← fallrisk.ai

Enrollment Registry

The credibility surface for Fall Risk model identity attestations.

Twenty-four neural networks. Each one measured at a layer that does not lie. Each measurement signed with a key whose public half is in this page.

This page exists so you can verify, without trusting us, that the measurements are real. Click any orange button — your browser checks the signature in milliseconds, with no network call. View Source confirms the key is inlined. Devtools confirms nothing was fetched.

The page is not a product. It is the showroom where the product can be examined, picked up, verified against forgery, and walked away with by anyone who wants to.

24 Signed models
9 Model families
410M – 72B Parameter range
RS256 Signature algorithm

24 publicly enrolled today. The Fall Risk research program has structurally measured 43 models in total; the remaining 19 are research enrollments awaiting promotion to public signed records. This list expands as enrollments are signed and added.

If the math holds, the next questions are practical:

Enrollment
Fall Risk measures your model under contract and returns a signed record like the ones in this list. Your model gets a row here. Your relying parties verify it the same way you just did.
Runtime attestation
Continuous re-measurement of your deployed model, with signed JWTs streamed to your policy engine. Match accepts. Mismatch denies. The sample DENY event below the table is what enforcement looks like.
Verifier kits
Open-source code that teaches OPA, Cedar, SPIFFE, or Envoy to consume these attestations. Your existing stack learns to ask the question. We are not in the loop after the key is published.

All three route through integrations@fallrisk.ai.

Model Family Arch Dims Enrolled Status
From enrollment to enforcement
Sample Enrollment JWS — meta-llama/Llama-3.1-8B-Instruct RS256
// JWS Compact Serialization (3 parts: header.payload.signature) HEADER (base64url) eyJhbGciOiJSUzI1NiIsImtpZCI6ImZhbGxyaXNrLTk2Y2Q1ZTZhMDFlMSIsInR5cCI6ImZhbGxyaXNr... PAYLOAD (base64url → JSON claims) model_id: meta-llama/Llama-3.1-8B-Instruct enrollment_id: enroll-f353e0450521 contract_version: itpuf-v0.1.0 architecture: transformer fingerprint_dims: 64 n_seeds: 4 trust_mode: standard evidence_digest: sha256:f353e04505210a3b... status: active issuer: https://attest.fallrisk.ai SIGNATURE (base64url, 256 bytes) c8pMtgRlxPnxAcMUZKSP2HDyawIL579-Mots2ABKpQim4PY_9UJ2QGeo1_g03-7DpocW7t2oV1RDFbhN...
Sensitive fields (fingerprint vectors, thresholds) are never included in the public record. The JWS is verifiable against the JWKS at attest.fallrisk.ai/.well-known/jwks.json.
Sample DENY Event — Model Substitution Detected HTTP 403
// CAT-3: Measured Model Substitution Under Valid Agent Credentials // Gateway receives inference request with valid SPIFFE credentials 1. CREDENTIAL CHECK Agent identity: ✓ VALID (SPIFFE SVID) Workload attestation: ✓ VALID (mTLS) OAuth scope: ✓ VALID (inference:read) 2. STRUCTURAL IDENTITY CHECK Enrolled anchor: meta-llama/Llama-3.1-8B-Instruct Measured model: deepseek-ai/DeepSeek-R1-Distill-Llama-8B Structural distance: FAR ABOVE THRESHOLD Measurement time: 5.7s 3. POLICY DECISION OPA policy: fallrisk/model_identity/v1 Input: attestation JWT + enrollment anchor Decision: DENY Reason: model_identity_mismatch 4. GATEWAY ACTION HTTP 200 → HTTP 403 Forbidden Body: {"error": "model_identity_verification_failed"}
From CAT-3 (DOI: 10.5281/zenodo.19342848). Three substitution scenarios, three detected, zero false accepts. Warm-path measurement: 5.7–6.7 seconds on 1× A100 80GB.
OPA Rego
default allow = false

allow {
  input.attestation.model_id == input.anchor.model_id
  input.attestation.status == "active"
  input.attestation.issuer == "https://attest.fallrisk.ai"
}
Cedar
permit(
  principal,
  action == Action::"inference",
  resource
) when {
  context.attestation.model_id == context.anchor.model_id
  && context.attestation.status == "active"
};

Your policy engine already knows what to do.

$ curl -s https://attest.fallrisk.ai/registry/meta-llama/Llama-3.1-8B-Instruct | jq .record
← fallrisk.ai  ·  integrations@fallrisk.ai  ·  CAT-3  ·  CAT-1
© 2026 Fall Risk AI, LLC. Enrollment signatures verifiable against JWKS.