Research

Briefs on the primitive, the doctrine, and the practice.

Unclassified. Non-proprietary. Referenceable without prior approval. These briefs lay out the architectural posture behind every Bonis Systems deployment.

Brief 01

Doctrine

April 2026

The Evidence-Native Commerce Thesis

Every regulated transaction today is audited against logs produced and stored by the enterprise being audited. For internal compliance this is sufficient. For adversarial forensics — an insider-compromise investigation, a key-material audit, or a court-admissibility question — it is not. The structural fix is not better internal controls. It is an external witness.

The pattern repeats across every regulated vertical. A bank produces its own ledger and its own fraud analytics. An EHR produces its own audit log of PHI access. A container registry produces its own SBOMs. A custodian produces its own safe-keeping receipts. Each of these institutions takes producer attestation as input to its own assurance posture. When the attestation is sufficient, the audit clears. When it is not, the institution is asked — and must answer — with records it produced.

Evidence-Native Commerce is the architectural posture in which every state-changing event is committed to a publicly verifiable external chain at the moment it occurs. Producer-side attestation remains. What changes is the availability of a second, non-cooperating witness. The second witness does not require the auditor to trust the producer. It does not require the regulator to subpoena the producer. It does not require a future forensic investigator to obtain cooperation from any party. The witness is Bitcoin. The commitment protocol is OpenTimestamps. The primitive underneath is Knox, covered by USPTO provisional 64/038,359.

The thesis is not that institutional records are unreliable. The thesis is that institutional records are the wrong anchor for the class of questions a modern adversary can ask. Deepfake evidence, compromised signing keys, supply-chain injection, AI-synthesized receipts, insider-executed retroactive rewrites — every one of these attacks inhabits the gap between what an institution can produce and what an external observer can verify independently. Evidence-Native Commerce is the commercial application of closing that gap at the primitive layer.

Brief 02

Supply Chain

April 2026

Supply-Chain Provenance in the Generative AI Era

EO 14028, OMB Memo M-22-18, and NIST SP 800-218 formalize the producer-attestation model for software supply-chain security. The next generation of attack will not forge SBOMs — it will retroactively rewrite them. Internal registries cannot detect that. External anchors can.

The mature SBOM pipeline today — Anchore or Syft generating a bill of materials, cosign or Sigstore producing a signature, in-toto formalizing an attestation — all operate within the administrative boundary of the enterprise producing the software. DoD's Iron Bank adds hardening and centralized storage. CISA's Secure Software Self-Attestation Form adds an enforceable producer declaration. What none of these layers add is a witness outside the producing enterprise.

Generative AI makes producer attestation a weaker reliance. A sufficiently motivated insider — or a compromised registry — can rewrite an SBOM to remove a vulnerable dependency after a breach. The SBOM remains valid on its face. The signature still verifies. The registry's internal audit still clears. Only the hash of that SBOM at the moment of original publication, committed externally and dated publicly, can tell the forensic investigator whether the artifact was altered.

The integration is one outbound HTTPS call per artifact. It does not replace Anchore. It does not compete with Platform One. It does not require changes to existing CI/CD. It adds one timestamp commitment per event to a chain no DoD administrator can rewrite. The cost at Enterprise tier is fractions of a cent per anchor. The output is a verifiable proof that any third party — including the next forensic investigator — can consume without cooperation from the DoD, Platform One, Anchore, or the original signer.

Brief 03

April 2026

The AI Audit Doctrine

AI output without cryptographic provenance is testimony without a witness. As AI is integrated into regulated decisions — fraud detection, compliance review, evidence analysis, medical triage — the audit question is no longer whether the model produced a correct answer. It is whether the answer can be reconstructed, verified, and admitted.

Federal Rules of Evidence 902(13) and 902(14) provide for self-authentication of electronic records and certified records produced by an electronic process. The standard requires that the record's production method be reliable and that the method be certified by a qualified person. For human-authored records, the chain of custody is the reliable method. For AI-generated outputs, the chain of custody has not been formalized. Expert-witness testimony remains the common pathway. This does not scale to the volume of AI-assisted decisions now entering regulated workflows.

The AI audit doctrine has three components. First, every AI inference produces a receipt: model identifier, model version, input hash, output hash, and reasoning chain. Second, the receipt is committed externally — not to the inference provider's own logs, but to an independent chain outside the provider's administrative boundary. Third, the receipt is publicly verifiable by any party without cooperation from the inference provider. Knox instantiates this doctrine: each inference produces a SHA-256 receipt committed via OpenTimestamps to the Bitcoin blockchain. The receipt survives provider deprecation, model retirement, and vendor insolvency.

The practical consequence is that AI outputs can be admitted under FRE 902(13) self-authentication without expert-witness testimony. The math testifies. This is not an incremental improvement on explainability frameworks. It is a structural change in the evidentiary standing of AI-assisted decisions, making them usable at scale in regulated commerce without creating a new compliance surface every time a model is updated.