Three years of clean audits missed a $40,812.81 defect. I found it in 127 minutes.
Agentic security and sovereign inference, red-teamed after the auditors sign off — remote, async-first, scope in writing before day one.
The headline replays from a 47,312-record deterministic corpus. Clone and run: cobol-pic-probe · llm-adversarial-gate · exo
$ git clone https://github.com/mpuodziukas-labs/cobol-pic-probe && cd cobol-pic-probe && pytestCOBOL PIC V9(7)V99 fixed-point truncation — synthetic, fixed-seed, reproducible.
Offline adversarial-validation gate — 5 OWASP LLM Top 10 threat classes.
Architecture
Nothing ships without two gates: one halts on any single agent failure, one holds through the peer node dropping.
Both render live from the same constants that run in production. The numbers in the diagrams are the numbers in the system.
M1 Max · 32 GB + M4 Mini · 16 GB — 48 GB pooled across two nodes · Thunderbolt 4 · 40 Gb/s
- throughput
- 158 TPS
- aggregate ring
- P50 e2e
- 389ms
- token-to-token
- model
- 30B Q4
- served local
- API cost
- $0
- self-hosted, from $26,400/mo
A clean checklist said safe
The adversarial run said otherwise
The gap is what costs you
140/140 caught, 0 bypasses on the corpus a checklist never runs.
An OWASP checklist confirms known-issue coverage. An adversarial run finds what the checklist can't. llm-adversarial-gate is the public anchor: fixed corpus, deterministic, clone-and-run.
Four of seven production systems — the other three live on /work. Every public number is reproducible.
COBOL forensics, adversarial-AI defense, sovereign inference. Clone the public ones and run them yourself. Client work is under NDA, reproducible on request.
COBOL · LLM Security · Inference · Post-Quantum Crypto
COBOL Payroll Forensics
COBOL Forensic Audit (methodology reference)
An adversarial boundary scan of a COBOL payroll system found a silent COMP-3 fixed-point truncation that standard audits and monitoring had passed clean for three years. The corpus reproducing it clones and runs.
Failure class: PICTURE-clause fixed-point truncation, compounding below the totals-reconciliation threshold.
Full teardown →
Silent COMP-3 arithmetic overflow. Years. Every monitoring dashboard green. Every quarterly audit clean. COMP-3 PIC clause mismatch: ON SIZE ERROR suppressed, silent truncation, wrong multiplier on overtime. Detected via adversarial boundary scanner. Every replay state SHA-256 hash-chained. Zero divergence. Failure class: PICTURE-clause fixed-point truncation compounding below totals-reconciliation thresholds. Root cause documented. 10M cargo-fuzz iterations on COBOL→Rust migration: 0 panics, 0 known CVEs (dependency-scanned), 85% memory reduction, 27× throughput. Every claim has a replay command. Reproducible on request: pytest cobol-pic-probe/ -v
$ python3 probe.py --records 47312LLM Adversarial Validation Council
Adversarial AI validation · public corpus n=220 (clone-and-run)
A multi-agent deliberative council gates every LLM output in a regulated deployment (SHA-256 attestation, HITL, MITRE ATLAS-mapped coverage). Measured result: 27% baseline hallucination rate down to under 1% across 4,200 production outputs (internal holdout, NDA).
Baseline: 27% LLM hallucination rate in a regulated environment, no adversarial gate in place.
Full teardown →
A regulated AI deployment measured a 27% hallucination rate before any adversarial gate was in place: no deliberation, no attestation, no replay trail on a wrong answer. Multi-agent deliberative council on LangGraph StateGraph. Every output: SHA-256 hash-chain attestation, HITL gate, MITRE ATLAS-mapped coverage gated. Not a policy document: a deployed deterministic gate. Result: 27% → <1% hallucination (n=4,200 internal holdout, NDA; same labeled set, pre- and post-gate). 5 OWASP LLM Top 10 classes adversarially tested. 140/140 adversarial caught across the public corpus (n=220, 0 false negatives) · 0 P0 incidents across 47,312 replays (0 divergence) · 1,343 CI safety assertions on every deploy. Every attack attempt logged with vector classification and a SHA-verified replay artifact, replayable not asserted.
$ python3 -m pytest tests/ -vSovereign Inference Infrastructure
Open Source + Self-built · exo fork (mpuodziukas-labs/exo) · 55 commits ahead of upstream
A 2-node Apple-Silicon mesh replaces a managed-API inference bill with local compute: 158 TPS, 389ms P50 end-to-end, zero ongoing API cost (self-hosted; hardware/power still apply), nothing leaves the building.
Prior state: that managed-API inference bill, single-vendor dependency, one query at a time leaving the building.
Full teardown →
Managed-API inference carried single-vendor dependency and per-query data egress. Built a local alternative. EXO + MLX 2-node mesh on Apple Silicon over Thunderbolt 4. 55 commits ahead of upstream on a production fork of exo-explore/exo. KV cache prefix optimization + speculative decoding wired on every path. Result: 158 TPS. 389ms P50 end-to-end. 99.97% measured uptime (12-month window, Prometheus-verified). Air-gappable: HIPAA-compatible (zero PHI egress), FINRA-ready, zero data egress. That managed-API spend is gone; the hardware was already on the desk, so ongoing cost is electrical draw, not zero total cost. Infrastructure-as-code: Terraform on ARM. mTLS mesh. Every routing decision logged with cost, model, confidence.
Post-Quantum Cryptography Stack
Production Infrastructure + Security Engineering (NDA)
FIPS 203/204/205 (ML-KEM, ML-DSA, SLH-DSA) implemented from their 2023 draft standards and validated against the finalized specs — years ahead of the NIST 2030 migration mandate. 0 known CVEs (dependency-scanned). Every signature hash-chained and timestamped (RFC3161), replayable on demand.
NIST post-quantum migration mandate lands in 2030; most systems have not started. This one deployed draft-standard PQC in 2023.
Full teardown →
FIPS 203/204/205 (ML-KEM, ML-DSA, SLH-DSA) implemented in 2023 from their draft standards, then validated against the finalized specs (Aug 2024). 0 known CVEs (dependency-scanned). Implements FIPS 203/204/205 algorithms. SHA-256 hash-chain attestation: every signature hash-chained and timestamped (RFC3161), replayable on demand. 1,343 CI safety assertions on every deploy. The same 47,312-state deterministic replay corpus (cobol-pic-probe) doubles as a cryptographic audit trail — every state SHA-256 hash-chained, zero divergence.
Confidential engagement · reproduce-on-request
The full proof record · puodziukas.dev/proof
Methodology: Every public metric clones and runs. The replay corpus (0 divergence, SHA-256) is public and CI-green: github.com/mpuodziukas-labs/cobol-pic-probe.
