▸ articles/

Companion writing on runtime model identity.

Threat briefs, founder scans, and operational notes from the Fall Risk AI research program. Where the papers establish what is provable, the articles make the implications concrete — for security leaders, governance teams, and anyone trying to understand what runtime identity actually means in production.

published/ 2 articles · most recent first
Founder Scan · May 3, 2026 · 10 min read

I Ran Trustfall on My Own Laptop. It Found More Than 600 GB of Model Weights.

Two scans of the same developer laptop, one month apart. The first found the gap. The second showed what a signed registry changes — 8 verified groups of 40, then 66 verified of 93 as the registry grew from 75 records to 211.

Read the scan
Threat Brief · April 6, 2026 · 5 min read

The Continuity Gap

Every credential stayed valid. Every audit log looked normal. Only the model had changed. Three substitution scenarios measured against a live gateway with signed credentials — all detected in under 7 seconds.

Read the brief
More articles in development.
elsewhere/ canonical surfaces · signed authority
Public Registry →
Browse and verify enrolled models. Cryptographic signatures verifiable in your browser.
Trustfall Lite →
Open-source local artifact scanner. Hugging Face and Ollama. pipx install fallrisk-trustfall
Trustfall API →
Canonical authority surface. Signed registry, JWKS, verification endpoints.