UNCLASSIFIED // TECHNICAL BRIEF // ACCESS LOGGED // 2026-05-09

WICK SECURITYPLATFORM BRIEF — FORMAL PROOF INFRASTRUCTURE

Formal proof infrastructure for systems where
probabilistic security is unacceptable.

Instead of alerts and confidence scores, WICK produces machine-verifiable proof artifacts showing whether defined failure classes are reachable, impossible, or proven under formal constraints.

// Operational model

HARDENSRF-01→13 · Proof before attack

Formal verification before deployment across prevention surfaces.

INTERCEPTSRF-14→17 · Proof at contact

Runtime constraint enforcement and behavioral drift detection.

RECOVERSRF-18→21 · Proof after breach

Forensic tracing, judicial packages, sovereign attestation.

// Field validation

25+

Confirmed findings (CVE filings + vendor ACKs)

55.8%

of tested AI-generated code provably vulnerable

3,500

Artifacts analyzed arXiv 2604.05292

FIELD VALIDATION TARGETS

Systems / SecurityNASA cFS · wolfSSL · Mozilla NSS · Zephyr RTOS · FreeRTOS

Networking / IoTEclipse Mosquitto · libupnp · libmodbus · Mongoose · lwIP

Research / AI / DeFiarXiv 2604.05292 · llama.cpp · COMPAS · Balancer V3 · Euler V2 · Morpho Blue

OPERATIONAL USE

Selected WICK surfaces have been used in active security verification, blockchain tracing, and financial crime investigation workflows. Sensitive case details available under NDA to qualified government, defence, or institutional contacts.

// 21 surfaces — grouped by operational theatre

SRF	Surface	Theatre	Target system	Primary artifact / value
Theatre I Critical Software Verification	SRF-01	Cobalt	C / C++ / RTOS / firmware / crypto libs	Vendor-validated findings — NASA, wolfSSL, Mozilla, CESNET / Z3 proof artifact
	SRF-02	Forge	Solidity / EVM smart contracts	Reentrancy / oracle manipulation constraint proof
	SRF-03	Ferrite	Rust / WASM / FFI boundaries	Unsafe block reachability — memory safety certificate
	SRF-04	Cobalt PQC	NIST FIPS 203/204/205 — Kyber/Dilithium/Falcon	Parameter correctness + timing-safety proof
	SRF-05	Cobalt COBOL	COBOL / mainframe batch / copybooks	100% proof success across a 2,345-program COBOL verification corpus
	SRF-06	Bedrock	Firmware / bootloaders / UEFI / embedded MCU	Stack overflow / unsafe call path proof below OS
	SRF-07	Vein	SBOM supply chain — CycloneDX / SPDX	CVE constraint violation per dependency — proved
	SRF-13	Signal	ICS / OT / SCADA / PLC — Modbus / DNP3 / IEC 61850	CNSC safety case — Z3 certificate per invariant
	SRF-14	Cassandre	Live DeFi protocols — on-chain invariants	Invariant violation detection before exploit — $197M Euler pattern
Theatre II Autonomous Systems Control	SRF-10	Augur	Multi-agent swarm systems	Emergent behavior divergence proof — Byzantine bounds
	SRF-11	The Answer	AI model decision outputs — EU AI Act / COMPAS	COMPAS-validated fairness certificate — causal bias proved or disproved
	SRF-15	Verdict	AI agent behavioral drift — session-level	Behavioral envelope violation proof — no thresholds
	SRF-16	Sentinel	AI agent pre-execution constraints	<100ms constraint verdict — 100% audit trail
Theatre III Sovereign Intelligence Infrastructure	SRF-08	Wraith	Adversarial reachability + blockchain AML — 12 chains	Field-used adversarial reachability / AML screening artifact
	SRF-09	Skyveil	Military OSINT — ADS-B / AIS / GDELT / NOTAM	NATO INTSUM brief — threat score — Canadian-controlled
	SRF-17	Phantom	Honeypot probe intelligence	Attacker signature artifact — formal attack classification
	SRF-18	Trace	Cross-chain fund tracing — 6+ chains / 13 CEX	Field-used tracing workflows / freeze-ready evidence package
	SRF-19	Vantum	Maritime + judicial + FINTRAC STR pipeline	STR Art. 7 LRPCFAT · Art. 462.32 C.cr. — freeze-ready evidence trail
	SRF-20	IRIS	On-device facial recognition — PIPEDA / Law 25	Immutable biometric audit entry — zero cloud
	SRF-21	Sovereignty	Jurisdiction proof — IaC / vendor / data flow	Canadian-controlled attestation — signable by CISO
Proof Integration Layer Cross-surface verdict chain	SRF-12	Lattice	All 21 surfaces — proof chain composition	SHA-256 tamper-evident verdict — single document for regulator

// Sovereignty — SRF-21 + deployment architecture

Canadian infrastructureCompute, storage, and transit on Canadian-controlled nodes

Canadian data residencyDesigned to support Canadian data residency under defined deployment controls.

CLOUD Act exposureMinimized by architecture — Canadian-controlled deployment chain

Foreign jurisdictional exposureReduced through vendor selection and deployment controls

GC procurement alignmentDesigned with Protected B / PBMM / ITSG-33 in mind

FSCFederal security clearance pathway identified

Sovereignty artifact (SRF-21)Machine-verifiable attestation signable by CISO or contracting authority

Sovereignty and compliance claims depend on deployment architecture, hosting model, contractual controls, and operational scope.

// Sample proof artifact — wick-artifact/v1

Surface	Cobalt — SRF-01
Target	libyang 3.x — LYB IPC parser
Input condition	string_len = 0xFFFFFFFF
Constraint eval.	malloc(0) → WRITE SEGV at offset 4GB
Verdict	SAT — failure condition reachable
Witness values	{ "string_len": "0xFFFFFFFF" }
Review status	PR #2513 merged by CESNET maintainer
Evidence chain	z3-smtlib2-artifact · SHA-256 sealed

LATTICE SRF-12 — PROOF CHAIN OUTPUT

All surface artifacts composed into one SHA-256 tamper-evident chain. One document. One deterministic verdict. The artifact a CISO or regulator signs.

Dominik Blain
Founder, Wick Security / QreativeLab
dominik@qreativelab.io
wicksecurity.ca

Live demos
wraith-007.fly.dev
skyveil-bice.vercel.app
arxiv.org/abs/2604.05292

Technical briefing document. Not legal advice.
Sovereignty and compliance claims depend on deployment architecture, hosting model, contractual controls, and operational scope.

Wick Security — MMXXVI.

Formal proof infrastructure for systems whereprobabilistic security is unacceptable.

Formal proof infrastructure for systems where
probabilistic security is unacceptable.