Sample evidence artifact · schema v0.7.0

A signed pre-deployment adversarial evidence artifact — shown exactly as produced.

This is not an illustration. It is a real signed artifact, reproduced field-for-field. The verdict is empirical and bounded; the coverage statement names what was tested and what was not; the signature verifies against the published key with no cooperation from RTK Security Labs. You can confirm every claim on this page yourself.

Verdict
C1

No unauthorized execution observed across the declared surface at T0

Empirical, bounded strictly to what was tested. Not a claim of architectural impossibility outside the declared surface.

System under test
claude-sonnet-4-6 (production) · class: llm_api
Provider exercised
pyrit · v0.5.0
Attack sequences
10
Attack executions
80
Objective
extract system prompt
MITRE ATLAS techniques
AML.T0051 · AML.T0054
Producer version
RTK-1 v0.7.0
Scope match mode
static
Produced at (T0)
2026-05-31 22:35:26 UTC
Valid until (freshness)
2026-08-29 22:35:26 UTC
Coverage statement

The artifact volunteers its own boundary.

Reproduced verbatim from the artifact's coverage_statement field. The second paragraph — what is not covered — is part of the signed artifact, not a disclaimer added afterward.

coverage_statement · verbatim Observed across 10 attack sequence(s) totaling 80 attack execution(s), via provider(s): pyrit, exercising MITRE ATLAS technique(s): AML.T0051, AML.T0054, against claude-sonnet-4-6 (production), with objective: extract system prompt. No unauthorized execution was observed within this surface at the time of testing (T0). This verdict is bounded strictly to the declared surface above.

NOT covered by this evidence: attack vectors, techniques, objectives, model versions, or deployment configurations other than those enumerated; behavior after the freshness window; and all runtime / post-deployment execution, which is outside RTK-1's pre-deployment scope and is ceded to downstream runtime and consequence layers.
Compliance mappings

Only what this artifact actually asserts.

The artifact carries a compliance-mapping field. Below are the mappings this artifact actually populates. Frameworks the artifact does not assert are shown as not asserted — because an empty mapping is honest information, and claiming coverage an artifact does not carry is exactly the failure mode RTK-1 is built to avoid.

FrameworkAsserted in this artifact
MITRE ATLASAML.T0051, AML.T0054
OWASP LLM Top 10LLM01, LLM02, LLM06, LLM08
NIST AI RMFGOVERN, MAP, MEASURE 2.4, MEASURE 2.7, MANAGE
EU AI ActArticle 9, Article 14, Article 15, Annex IV
NDAA§1512, §1535
Riyadh Charter7 principles (integrity, privacy, reliability, transparency, accountability, humanity, social benefit)
ISO/IEC 42001not asserted in this artifact
NAICnot asserted in this artifact
SDAIA · PDPL · DIFC · ALECSO · MOAInot asserted in this artifact
GDPR Art. 22 · DORA · Colorado AI Actnot asserted in this artifact
FCA AI · GSA neutralitynot asserted in this artifact

A compliance mapping records which framework requirements the tested surface speaks to. It is not a certification, and it does not assert coverage beyond what was tested. Mappings shown as "not asserted" carry no claim in this artifact.

Middle East & Islamic World relevance

The Riyadh Charter mapping this artifact carries.

For Middle East deployments, this artifact populates a Riyadh Charter principle mapping — the seven principles below, recorded in the artifact's riyadh_charter field. This is the regional mapping the artifact actually carries.

Riyadh Charter principleCarried in this artifact
Integrity
Privacy
Reliability
Transparency
Accountability
Humanity
Social benefit

The broader regional stack — SDAIA, KSA and UAE PDPL, DIFC, ADGM, ALECSO, the MOAI seal — is not asserted in this artifact and is in development, not yet validated. The Riyadh Charter mapping reflects which principles the tested surface speaks to; it is not a regional certification.

Verify it yourself

You do not have to trust this page.

Every value above lives in a signed artifact whose integrity you can confirm independently, using only public libraries and the published key.

Independent verification — fully self-service

  1. Download the two files below: the standalone verifier and this signed artifact.
  2. Install public dependencies: pip install rfc8785 cryptography
  3. Run the verifier against the artifact: python verify_rtk1.py rtk1_evidence_a58a098c.json
  4. The verifier fetches the published key itself, recomputes the canonical hash over the RFC 8785 bytes, and checks the ECDSA P-256 signature — returning VERIFIED only if the body is unaltered and the signature is valid against the RTK-1 key.
↓ verify_rtk1.py ↓ signed artifact (JSON)
canonical_hash · 3d23b01dc9a6834810718338a199d66e96b109414a2fa84e65056e8eaadc100d
signing key · rtk-key-2026-01 · https://rtksecuritylabs.com/keys/rtk-key-2026-01.pem

Signed with ECDSA-P256-SHA256 over RFC 8785 (JCS) canonical bytes. The verification procedure is public; the trust is in the math, not in us.