Skip to content

Manifest‑Governed AI + Scenario Risk

Every AI call runs under a signed Universal AI Processing Key (UAPK) manifest. QIRE delivers scenario bands — not guesses — for policy‑aligned, auditable decisions.

🚀 Request a Pilot LOI
QIRE fan chart with scenario bands and action lever

What this is

UAPK — a signed, content‑addressed manifest that enforces policy, provenance, and audit for AI workflows.
QIRE — a quantum‑inspired risk engine that outputs multi‑scenario predictions (p10 / p50 / p90) in one pass.

Signed manifest governance card Signed Manifest
Capability checks · Post‑quantum signature · Immutable logs
Governed pipeline for RegExplain Governed Pipeline
Request → Policy → Service → Log CID
Scenario bands for QIRE Scenario Bands
p10/p50/p90 with actionable levers

Why UAPK + QIRE

  • Compliance‑first AI — Executions are bound to manifest policy and risk guardrails.
  • Reproducible & Portable — Identical inputs ⇒ identical outcomes; deployable across cloud/on‑prem/edge.
  • Provable Audit Trail — Each call logs a content‑addressed CID for forensics and reporting.
  • Actionable Risk, not Point Estimates — QIRE returns scenario bands with levers to change outcomes.

Looking for 3 design partners (banking, insurance, BigLaw) for focused 4–8 week pilots.

Pilot Program (4–8 weeks, API‑only)

Format: JSON‑in/JSON‑out endpoints under a UAPK manifest (signature, capability checks, immutable log CID).
No dashboards. No custom builds. Fixed scope, fixed KPIs.

1) RegExplain

Basel/CRA/MiFID pass/fail + clause citations.
KPIs: ≥ 60% manual review time saved · ≥ 90% citation accuracy.

2) AlertRank

AML alert clustering + policy‑gated auto‑close.
KPIs: ≥ 40% false positives auto‑closed at < 1% FN (audited).

3) Bellsfall (QIRE demo)

Scenario bands for people/things (entertainment/education).
KPIs: Demonstrate p10/p50/p90 + levers; privacy & governance validated.

➡️ Start: Request a Pilot LOI

How It Works (at a glance)

  1. Request enters with a minimal payload.
  2. UAPK manifest enforces capabilities (what’s allowed) and policy (how it must run).
  3. Service executes (retrieval, reasoning, generation) inside the manifest’s guardrails.
  4. Immutable log writes a CID (content hash) for the call + explanations.
UAPK governed execution flow
Request → Policy (UAPK) → Service → Log (CID)

Bring your own stack

Manifests reference your connectors, corpora, models, and policies by content hash. No need to move data or retrain.

Governance Pillars

  • Signed Manifests — Ed25519/post‑quantum‑ready signatures bind identity to the content hash.
  • Capability Gating — Only permitted tools/endpoints can run for a given role.
  • No‑PII Default — Zero‑retention unless policy explicitly allows storage.
  • Provenance — Every call writes an auditable CID; rollups feed reports and regulators.

QIRE: Scenario Risk Bands

Instead of a single guess, QIRE returns multiple scenarios:

```json { "subject": "entity-id", "scenarios": [ { "name": "p10", "score": 0.12, "explain": ["factor:A↓", "factor:B↑"] }, { "name": "p50", "score": 0.34, "explain": ["factor:A≈", "factor:C↑"] }, { "name": "p90", "score": 0.71, "explain": ["factor:B↑↑", "factor:D↓"] } ], "levers": [{"name": "KYC.depth", "direction": "+", "delta": 0.08}] }