TRUST CENTER

Trust through transparency

Name: HELM
Author: Mindburn Labs

We don't ask you to trust us — we give you the tools to verify everything. Security posture, data handling, and compliance commitments, all in one place.

// THE CORE PHILOSOPHY

Proof-First Assurance

We believe that autonomous execution without cryptographic receipting is fundamentally uninsurable. Mindburn Labs does not ask for trust; we provide the math to verify it. Every execution yields a tamper-proof hash chain.

Read the Evidence Architecture Try the Verifier Tool

REGULATORY COMPLIANCE

EU AI Act Readiness

距EU AI Act高风险执行时间

136

天

小时

min

sec

2026年8月2日

要求

高风险AI系统必须具备的

EU AI Act第6-49条定义了强制性要求。HELM全部覆盖。

风险管理系统

HELM的25个合规门和CEL策略引擎为每个AI操作提供持续的风险评估。

数据治理

加密收据证明数据来源。每个输入和输出都是哈希链接且可验证的。

技术文档

EvidencePack自动生成每个AI决策的完整机器可读文档。

记录保存

ProofGraph维护所有AI操作的防篡改DAG。确定性重放确保完整审计。

透明度义务

每个HELM收据都可以离线独立验证。没有黑箱。

人类监督

带有加密证明的审批门为高风险决策提供人机协作检查点。

准确性、鲁棒性、网络安全

形式化验证（TLA+模型、Lean4证明）、对抗性实验室测试和PQC密码学。

合规性评估

具有确定性测试向量的L1/L2/L3合规等级。第三方可验证。

覆盖范围

10个监管框架，一个平台

HELM不仅涵盖EU AI Act。它提供跨完整监管格局的合规基础设施。

EU AI ActDORAGDPRFCAMiCASOXCSRJCSJKGISO 42001

评估

检查您的AI系统风险等级

回答几个问题，根据EU AI Act对您的AI系统进行风险分类，了解HELM如何帮助您。

1 / 5

您的AI系统是否做出影响人们权利或安全的决策？

DEPLOYMENT VERIFICATION

This Site is Verified

Deployment ReceiptPASS

Build ID

Commit

Bundle Root

Merkle Root

Gates7 passed, 0 failed (0ms)

CreatedFeb 21, 2026, 6:39 PM

↓ Build Artifacts View Report

SUPPLY CHAIN & SLSA ATTESTATIONS

Verifiable Provenance

SLSA 3 Attestations

How we sign every release using Sigstore OIDC infrastructure to emit non-falsifiable provenance.

Hermetic Builds

Our build matrices lock down environmental determinism, breaking network access at compile time.

Continuous OSV Scanning

Dynamic querying of the OSV database hashes for all loaded modules prior to policy evaluation.

INFRASTRUCTURE GOVERNANCE

Bounding the Sandbox

Memory-Safe Core

The HELM execution kernel is written in Go with strict memory-safe design, sandboxed via Wazero (WASI) for deterministic isolation.

WASI Compute Limits

Gas-based metering on Wazero loops terminating any policy threatening resource exhaustion.

Ephemeral Mounting

No local state execution. Every policy evaluates on an isolated tmpfs RAM disk mapped strictly to WASI.

RESEARCH TRANSPARENCY

Deep Technical Briefs

Receipt Chain Integrity

Constructing offline-verifiable execution graphs using Merkle linkages.

Active Inference Limits

Bounding exploration within strict latency targets for autonomous market makers.

Zero-Trust A2A

Our canonical standard on strict JSON Schema contracts for agent delegations.

View all Research

Explore the entire Mindburn Labs catalog via the Index Engine.

POLICIES

Governance and compliance

How we handle personal data across our website and services.

Usage terms for Mindburn Labs products and services.

Acceptable Use Policy

Guidelines for responsible use of HELM infrastructure.

Security Policy

Responsible disclosure process and security contacts.

SBOM & Provenance

SPDX SBOM and SLSA Level 2 build provenance, published with every release.

Open Source Licenses

HELM OSS kernel is Apache 2.0 licensed. See the repository LICENSE file.

RESPONSIBLE DISCLOSURE

Report a vulnerability

[email protected]

PGP key: PGP key available on GitHub

48 hours

We follow coordinated disclosure. We will not take legal action against researchers who report vulnerabilities responsibly.