Tovemé Research

Saturation research · 21 domains · primary sources · 2026

Every trust problem in every industry is the same problem.

We went deep across 21 domains — finance, law, healthcare, supply-chain, elections, and more — reading the actual standards and frontier papers. They all hit one identical wall, and there is one way past it.

The law it all reduces to

Cryptographic attestation proves who claimed something. It never proves the thing actually happened in the world. The only thing past that wall is independent re-observation of ground truth — which is exactly, and only, what Tovemé does.

1.0 · The convergence

The whole field is moving toward our architecture.

Read from the sources, the same five shifts recur in every domain — and each one is a Tovemé primitive.

01
point-in-timecontinuous

"SOC 2 point-in-time audits are dead" → continuous controls monitoring. = continuous re-observation.

02
post-hoc detectionpre-hoc provenance

The Verification Crisis (21 experts): detection is "no silver bullet" → provenance as infrastructure. = record at the moment.

03
self-attestationindependent verifier

Confidential computing's "composite attester" needs multiple independent verifiers; SLSA self-attestation is "fabricable." = the independent observer.

04
authorizationexecution

AP2 (Google→FIDO, Mastercard/PayPal) proves authorization but "no mechanism proving the payment actually executed." = proof-of-execution.

05
watch the agent at runtime

EU AI Act (Aug 2026), Microsoft's Agent Governance Toolkit, Ping's Runtime Identity. = the runtime proof-layer.

2.0 · Already proven

Two industries have already built our exact mechanism.

Where the stakes were highest, they didn't trust the machine — they re-observed ground truth. Tovemé is the generalization of these two to everything.

elections

Risk-Limiting Audits

Don't trust the machine tally — independently re-observe a sample of physical ballots until omitting any becomes statistically impossible. "Verification through independent observation of ground truth, not trust in machines."

carbon markets

Digital MRV

Manual self-reporting collapsed the market in 2023–24 (fraud, double-counting). The fix: satellites and IoT re-observe the actual forest against the claim. Re-observed ground truth, made standard.

3.0 · The 21 domains

The same gap, and the same Tovemé answer, everywhere.

For each: the unsolved trust gap the field admits — and the re-observation feature only Tovemé's proof-engine makes possible.

Domain
The unsolved gap (their words)
Tovemé's re-observed feature
Financepayments
AP2 proves authorization, not execution
Proof-of-execution — re-observe the money actually settled
DevOps / SREbuild
SLSA self-attestation is "fabricable" (named open problem)
Re-observed build provenance — re-hash the running artifact
Legalcontracts
AI legal citations hallucinate 58–82%
Anti-hallucination witness — re-read the actual source
Digital evidencecourt
C2PA "insufficient for court alone"; Rule 707 incoming
Court-grade custody — re-observed, re-hashed each handoff
Healthcareconsent
Consent not enforced downstream (the #1 audit finding)
Consent-enforcement witness — re-observe it's honored
Supply-chainprovenance
Self-reported provenance; counterfeits slip through
Re-observed chain-of-custody on the EU Product Passport
Complianceaudit
Point-in-time audits "are dead"
Continuously re-observed controls, read-only any moment
Security / IRforensics
Forensic metadata is forgeable
Tamper-evident custody — SHA-chained, re-observed
Insuranceclaims
Fraudsters now make synthetic evidence
Synthetic-evidence catcher — re-observe the world, not metadata
Researchscience
Reproducibility + fraud; AI-contaminated data
Claim-level re-observation against the real source
Identity / KYConboarding
Synthetic ID bypasses credentials (+31% YoY)
Re-observe the world, not the (forgeable) credential
Journalismmedia
Provenance "augments, not replaces" verification
Re-observe whether the event occurred, not its signature
Carbon marketsoffsets
Manual MRV fraud + double-counting
Re-observed ground truth (DMRV) for any claim
HR / hiringtalent
1-in-4 candidate profiles fake by 2028
Re-observed identity + claim verification
Real-estatetitle
Recorders accept deeds without identity checks
Re-observed deed-vs-identity proof before recording
Energymetering
Meter tamper + firmware injection (billions lost)
Re-observed meter-vs-physical consumption
Govtechrecords
Critical datasets must hold for decades, unrepairable
Tamper-evident long-term record, re-observable
Educationintegrity
AI cheating "leaves no behavioral trace"
Re-observed assessment integrity
AI-agent oversightruntime
Agents need runtime watching (EU AI Act)
The runtime proof-layer — re-observed effects
Confidential computingattest
Composite attester needs multiple verifiers
The independent third verifier
Electionsvoting
Machine tallies can't self-prove
Risk-Limiting Audit — the mature model we generalize

4.0 · What to build

One feature, built once and skinned 21 times.

The Ground-Truth Re-Observer: for any claim, credential, or attestation — in any domain — independently re-observe the actual world-state it asserts, and prove, tamper-evident, whether it's true. Plus the confirmed killer: a Proof-of-Execution layer on top of AP2.

finance · settlementdevops · running artifactlegal · the cited sourcecarbon · the forestelections · a ballot samplehealthcare · downstream consentreal-estate · deed vs identityenergy · meter vs physical