NODE-CONSTANT//UNCLASSIFIED — ACCESS LOGGED
WICK / 04//T—00:00:00 UTC//45.5°N · 73.5°W
// PROOF INFRASTRUCTUREFORMAL · VERIFIABLE
FORMAL PROOF INFRASTRUCTUREFOR SOFTWARE THAT CANNOT FAIL SILENTLY
SCROLL
FORMAL · DETERMINISTICSAT // UNSAT
§ 00 · DOCTRINE

Some failuresmust notbe possible.

We do not detect. We do not score. We prove — using Z3 SMT — that defined failure classes are mathematically impossible. Every finding ships as a machine-verifiable certificate: exact witness values, independently replayable. Not confidence. Certainty.

CVE-2026-44673CVE-2026-41682GHSA-4jpg-j4hq-x63garXiv:2604.05292
WICK.COBALT — PROOF ENGINEwolfSSL · wolfcrypt/src/rsa.c1 / 3
25+ FINDINGS CONFIRMEDNASA cFSwolfSSLMozilla NSSZephyr RTOS ×8 CWE-190Mosquitto RCElibupnp CVE-2026-41682libyang CVE-2026-44673Shopify toxiproxyIBM Saramallama.cpparXiv 2604.052923,500 ARTIFACTS ANALYZED55.8% PROVABLY VULNERABLEZ3 SMT SOLVERSAT // UNSATFORMAL · NOT HEURISTIC25+ FINDINGS CONFIRMEDNASA cFSwolfSSLMozilla NSSZephyr RTOS ×8 CWE-190Mosquitto RCElibupnp CVE-2026-41682libyang CVE-2026-44673Shopify toxiproxyIBM Saramallama.cpparXiv 2604.052923,500 ARTIFACTS ANALYZED55.8% PROVABLY VULNERABLEZ3 SMT SOLVERSAT // UNSATFORMAL · NOT HEURISTIC
§ 01 · METHODOLOGY

Autonomous code made probabilistic security insufficient.

Smart contracts move capital. AI agents take real-world actions. Critical infrastructure runs on systems code with no runtime guard-rails. In these environments, alerts and confidence scores are not enough. What is required is evidence — formal, machine-verifiable, deterministic.

// Validated at scale
Confirmed findings
25+
production targets · open-source
CVEs & GHSAs
2
numbered · vendor-confirmed
Artifacts analyzed
3,500
AI-generated · production code
Provably vulnerable
55.8%
formal proof · not heuristic
Read the full paper — arXiv 2604.05292
THE OLD MODEL

Detection.

  • Signals that something may be wrong
  • Heuristic. Probabilistic. Alert-driven.
  • No evidence of how — or whether — failure is reachable
  • Confidence scores. Not certificates.
THE WICK MODEL

Proof.

  • Shows exactly where failure becomes possible
  • Formal. Deterministic. Mathematical proof.
  • Machine-verifiable verdict — SAT or UNSAT
  • Witness values when the chain is reachable
// Proven in the field — confirmed findings
Mozilla NSS
TLS Library
Fixed
wolfSSL
Crypto Library
PR Merged
libupnp
UPnP Library
CVE-2026-41682
libyang
NETCONF / sysrepo
CVE-2026-44673
§ 02 · FIELD

Tested where guessing is not enough.

WICK has been applied to security-critical open-source systems — with CVE filings, vendor acknowledgments, and formally defined bug classes across each target. All findings are production-accessible code, not synthetic benchmarks.

#TargetDomainStatus
iMozilla NSS
TLS Library
TLS / CryptographyFixed
iiwolfSSL
Crypto Library
TLS / CryptographyPR Merged
iiiFreeRTOS
Amazon RTOS
Real-Time KernelACK Amazon
ivZephyr RTOS
Embedded OS
Real-Time KernelCVE Filed
vMosquitto
MQTT Broker
IoT Messaging2× CVE Filed
vilibupnp
UPnP Library
Network / IoTCVE-2026-41682
viilibyang
NETCONF / sysrepo
Network ConfigCVE-2026-44673
viiilibmodbus
Industrial Protocol
SCADA / ICSCVE Filed
ixMongoose
Embedded Web Server
HTTP / NetworkingCVE Filed
xlwIP
TCP/IP Stack
NetworkingCVE Filed
xistrongSwan
VPN · IKEv2
VPN / TunnelingFix Pending
§ 03 · OUTPUT

Not alerts. Not scores.
Proof artifacts.

Every scan produces structured evidence showing what was tested, which constraint was evaluated, where failure becomes possible, and what supports the result. No black box. No guessing. A document — not a guess.

Each artifact contains
  • iVulnerability class tested
  • iiConstraint evaluated
  • iiiCode path or action path analyzed
  • ivFailure condition found or rejected
  • vEvidence trail generated
  • viReview status assigned
ARTIFACT // COBALT-OH-1FAILURE DETECTED
// SAMPLE PROOF — REVIEW READY

Silent insulin-on-board calculation failure under defined input.

ArtifactCOBALT-OH-1
SystemOpenAPS · oref0
FunctioniobCalcBilinear()
Failure cond.dia = 0
ResultSilent IOB calc failure
EvidenceConstraint violation under defined input
ScopeDefined input condition
StatusReview-ready
// Real Z3 SMT-LIB2 output — wolfSSL DH key parsing · SRF-01 COBALT
SMT-LIB2 · PROOF ARTIFACTVERDICT: SAT — VIOLATION PROVED
; ── WICK PROOF ARTIFACT ──────────────────────────────────────────
; Surface : SRF-01 COBALT · Target: wolfSSL 5.6.x
; Function: DhAgree() · CWE-190 Integer Overflow
; ─────────────────────────────────────────────────────────────────

(declare-const key_len   (_ BitVec 32))
(declare-const alloc_sz  (_ BitVec 32))
(declare-const max_safe  (_ BitVec 32))

(assert (= alloc_sz (bvmul key_len #x00000004)))   ; alloc = key_len × 4
(assert (= max_safe #x3FFFFFFF))                   ; heap limit guard
(assert (= key_len  #xFFFFFFF4))                   ; attacker-controlled input

; Prove: alloc_sz OVERFLOWS safe boundary
(assert (bvugt alloc_sz max_safe))

(check-sat)
; ─────────────────────────────────────────────────────────────────
; sat
; WITNESS  key_len  = 0xFFFFFFF4  (4294967284)
;          alloc_sz = 0x0000000D  (13 bytes — wraps from 17179869136)
; RESULT   heap write of 65535 bytes into 13-byte allocation
; STATUS   SAT — integer overflow formally proved ✓
; CVE      filed · PR merged wolfSSL upstream
// This is what proof looks like. Not a score. Not an alert. A mathematical certificate — independently verifiable.
§ 04 · OPERATIONAL THEATRES

One proof core.
Three operational phases.

// WICK is not a suite of disconnected tools. It is a single formal proof core deployed across three operational phases: harden before the attack, intercept at contact, and recover after breach.

THEATRE I

Code & System Proof

Formal proof applied at the source — before deployment, before breach. For teams building systems where memory, cryptography, or supply chain failure cannot be silent.

CobaltSRF-01ForgeSRF-02Cobalt PQCSRF-04Cobalt COBOLSRF-05CassandreSRF-14
THEATRE II

AI Governance & Decision Control

Formal proof at every AI decision boundary — before, during, and after action. For organizations deploying AI agents, autonomous decision systems, or regulated AI in critical domains.

PROOFNODESRF-25SentinelSRF-16VerdictSRF-15The AnswerSRF-11
THEATRE III

Red Team & Forensics

Formal proof applied after contact — adversarial path analysis, probe detection, blockchain forensics, and jurisdictional attestation. Know the attack path before the attacker does.

WraithSRF-08PhantomSRF-17TraceSRF-18ReconSRF-22SovereigntySRF-21
View full surface index ↓
§ 05 · FULL SURFACE INDEX

Every surface.
One formal core.

// The same Z3 proof engine, applied at every layer — from embedded firmware to on-chain capital to AI decision boundaries. Each surface operates autonomously. The methodology is invariant.

Theatre I — Critical Software Verification
SRF—01
Cobalt
Formal proof for critical infrastructure.
Formal verification engine for C, C++, RTOS, embedded systems, and crypto libraries. Identifies vulnerabilities with formal evidence — not heuristics. Validated against wolfSSL, Zephyr RTOS, libmodbus, Mongoose.
4+CVE
19Classes
SRF—02
Forge
Formal security for smart contracts.
Formal vulnerability detection for Solidity and EVM contracts. Analyzes call graphs, state transitions, and taint propagation to produce provable failure conditions — not scanner output. Built for protocol teams and technical diligence.
8SWC
<30sScan
SRF—05
Cobalt COBOL
Verified transpilation for legacy COBOL.
Formally verified COBOL-to-Python transpilation pipeline. Produces a Z3 proof of semantic equivalence after migration — detecting logic errors that LLMs naturally miss. Validated against 2,345 benchmark programs across NIST, GnuCOBOL, and enterprise COBOL. Deloitte reports 66% error rate in enterprise migrations. COBALT produces proof instead of risk.
2,345Benchmarks
100%Proof Rate
SRF—14
Cassandre
She speaks before the exploit.
Continuous formal verification for deployed DeFi protocols. Infers invariants automatically — no human specifications required — and flags violated constraints before exploitation. Recovered the invariant failure pattern behind the Euler $197M exploit in post-incident analysis.
$197MEuler
PostIncident
Theatre II — AI Governance & Decision Control
SRF—11
The Answer
Formal proof. Formal falsification.
v2.0 — formally falsifies Constitutional AI and RLHF safety claims using Z3 SMT. The meta-proof encodes the safety guarantee as a Z3 Bool constraint, observes empirical violations from the COBALT-AI Benchmark, and returns UNSAT — a mathematical proof, not an opinion. Claude Opus 4.7: 22% · GPT-5.5: 18% · Gemini 3.1 Pro: 44% — all CLAIM FALSIFIED. v1.0 fairness proofs on COMPAS recidivism and UCI German Credit remain available.
UNSATZ3 Proof
3/3Falsified
SRF—15
Verdict
Behavioral drift monitoring for autonomous agents.
Detects when an agent's operating pattern diverges from its approved behavioral envelope — across time, sessions, and operational context. No thresholds. No confidence scores. Proof the envelope was violated.
Sessions
0Thresholds
SRF—16
Sentinel
Pre-execution control for AI agents.
Verifies formal constraints before each agent action — workspace boundaries, spending limits, command guards, approval gates. Immutable audit trail. No action without a formal verdict.
<100msLatency
100%Audit
SRF—25
PROOFNODE
Formal AI decision verification for regulated domains.
Verifies AI decisions in real time across 10 regulated domains — medical, legal, finance, pharma, criminal justice, and critical infrastructure. Every decision produces a signed Z3 proof receipt: SAT confirms compliance, UNSAT blocks with a counter-example. Ed25519-signed. Independently verifiable. Admissible.
10Domains
Ed25519Signed
Theatre III — Red Team & Forensics
SRF—18
Trace
Forensics across chains and time.
Multi-chain fund tracing and DeFi hack recovery across 6+ networks. Traces stolen funds across chains and mixers, detects exploit patterns, and prepares emergency freeze requests for exchange compliance teams.
6+Chains
13CEX
SRF—08
Wraith
Adversarial proof analysis.
Models bounded attack paths and proves whether critical failure states are reachable under adversarial input. Built for internal red teams, technical diligence, and pre-deployment validation. Know the attack path before the attacker does.
DefinedTargets
0Guesses
SRF—22
Recon
Map the attack surface before the attacker does.
Active infrastructure reconnaissance — sovereign, zero cloud. Submit a domain or IP and Wick Recon maps the full attack surface: DNS records, open ports, TLS certificate chain, technology stack, and subdomains via cert transparency. Risk-scored. Exportable. No third-party APIs.
5Modules
0Cloud APIs
SRF—17
Phantom
Probe intelligence. The attacker found us first.
Deploys a formal mirror of your protocol in the dark. Every probe is recorded before it reaches you — classified and converted into formal attack signatures. The attacker believes they found a target. They found Phantom first.
0Exposed
Recorded
SRF—21
Sovereignty
Jurisdiction-proof deployment. Canadian-controlled.
Sovereignty produces machine-verifiable attestations over data residency, Canadian deployment control, and reduced foreign jurisdictional exposure. The certificate a government CISO can sign.
CACanadian control
CLOUD ActMinimized
Theatre I — Post-Quantum Cryptography
SRF—04
Cobalt PQC
Your quantum migration — formally verified.
Formal verification of post-quantum cryptography against NIST FIPS 203/204/205. Proves Kyber, Dilithium, and Falcon implementations are parameter-correct, constant-time, and timing-safe. Built for the mandatory PQC migration that governments cannot afford to get wrong.
FIPS 203/4/5NIST
DND/CSECTarget
§ 06 · ARCHITECTURE

Three theatres.
One proof core.

// WICK is not a suite of tools. It is a formal proof layer deployed across operational theatres — from embedded C to on-chain capital to sovereign intelligence infrastructure. Each surface operates autonomously. The proof core is invariant.

§ 07 · SOVEREIGNTY

Built under
Canadian jurisdiction.
Architected for sovereign control.

U.S.-headquartered vendors may remain subject to foreign legal process regardless of where their servers are located. WICK is architected for Canadian-controlled deployment, Canadian data residency, and reduced foreign jurisdictional exposure. For government procurement, defence, and regulated industries, jurisdiction is not a feature. It is the foundation.

Discuss Sovereign Deployment
CCCS Alignment

Canadian Centre for Cyber Security guidance. Formal verification as a control — not an assertion. Every WICK proof artifact is evidence-grade under CCCS technical frameworks.

Protected B Path

Designed with Protected B requirements in mind — compute, storage, and transit on Canadian sovereign nodes. WICK infrastructure targets PBMM cloud profile alignment for government and defence engagements.

Emerging Canadian AI Governance

Canada's evolving AI governance landscape includes requirements for impact assessment, bias mitigation, and auditability of high-impact AI systems. The Answer produces machine-verifiable compliance artifacts designed for these frameworks as they come into force.

CLOUD Act exposure minimized

WICK engagements are architected to reduce foreign jurisdictional exposure through Canadian-controlled deployment and data residency. Structured to minimize US CLOUD Act surface for sensitive government and defence engagements.

PSPC Procurement Path

Structured for Public Services and Procurement Canada engagement. WICK is a Canadian-founded, Canadian-operated security infrastructure company.

// Jurisdiction comparison
VendorJurisdictionCLOUD Act ExposureCanadian Sovereign
WICK Technology
Formal Proof Infrastructure
🇨🇦 CanadaMinimized by architectureCanadian-controlled deployment
Palantir
Intelligence Platform
🇺🇸 United StatesSubject to U.S. jurisdictionDeployment-dependent
CrowdStrike
Endpoint / Detection
🇺🇸 United StatesSubject to U.S. jurisdictionDeployment-dependent
Microsoft Sentinel
SIEM / XDR
🇺🇸 United StatesSubject to U.S. jurisdictionDeployment-dependent
§ 08 · STANDING

If a failure exists,
we will show it to you.

No guessing. No noise. A structured artifact showing exactly what was found, how it was confirmed, and what makes it exploitable.