Amendment 003 — The 10-Slide Pitch Deck

Slide 01 · of 10 · Title

KNOXAI

The first third-party hardware-signed
AI model integrity certification.
Independent. Reproducible. Enforceable.

Michael Cochran · Founder · USCYBERCOM Offensive Cyber Operator
knox.cochranblock.org · Seeking Speedrun Cohort

Slide 02 · of 10 · Problem + Market

Every regulated enterprise deploying AI has no way to prove their model is clean. No HIPAA, FINRA, or federal buyer accepts "we looked."

The problem. Stanford documented CSAM contamination in LAION-5B (the Stable Diffusion dataset). 1.5M+ public models on HuggingFace. Zero structured third-party audit programs at an accessible price. Internal red-teams aren't independent; academic benchmarks aren't commercial; Big-4 audits are $100K+ and six months.

Why now. EU AI Act conformity assessment deadlines, UK Online Safety Act enforcement, 12+ US state AI-safety bills pending, NIST AI RMF maturing into procurement gates. Enterprise buyers already asking "did you audit this?" — and publishers have no defensible answer.

TAM shape (modeled).

Global regulated-AI spend in health, finance, gov, legal: tens of billions and growing
Cert + continuous-monitoring line typically runs 0.5-2% of that spend — a multi-hundred-million to multi-billion addressable window
Comparables: SOC 2 market (~$1.5B), ISO 27001 certification (~$2B+), PCI QSA market — AI integrity cert is the 2026 analog that doesn't yet exist

Scope beyond CSAM. Same pipeline detects eleven harm classes: CSAM, NCII, CBRN uplift, extremism, grooming, fraud generation, backdoored weights, copyright laundering, PII memorization, sanctioned-party uplift, hallucinated high-stakes content.

Slide 03 · of 10 · Value Proposition

First-to-market third-party, hardware-signed, independent AI integrity certification — at a price enterprise buyers can actually procure.

Nobody else combines all five: independent · hardware-rooted signature · reproducible audit · accessibly priced · Unlicensed open tooling. Internal red-teams fail on independence. Academics fail on commercial polish. Big-4 fails on price and speed. Marketplace auto-checks fail on independence. We are the wedge.

This is what I was trained for. USCYBERCOM Offensive Cyber Operator — the exact job description is "find what's hidden in systems." Now applied to AI model supply chains at scale.

For publishers: a signed cert defensible in court, accepted by marketplaces, recognized by regulators.

For marketplaces (HuggingFace, Civitai, Ollama): a listing-gate that shifts liability upstream to publishers, downstream away from the platform.

For regulators: a conformity path with reproducible evidence and mandatory reporting pipelines.

For insurance: an auditable risk-reduction signal eligible for E&O premium discount programs.

Slide 04 · of 10 · Underlying Magic

The moat: hardware root of trust + reproducible five-gate pipeline. Both required. Neither copied easily.

1. Air-gapped hardware signing. Private key burned into ESP32 eFuse silicon inside a bolted-down safe. Biometric touch to issue a cert. No cloud. No API. No extraction path that doesn't involve physical access to the operator's safe and finger.

2. Five-gate audit pipeline. Hash scan → red-team battery → membership inference → dataset attestation → harmful-output classifier. Each gate emits artifacts. Artifacts hash into the signature. A skeptic can re-run every gate and verify against the published pubkey.

3. Reproducibility is the product. A cert you can re-verify is a cert a court, a marketplace, and a regulator can all accept. A SaaS black-box attestation is not.

Platform note: the hardware-trust stack is portable — adjacent product battle-bros (Rust-based tactical AR, DARPA track) is the proof. Not part of this raise; different investor set. Focus here is KNOXAI. Full hardware spec + signing ceremony in Appendix A and at cochranblock.org/arch#p27.

Slide 05 · of 10 · Business Model

Two-sided marketplace. Pay to submit. Pay to resubmit. Pay to keep the cert live.

Line	Price	Split to Operator	Who pays
Submission fee	$1,000	70/30	Publisher — per model, per audit run
Resubmission fee	$500	70/30	Publisher — after failure + remediation
Standard cert (annual)	$20/yr	80/20	Volume publishers (HF, Civitai)
+ Class add-ons	+$15-30/yr	75/25	NCII, CBRN, supply-chain, PII
Full Spectrum (all 11 classes)	$150/yr	70/30	Production-grade publishers
Portfolio (enterprise shelves)	$5K-50K/yr	60/40	Enterprise AI integrators
Gov / Defense	per engmt	50/50	Cleared contracts, multi-sig certs

The resubmission loop is the flywheel. Failure → remediation → resubmission fee → operator re-reviewed. Every failure generates revenue both on detection (submission) and on fix (resubmission) while also creating public-blacklist pressure to stay current.

Plus: Hash DB API · continuous monitoring subscriptions · insurance partnerships · DoD/DHS contracts · training programs (SkillBridge, VR&E, university) · expert witness · marketplace integration fees · dataset audit · AIBOM licensing.

Operators are assigned from the vetted guild (KNOXAI allocates, not the customer). Full pricing matrix + 5-year projection in /amendment-002 Schedule A.

Slide 06 · of 10 · Go-to-Market

Build the trust anchor first. Then make uncerted models unshippable.

Phase 1 — Trust anchor (M0-M6). Position KNOXAI as the AI-model analog of NIST NVLAP / ISO/IEC 17025 / SOC 2. Publish the methodology, publish the pubkey, publish the first cert registry. Credibility before volume. Trust compounds; leads don't.

Phase 2 — Regulatory catalyst (M3-M18). Ride the EU AI Act, UK OSA, NIST AI RMF, and state AI-safety bills. Get cited by name in conformity frameworks — the path SOC 2 took from 2011 advisory doc to 2017 procurement gate. Regulated industries (HIPAA, FINRA, FedRAMP) adopt first; consumer AI follows.

Phase 3 — Eight-lever execution.

#	Lever	Effect
1	Upstream dataset partnership	Kill contamination at source (LAION's successors)
2	Marketplace listing gate	HuggingFace / Civitai / Ollama require cert
3	Provenance chain certs	Every layer signed — no hiding behind a base model
4	Mandatory reporting pipeline	Cert-fails auto-filed to NCMEC / FBI / EU AI Office / Ofcom
5	Operator workforce scale	SkillBridge, VR&E, academic, industry pipelines
6	Legislative citation	Named in state/federal AI-safety law as conformity path
7	Insurance underwriting	E&O premium discounts for certed publishers
8	Cultural shift	"Is it KNOXAI-certed?" becomes reflexive like "does it use HTTPS?"

Full doctrine: /no-quarter

Slide 07 · of 10 · Competitive Analysis

No one else is doing veteran-owned hardware-signed independent third-party AI integrity attestation at $20/yr.

Competitor	What they do	What they don't
Anthropic / OpenAI / DeepMind safety teams	Internal red-team for own models	Not independent · don't audit other publishers · not for sale
Stanford HAI / MIT CSAIL / academic labs	Research, eval frameworks	Not commercial · no signing infra · no reporting pipeline
Thorn (Safer)	CSAM detection at platform layer	Doesn't audit AI models specifically · doesn't sign
NCMEC / IWF / C3P	Hash databases, mandatory reporting	Receive reports, don't issue certs · no commercial product
Big-4 audit firms (Deloitte, PwC)	Enterprise AI compliance consulting	$100K+ per engagement · not third-party · 6-12 month cycles
Hugging Face automated checks	Basic safety filters on hosted models	Self-audit · no independent signing · no reporting

Our wedge: independent + hardware-signed + veteran-owned + accessibly priced + reproducible. Nobody else combines all five.

Slide 08 · of 10 · Team · 52 Days

Day 52. Solo technical founder. 31 Rust repos. First paying partnership. Cert service live. Chief Advisor lane open. Cofounder candidate in discussion.

Michael Cochran · Founder & CEO

52 days since career-ending event: 31 public Rust repos / 143,763 LoC / 1,598 tests / 32 crates published / 3 live production domains / ~$364 total spend ($200/mo Claude + $10/mo tunnel + own GPUs — ~1,000× capital-efficient vs industry)
Shipped the full KNOXAI prototype solo in under two months
First paying partnership signed within the first 30 days
Federal-contracting footprint active: SAM.gov, CAGE 1CQ66, UEI W7X3HAQL9CF9, SDVOSB submitted
Running load during sprint: wife + 3 kids half-custody + spring break mid-sprint + full household menagerie. Built mobile-C2 tooling (tmuxisfree mobile mode) to keep shipping from phone during parenting windows.
Also: US Army veteran (Active Duty), MOS 17C Cyber Operations, JCAC Corry Station 2014, USCYBERCOM J38 JMOC-E co-dev lead on a Congressional NDAA-directed offensive cyber operations study (paired J9/J38, ran J38 side), 100+ missions, 30% service-connected

Cofounder · Sales + Enterprise (in discussion)

Target profile: cleared OCO/IC peer with enterprise-sales posture
Named candidate under discussion; cofounder equity reserved in cap table
LOI targeted by Speedrun cohort kickoff

Chief Advisor · role open

20+ year engineering leader · ex-Zynga, hi5 Networks, Mofactor, Digital Chocolate, RIM
0-to-1 specialist; expert-witness bona fides (patents, big-5 trial)
Methodology review + pitch coaching · not in cap table as team

🇺🇸 Guild Recruiting: OCO / IC Veterans, AI Safety Researchers, ML Engineers, Red Teamers, Cleared Data Scientists 🇺🇸
SkillBridge · VR&E · Academic & Industry Crossover

Full 52-day ledger: cochranblock.org/52-days

Slide 09 · of 10 · Financial Projections + Key Metrics

Target trajectory: $225K → $40M ARR. Projections — not commitments.

Year	Revenue (target)	Operators	Certs Issued	If hit, status
Y1 (2026)	$225K	5	3K	Speedrun close · first SBIR
Y2 (2027)	$1.57M	25	15K	SBIR Phase II · 10 Portfolio
Y3 (2028)	$5.51M	75	50K	Category-leadership threshold · DoD OTA · insurance
Y4 (2029)	$15.6M	175	200K	State law citation · marketplace integrations
Y5 (2030)	$40.1M	350	600K	Full-spectrum maturity

Unit economics (internal modeling): 65-85% gross margin target · LTV/CAC modeled at 20-50x based on retention assumptions · marketplace integration as primary acquisition lever.

MMLC discipline — honest framing. Revenue under Article XII §12.5 funds operator capacity. Operator capacity determines models audited. Models audited determines reports filed. Reports filed are routed to NCMEC / FBI ICAC / EU AI Office / UK Ofcom / equivalent authorities with jurisdiction. KNOXAI is accountable for the evidence quality — not for prosecutorial outcomes. Conversion rates from report → investigation → indictment are determined by law-enforcement discretion, and will be measured and published post-launch in the public ledger rather than promised pre-launch. Full methodology, assumptions, and risk register in /amendment-002 Schedule A. Governance stack: /constitution.

Slide 10 · of 10 · Current Status + Use of Funds

Live infra. Signed governance. $750K asks for 18 months.

Live and verifiable today:

cochranblock.org/constitution — the complete governance stack indexed (OA + every amendment + doctrine + proofs + protocols). Start here.
knox.cochranblock.org — live mystery page, "system active" counter
cochranblock.org/no-quarter — operational doctrine, 8 levers, 11 harm classes, ledger
cochranblock.org/manifesto — founder's mission statement
cochranblock.org/onboarding — 13-section operator handbook
cochranblock.org/sovereignty — six-proof public audit page

Use of $750K Speedrun close (18-month runway):

Allocation	$
Founder salary — market-rate, 12 mo	$180K
Cofounder salary — market-rate, 12 mo	$150K
Operator FTE bench (2 × 6 mo)	$160K
SBIR Phase I + grant-writing	$55K
NIST NVLAP / accreditation filing + legal	$50K
Hardware infra (10 op kits + reference vaults)	$40K
Marketplace integration sprints	$45K
Foundation + insurance partnership outreach	$40K
Legal counsel (cert defense + IP + corporate)	$30K
Total	$750K

Structure note. Current LLC structure carries an LLC-context non-dilutive policy (Article XII) with a disclosed, capped, sunset-bound equity exception (Amendment 001, CEBP) for this exact round. Upon Speedrun close, the Company expects to re-paper as a Delaware C-corp under standard investor terms; the LLC governance becomes historical record at /constitution. Founder is aware that investor counsel will re-paper cleanly.

Amendment No. 003 to the Operating Agreement of The Cochran Block, LLC