Skip to content
Tyche Institute

Research corpus

Research

Tyche Institute publishes open research outputs on verifiable AI evidence: provenance, integrity, human oversight, agent delegation, educational AI, open data, governance, and long-term validation. Deposits are versioned under permanent DOIs; licensing is stated on each record.

Unless marked otherwise, working papers are preprints and not peer reviewed. Tyche Institute is a research entity, not an eIDAS trust service provider under Article 3(16) of Regulation (EU) No 910/2014. The papers do not provide legal advice, certify compliance, or claim that cryptographic evidence proves truth.

The papers below form Tyche Institute's founding research corpus, assembled and formalised in May 2026 as the institute was constituted. Several outputs draw on multi-year operational notes, earlier drafts, and a sustained independent research programme that preceded formal registration. All works are preprints or working papers unless marked otherwise; the canonical version record is each paper's Zenodo deposit timestamp where a deposit exists, and the venue submission record otherwise. Peer-review outcomes will be reflected here as they arrive.

Tyche Institute is registered in the Estonian Research Information System (ETIS) as a research institution; the deposited papers and the EATF reference implementation are indexed in ETIS as 7.1 preprints under Tyche Instituut — an administrative publication-indexing step, not peer review or endorsement. See the institution's ETIS entry and the author's ETIS profile .

Peer-reviewed Data in Brief article · volume 67, article 113041 · DOI 10.1016/j.dib.2026.113041 · open access under CC BY-NC 4.0 · dataset v0.3 DOI 10.5281/zenodo.20405512 · concept DOI 10.5281/zenodo.20405511

empirical

Nekropolis: a cross-domain dataset of computer-science retractions and AI-governance lifecycle records (2018–2026)

Anton Sokolov · published article — Data in Brief · June 2026

↳ parent-of: “A source-stratified opacity profile of six…”, “Computer-generated content and the AI/ML…”

A single unified entry schema brings five public negative-results record families — journal retractions, preprint withdrawals, trusted-service lifecycle changes, archived governance repositories, and reviewed benchmark withdrawals — into one cross-domain corpus of 14,923 records, while keeping source-family labels visible so the evidentiary unevenness between families is never silently pooled.

A peer-reviewed Data in Brief data article for Nekropolis v0.3 — a 14,923-record curated public-record corpus of artifacts retracted, withdrawn, revoked, archived, or discontinued across computer-science retractions, AI-governance records, trusted-service lifecycle changes, withdrawn benchmarks, archived governance repositories, and related source families between 2018 and 2026. Each record carries an artifact category, lifecycle dates, source-stated reason where one exists, a conservative project-inferred cause label, and hashed source pointers. The article defines the schema, source-family gates, validation checks, deposit layout, licensing, and responsible-reuse guidance for the corpus. Companion analyses of public-record opacity (sokolov2026nekropolisOpacity) and AI/ML retraction causes (sokolov2026nekropolisRipr) are separate manuscripts that read this corpus through narrower slices. Dataset deposit: Zenodo v0.3 DOI 10.5281/zenodo.20405512 (CC BY 4.0).

doi:10.1016/j.dib.2026.113041 → concept DOI: 10.5281/zenodo.20405511 publication note →

BibTeX
@article{sokolov2026nekropolis,
  author       = {Sokolov, Anton},
  title        = {Nekropolis: a cross-domain dataset of computer-science retractions and {AI}-governance lifecycle records (2018--2026)},
  journal      = {Data in Brief},
  volume       = {67},
  pages        = {113041},
  year         = {2026},
  month        = aug,
  doi          = {10.1016/j.dib.2026.113041},
  issn         = {2352-3409},
  publisher    = {Elsevier BV},
  url          = {https://doi.org/10.1016/j.dib.2026.113041}
}

IETF Internet-Draft (individual submission, not WG-adopted) · draft-sokolov-rats-aep-composition-00, published 25 June 2026 · datatracker.ietf.org/doc/draft-sokolov-rats-aep-composition/ · magazine companion 'When the Witness Is Also the Suspect' under review at IEEE Internet Computing · feasibility on an emulated software TPM (swtpm), not a hardware guarantee · preprint Zenodo DOI 10.5281/zenodo.20818672

conceptual

Composing Application-Layer Action Evidence with Remote Attestation Procedures

Anton Sokolov · IETF I-D rev 00 + magazine companion under review · June 2026

↳ extends: EATF / Action Evidence Package; composes-with: IETF RATS (RFC 9334)

An AI agent's signed, append-only Action Evidence Package (AEP) — what it did, under whose authority, and with what outcome — is a self-report: the witness is also the suspect. Treating the AEP as application-layer Evidence and binding it to hardware platform Evidence under IETF RATS (RFC 9334), conveyed via EAT (RFC 9711) or a CMW and appraised by a Verifier such as the open-source Veraison, lets a single appraisal speak to both what the agent did and the platform it did it on. An emulated software-TPM (swtpm) feasibility check folds a hash of the AEP outcome plus a fresh nonce into an attestation-key-signed quote and resolves the good / measurement-mismatch / stale cases while rejecting a forged outcome bound to a valid quote.

Proposes a composition pattern in which an AI agent's Action Evidence Package (AEP) is carried as application-layer Evidence over IETF RATS conveyance (an EAT or a CMW) and appraised alongside hardware platform Evidence, with results aligned to the AR4SI and EAR Internet-Drafts. The aim is to attest not just the machine but that the agent's governance controls actually ran, anchored to a root of trust the agent cannot forge — composing with hardware attestation rather than competing with it. A deliberately modest feasibility check on an emulated software TPM (swtpm) demonstrates the binding mechanics. The IETF document is an individual submission, not a working-group document and not adopted by the RATS WG; a practitioner-facing magazine companion is under review at IEEE Internet Computing.

doi:10.5281/zenodo.20818672 →

BibTeX
@misc{sokolov2026aepratscomposition,
  author       = {Sokolov, Anton},
  title        = {Composing Application-Layer Action Evidence with Remote Attestation Procedures},
  year         = {2026},
  month        = jun,
  note         = {IETF Internet-Draft draft-sokolov-rats-aep-composition-00 (individual submission); magazine companion under review at {IEEE} {Internet} {Computing}; preprint Zenodo DOI 10.5281/zenodo.20818672},
  institution  = {Tyche Institute}
}

Scholarly article · ~6,400 words · preprint on SSRN (abstract 6965338) and Zenodo (DOI 10.5281/zenodo.20759553, pending publish); blog tier submitted to IACL-AIDC Blog 2026-06-19; scholarly route: Government Information Quarterly (Elsevier); 315-case global comparator matrix in Supplement C · interactive matrix: /research/human-in-log-matrix

empirical

Human in the Log: Public Evidence Chains for Public-Sector AI Oversight

Anton Sokolov · v1.0 — preprint · June 2026

↳ uses-corpus: “Obscure AI: A Public-Source Atlas of AI Edge…” (LIMEN public-evidence ledger); 315-case global comparator matrix

Public-sector AI oversight commitments — 'advisory only', 'human in the loop' — are structurally unverifiable when the record does not show how the system entered the workflow, what output it produced, what the human saw, and what review path was available. Drawing on Colombia's Constitutional Court decision T-323/24 as an anchor case (sequence record present; due-process challenge rejected on that basis) and a 71-case global comparator matrix drawn from a 315-case public-evidence ledger spanning nine regions, the article proposes a seven-element oversight record — entry point, input/output, human view, human act, reasons, contest path, and retention/repair — as a minimal inspectable architecture.

Develops the concept of the 'human in the log': a record-centered account of human oversight in public-sector AI and adjacent automated decision systems. The anchor case is Colombia's Constitutional Court decision T-323/24, in which a due-process challenge failed on sequence-sensitive grounds — the judge's reasoning preceded the ChatGPT consultation, and the record showed it. From that case, the article builds a public-evidence synthesis across legal, regulatory, audit, procurement, register, standards, and observatory sources. The aim is not to rank jurisdictions or count incidents but to identify evidence functions that make oversight reconstructable: sequence, notice, transparency layer, human capacity, public visibility, retention, and repair. The 71-case article-facing matrix (drawn from a 315-row Supplement C ledger covering nine world regions and three evidence tiers — T3 adjudicated, T2 contested/process, GAIA visibility) probes whether the seven-element architecture travels across system types and jurisdictions. Blog tier submitted to IACL-AIDC Blog 2026-06-19; scholarly tier in preparation for Government Information Quarterly (GIQ).

doi:10.5281/zenodo.20759553 →

BibTeX
@unpublished{sokolov2026humaninthelog,
  author       = {Sokolov, Anton},
  title        = {Human in the Log: Public Evidence Chains for Public-Sector {AI} Oversight},
  year         = {2026},
  month        = jun,
  note         = {Preprint; SSRN abstract 6965338; Zenodo DOI 10.5281/zenodo.20759553 (pending); blog tier submitted to {IACL-AIDC} Blog 2026-06-19; scholarly route: {Government} {Information} {Quarterly}},
  institution  = {Tyche Institute}
}

Policy and Practice Reviews · ~4,860 words, 8 keywords · submitted to Frontiers in Political Science (section Politics of Technology) on 14 June 2026 (manuscript ID 1908543, under initial validation)

conceptual

AI Export Control as a Trust-Infrastructure Problem: Identity Attestation and Revocation in the 2026 Fable 5 Recall

Anton Sokolov · v0.2 — submitted · June 2026

On 12 June 2026 the US government ordered a frontier-model provider to suspend two of its most capable systems for any foreign national worldwide; the provider could comply only by disabling both systems for everyone, because its access layer could neither establish who each requester was nor withdraw access from one class of user without darkening the service for all. The article reads this recall against the 2017 ROCA episode — in which roughly 750,000 Estonian eID cards were withdrawn and re-issued without the national identity system going dark — and argues that the enforceability of AI export control rests on two trust-infrastructure primitives current AI deployment lacks: point-of-use attestation of an identity attribute, and a revocable, cross-recognized trust status. It takes the enforcement objective as given and asks only what infrastructure precise enforcement would require, naming the surveillance and auditability hazards any such design must confront.

A Policy and Practice Reviews article reading the June 2026 recall of two frontier AI systems as a natural experiment in enforceability. A directive scoped to foreign nationals implied a per-requester distinction the access layer could not draw, so a scoped order became a global suspension. The article locates the gap in two missing trust-infrastructure primitives — point-of-use identity-attribute attestation and a revocable, cross-recognized trust status — and uses the 2017 Estonian ROCA card recall as an existence proof that orderly, bounded, auditable mass revocation is achievable when the withdrawn object is a status-bearing attested credential carried on revocation infrastructure and recognized across jurisdictions through a trusted list. A separate axis distinguishes such control from controls on physical compute: an artifact that has already leaked cannot be recalled. The closing actionable recommendations sketch attestation scoped to provenance rather than robustness, a revocable trust status, and graduated attribute-based access, with their surveillance double-edge and auditability hazards named rather than hidden. The evidence boundary is explicit: the event is reconstructed from public statements and contemporaneous reporting, the ROCA comparison is an existence proof rather than a template, and the article certifies no legal sufficiency or trust-service status. Submitted to Frontiers in Political Science (section Politics of Technology) on 14 June 2026; manuscript ID 1908543.

Archival deposit pending editorial response. The full manuscript is held under submission.

BibTeX
@unpublished{sokolov2026aiexportcontrol,
  author       = {Sokolov, Anton},
  title        = {{AI} Export Control as a Trust-Infrastructure Problem: Identity Attestation and Revocation in the 2026 {Fable} 5 Recall},
  year         = {2026},
  month        = jun,
  note         = {Policy and Practice Reviews; submitted to Frontiers in Political Science (manuscript ID 1908543, under review)},
  institution  = {Tyche Institute}
}

Software Tool Article · ~3,600 words, 8 keywords · submitted to F1000Research on 14 June 2026 (id 203947, publish-then-review) · source github.com/sapsan14/vesta-observatory (MIT) · software DOI 10.5281/zenodo.20683545 · evidence packet DOI 10.5281/zenodo.20465709 · observatory vesta.eatf.eu

technical

VESTA: a fixed-seed observatory that turns mutable AI-governance web pages into dated, claim-bounded evidence packets

Anton Sokolov · v1.0 — submitted · June 2026

AI governance increasingly lives on mutable public web pages that are cited in policy briefs, dashboards, and machine-generated summaries reading more confidently than the underlying observation deserves. VESTA is a small fixed-seed observatory that captures selected public AI-governance pages as dated, reviewable evidence packets, attaching to every observation — including every failure — the publication-control decision seen at capture and an explicit boundary on what it may be used to claim. The contribution is a thin claim-discipline layer on top of existing web-archiving, research-object, provenance, and attestation tooling, not a new archive format or signing scheme; it makes no claim of official archive status, legal effect, or compliance.

A Software Tool Article describing VESTA, a fixed-seed observatory implemented as a single scheduled GitHub Action in Python. It watches a fixed set of public AI-governance URLs, records robots and noarchive publication-control signals and the retrieval state observed at capture, stores eligible responses as WARC payloads with local manifests and hashes, and routes every observation through a conservative claim function (observed / excluded / non-comparable / deferred / failed / review-needed) so that diffs are review-routing signals rather than findings. A seven-day, thirty-seed specimen is used not to report policy change but to demonstrate the claim discipline, with its weak and failed states treated as first-class results. The evidence boundary is explicit: dates, manifests, hashes, and caveats are inspectable, but raw third-party payloads are not redistributed, and the tool certifies no legal sufficiency, compliance, source intent, or trust-service status. Submitted to F1000Research on 14 June 2026 (publish-then-review); source code is openly available under MIT and archived on Zenodo.

Archival deposit pending editorial response. The full manuscript is held under submission.

BibTeX
@unpublished{sokolov2026vesta,
  author       = {Sokolov, Anton},
  title        = {{VESTA}: a fixed-seed observatory that turns mutable {AI}-governance web pages into dated, claim-bounded evidence packets},
  year         = {2026},
  month        = jun,
  note         = {Software Tool Article; submitted to F1000Research (id 203947, publish-then-review)},
  institution  = {Tyche Institute}
}

Public-source observatory · live at limen.eatf.eu · source github.com/tyche-institute/limen (MIT) · nominated to the Digital Public Goods Alliance on 15 June 2026 as “Obscure AI: Atlas of Public AI Edge Cases” (GID0093782), in review (4–8 week window)

technical

Obscure AI: A Public-Source Atlas of AI Edge Cases, Misuse, and Normative Anomalies (LIMEN)

Anton Sokolov · v0.2 — public observatory · DPG candidacy under review · June 2026

Most AI incident databases capture clean, well-categorised harms. LIMEN watches the long tail — obscure, absurd, unlawful, security-sensitive, agentic, and norm-breaking AI cases that sit on a threshold between accident and misuse, joke and harm, software vulnerability and legal incident — and records them as public-source observations with evidence tiers and framework crosswalks, without overstating what the public evidence proves. It is not a compliance authority, certification body, regulator, or threat-intelligence vendor.

A public-source observatory for the long tail of AI reality: long-tail incidents, misuse, edge-cases, and normative anomalies (the working acronym LIMEN). It records public-source evidence about AI edge cases, classifies them with multi-label taxonomies, and crosswalks each to established frameworks — AIID, OECD AIM, AVID, the MIT AI Risk Repository, CSET AI Harm, MITRE ATLAS, the NIST AI RMF, the EU AI Act, ISO/IEC 42001, and OWASP — so difficult cases become observable, traceable, and comparable. The evidence boundary is explicit: LIMEN claims public-source observations, evidence-tier assignments, source-family saturation estimates, and crosswalk mappings only; it does not claim completeness, legal guilt, non-compliance, official incident status, or safety certification, and it does not infer illegality or liability from media or procurement text alone. Nominated to the Digital Public Goods Alliance on 15 June 2026 as “Obscure AI: Atlas of Public AI Edge Cases” (GID0093782); under review.

Archival deposit pending editorial response. The full manuscript is held under submission.

BibTeX
@misc{sokolov2026obscureai,
  author       = {Sokolov, Anton},
  title        = {Obscure {AI}: A Public-Source Atlas of {AI} Edge Cases, Misuse, and Normative Anomalies ({LIMEN})},
  year         = {2026},
  month        = jun,
  note         = {Public-source observatory; nominated to the Digital Public Goods Alliance (GID0093782, under review)},
  howpublished = {\url{https://limen.eatf.eu/}},
  institution  = {Tyche Institute}
}

Conference submissions

Programme proposals submitted to external venues. These are not research publications — listed here for transparency while programme-committee decisions are pending.

Three proposals · submitted 2026-05-18 · PKI Consortium PQC Conference Amsterdam (vendor-neutral PKI + PQC migration forum)

conference-proposal

PKIC PQC Conference Amsterdam 2026 — three Tyche proposals

Anton Sokolov · Conference proposals — awaiting program-committee review · May 2026

Three complementary slots on the same programme: a strategic presentation on decade-scale PQC evidence under the EU AI Act, a technical deep dive on two independent verifiers for hybrid RSA-4096 + ML-DSA-65 agent evidence, and a 90-minute hands-on workshop on signing and offline-verifying a hybrid PQC evidence package for an AI agent.

Three Tyche Institute proposals submitted to the PKI Consortium Post-Quantum Cryptography Conference (Amsterdam 2026), one of the few vendor-neutral forums where the cryptographic-agility transition meets the deployed PKI base: (1) Strategic presentation — Decade-scale PQC evidence under the EU AI Act: why "harvest now, decrypt later" is not only a TLS problem. (2) Technical deep dive — Two independent verifiers for hybrid RSA-4096 + ML-DSA-65 agent evidence: a conformance contract across TypeScript and Python. (3) Workshop — Hands-on hybrid PQC evidence package signing and offline verification (90 minutes). Awaiting program-committee review.

BibTeX
@unpublished{sokolov2026pkicAmsterdam,
  author       = {Sokolov, Anton},
  title        = {Three Tyche proposals to the {PKIC PQC} Conference {Amsterdam} 2026: decade-scale {AI} Act {PQC} evidence; hybrid {RSA-4096} + {ML-DSA-65} verifier conformance; hands-on hybrid agent-evidence signing workshop},
  year         = {2026},
  month        = may,
  note         = {Three conference proposals; submitted to PKIC PQC Conference Amsterdam on 18 May 2026; awaiting program-committee review},
  institution  = {Tyche Institute}
}

Demo proposal (non-archival; not in Springer LNAI proceedings) · submitted 2026-05-25 · AIED 2026 Interactive Events (Demos) · Seoul, 27 June – 3 July 2026

conference-proposal

MATx Evidence Replayer: A live demonstration of cryptographic attestation for a Bayesian Knowledge Tracing tutor under EU AI Act evidence requirements

Anton Sokolov · Demo proposal · AIED 2026 submission 2080 · May 2026

A live three-phase demo (Generate → Replay → Tamper) showing that a teacher, auditor, or market-surveillance authority can verify the integrity of a BKT session offline, without contacting any registry.

Submitted to AIED 2026 (Seoul, 27 June – 3 July 2026), Interactive Events (Demos) track, on 25 May 2026 (EasyChair submission 2080, deadline 29 May 2026 AoE). Per the AIED 2026 call, accepted Interactive Events contributions are non-archival: they are not included in the Springer LNAI conference proceedings and are instead featured in the IAIED Website Showcase. The demo wraps MATx in an AEP evidence-replayer scaffold: attendees play a 2-minute learner session, move the .aep file to a second laptop via USB, and watch two independent verifiers (TypeScript and Python) replay the BKT trace and detect a byte-flip tamper. Full backing paper: Zenodo DOI 10.5281/zenodo.20357766.

BibTeX
@unpublished{sokolov2026aied,
  author       = {Sokolov, Anton},
  title        = {{MATx} Evidence Replayer: A live demonstration of cryptographic attestation for a {Bayesian} Knowledge Tracing tutor under {EU AI Act} evidence requirements},
  year         = {2026},
  month        = may,
  note         = {Demo proposal submitted to AIED 2026 Interactive Events (Demos) track, EasyChair submission 2080},
  institution  = {Tyche Institute}
}

25-min Session Presentation · submitted 2026-05-14 · AGNTCon + MCPCon Europe 2026 (Linux Foundation / Sessionize, ~September 2026) · CFP notifications 10 July 2026

conference-proposal

Cryptographic Attestation in MCP via Transparent Proxy

Anton Sokolov · Conference talk proposal — in evaluation · May 2026

An open-source transparent proxy (EATF MCP Gateway) wraps any MCP server and produces cryptographic attestations of tool calls without application changes — RFC 8785 JSON canonicalization, hybrid post-quantum signing, RFC 3161 timestamping, hash-chained audit ledger, and `_meta.eatf_attestation_id` injection into MCP responses.

Conference talk proposal submitted to AGNTCon + MCPCon Europe 2026 (Linux Foundation, Sessionize session #1233951). The session presents the EATF MCP Gateway, an open-source transparent proxy that wraps any MCP server and produces cryptographic attestations of tool calls without application changes. Live demo: wrap a standard MCP server, make a tool call, verify the resulting Agent Evidence Package with independent verifiers — including offline verification. EATF is maintained by Tyche Institute and released under Apache 2.0; the AEP specification is open for public comment. Production reference deployment: MATx (Estonian primary education), special prize at the President of Estonia AI hackathon, April 2026. Status: in evaluation; CFP notifications 10 July 2026.

BibTeX
@unpublished{sokolov2026agntcon,
  author       = {Sokolov, Anton},
  title        = {Cryptographic Attestation in {MCP} via Transparent Proxy},
  year         = {2026},
  month        = may,
  note         = {Conference talk proposal; submitted to {AGNTCon} + {MCPCon} {Europe} 2026 ({Linux} {Foundation} via {Sessionize}, session \#1233951) on 14 May 2026; in evaluation, CFP notifications 10 July 2026},
  institution  = {Tyche Institute}
}

How to cite

Each paper has a permanent versioned DOI and a concept DOI that always resolves to the latest version. Cite the versioned DOI when you need to pin a specific revision; cite the concept DOI when you want the citation to track the most recent version.

Each card above exposes a ready-to-copy BibTeX entry under the BibTeX disclosure. The Zenodo page for each deposit also offers richer export formats (DataCite XML, CSL JSON, RIS) under its Export menu.

AI assistance disclosure

AI-based assistance was used in the preparation of these papers, consistent with the Tyche Institute AI assistance disclosure policy and with the 2023 position statements of COPE and ICMJE. The author — Anton Sokolov — conceived the research, conducted all primary-source work and empirical measurement, and is solely responsible for the content and any errors. Each submitted version reflects an author review pass. Version labels follow the vMAJOR.MINOR[.PATCH] scheme — no process words or person names in public labels.