
| Target Client (Fabric tenant) | IBX | Regulation | Est. Annual Value |
|---|---|---|---|
| Goldman Sachs | LD4, NY4 | MiFIR Art.22c + DORA + EU AI Act | €144K/yr (projected) |
| JPMorgan Chase | LD4, NY4, TY3 | MiFIR Art.22c + DORA + EU AI Act | €144K/yr (projected) |
| Morgan Stanley | LD4, NY4 | MiFIR Art.22c + DORA | €144K/yr (projected) |
| Deutsche Bank | FR5, LD4 | EU AI Act GPAI + DORA | €144K/yr (projected) |
| BNP Paribas | FR5, LD4 | EU AI Act + MiFIR Art.22c + DORA | €144K/yr (projected) |
| HSBC | LD4, HK1 | MiFIR Art.22c + DORA + MAS TRM | €144K/yr (projected) |
| MUFG / Nomura | TY3, TY5 | FSA + MiFIR Art.22c | €43K/yr (projected) |
Tier 2 — MiFID Pro · €3,600/mo
| Target Client (Fabric tenant) | IBX | Regulation | Est. Annual Value |
|---|---|---|---|
| Citadel Securities | LD4, NY4, CH1 | MiFIR Art.22c RTS (±1µs via colocation PTP, SVC target) — pending application date | €43K/yr (projected) |
| Optiver | AM3, CH1 | MiFIR Art.22c | €43K/yr (projected) |
| IMC Trading | AM3, NY4 | MiFIR Art.22c | €43K/yr (projected) |
| Virtu Financial | NY4, LD4 | MiFIR Art.22c + FINRA CAT | €43K/yr (projected) |
| Flow Traders | AM3, LD4 | MiFIR Art.22c | €43K/yr (projected) |
| Groq | SV1 | EU AI Act GPAI (colocation fabric) | €43K/yr (projected) |
| Lambda Labs | SV1 | EU AI Act GPAI | €43K/yr (projected) |
| CoreWeave | SV1, NY2 | EU AI Act GPAI | €43K/yr (projected) |
Node-based — priced against cluster size and retention window. All events sealed per node, no per-event quota. Per-event pricing creates incentive to skip audit coverage; node pricing means every event is sealed, always. Long-term storage: $0.03/GB.
| Tier | Target | Includes | Price | |
|---|---|---|---|---|
| Inference | Inference clusters · EU AI Act Art.12 | Events unlimited per node (node-based) · 90-day retention · JSON-LD export · Prometheus · Grafana · long-term storage: $0.03/GB | €100/node/month | |
| Training | GPAI providers · EU AI Act Art.53 + copyright defense | Events unlimited per node (node-based) · 1-year retention · Training batch PoT sealing · Copyright chain · JSON-LD · Grafana · long-term storage: $0.03/GB | €300/node/month | |
| Full | Systemic risk model holders · 3-year regulatory cycle | All tiers + 3-year retention · $0.03/GB long-term storage · Regulatory submission support · Dedicated onboarding | €500/node/month | Contact |
| Enterprise | Financial infrastructure · Medical AI · High-risk systems | SOC 2 Type II · DORA · SLA 99.9% · On-premise option · Custom integrations · MiFIR Art.22c RTS (colocation PTP ±1µs, SVC target) | €6,000/month Early adopter rate — rises to €12,000/mo after Art.53 (GPAI) enforcement (Aug 2, 2026) / Art.12 (high-risk) deferred to Dec 2, 2027 under Digital Omnibus provisional agreement. Lock in now. |
Contact |
Annual contract: 2 months free (pay 10, get 12).
API Access
Contact peter@kenosian.com for API key provisioning and integration support.
“Third-party evaluation could be done by a government agency (similar to the FAA) or a set of private organizations that are authorized and inspected by the government.”
Hydra-Audit issues a verifiable, tamper-rejecting record of when each event occurred and in what order — timing-integrity evidence an auditor can independently check. If TTTPS is adopted as the standard, an audited deployment could carry the “TTTPS-certified” mark, signalling that its event log is anchored to verifiable time rather than to a self-asserted clock.
Proposed mark for explanation only. Any “certified” status is conditional (“could / if adopted”) and would operate under the Kenosian root of trust — not a present-day certification program.