Lemma FAQ—
Trust Infrastructure for AI.

Lemma is the trust infrastructure for AI — a single layer that makes the data an AI reads, the AI's judgments, the authority of AI agents, and regulatory attributes cryptographically provable. Concretely, it is composed of four trust axes (origin / verifiable AI / agent authority / regulatory attribute).

AI Trust means that the data an AI system references and reasons over can be verified as coming from a trusted source and has not been tampered with.

Verifiable AI is an AI system where the basis for every decision can be verified after the fact.

Existing RAG systems have no mechanism to verify whether retrieved data is accurate, who issued it, or whether it meets required conditions.

Lemma operates at the RAG layer and is independent of any specific AI model or framework. It also extends to proving the authority and origin of operations when an agent acts on external systems (→ Section 5).

AI Gateways manage API access but don't prove data origin. Lemma provides cryptographic proof of data origin with a permanent record.

The four axes that compose Lemma as a trust infrastructure: Verifiable Origin (P1), Verifiable AI (P2), Agent Authority Proof (P3), and Regulatory Attribute Proof (P4). Not separate products — a single foundation explained through four axes.

Choose by problem. Want to prove where data comes from → P1. Want to prove the basis of an AI judgment after the fact → P2. Want to prove the operational authority of an AI agent → P3. Want to prove regulatory attributes without handing over raw data → P4. Each pillar has corresponding real incidents in Critical Brief.

Lemma never passes raw PII to the AI. What the AI handles is only an AES-GCM encrypted docHash and CID.

A zero-knowledge proof proves a condition is satisfied — without revealing the underlying data.

Selective Disclosure means presenting only the attributes the AI needs — and nothing more.

When regulation requires operators to collect and store raw PII, the stored data itself becomes the breach surface. The KYC insider breach cases (Critical Brief, Coinbase KYC etc.) illustrate this structure. Lemma hands over attributes as proofs and structurally reduces the accumulation of raw PII.

Document commitments, schemas, issuer information, and ZK verification results are recorded on a blockchain.

In audit responses, compliance reporting, and incident investigations, you can prove after the fact exactly which data an AI used.

Watermarks are a detection-style approach that embeds a mark inside the artifact, and the mark can be statistically stripped or forged (demonstrated in Critical Brief, SynthID reverse-engineering etc.). Cryptographic provenance sits outside the artifact's signal space and leaves no extractable "key" inside the artifact.

For each operation an agent performs against an external system, the answer to "who, with what authority, requested which operation" can be fixed as an independently verifiable proof. A nation-scale autonomous AI attack campaign has been reported (Critical Brief, GTG-1002).

Cases concerning the authentication / authority verification layer of agent infrastructure are documented in Critical Brief (Starlette/BadHost, PocketOS etc.). For the implementation direction see the P3 page (Agent Authority Proof).

A design where regulatory attributes (KYC passage, permitted jurisdiction, non-sanctioned status, age, etc.) are received by the verifying party as cryptographic proofs (ZK attribute proofs) without retaining raw data. See P4 (Regulatory Attribute Proof) for the design and the KYC/AML Selective Disclosure use case for an application.

Cases concerning verification and authorization records for AI decisions in the public sector are documented in Critical Brief (Williams FRT wrongful arrest etc.). Delivered as Lemma Civic, typically through SI integrators.

A threat intelligence brief published by Lemma. Each Brief structurally analyzes incidents related to the trust infrastructure in the AI era (cyber-attack incidents plus trust-infrastructure risk events that are not attacks) and identifies the structural gap that detection alone cannot close and Lemma's response layer. Written for CSOs, analysts, and regulatory practitioners.

Across provenance (bridges / supply chain / AI-generated artifacts), verifiable AI (misjudgment / watermarking), agent authority (autonomous attack / MCP), and regulatory attribute (KYC breach). Accessible from both the Pillar and Category archives.

No. It is structured analysis of public information, not an audit, assessment, or recommendation directed at any specific organization (see "About distribution" at the bottom of each Brief).

A schema models how AI retrieves and clusters knowledge — expressing attributes using typed definitions and normalization.

Querying returns attribute data with full provenance attached — including proof status, schema, issuer, generator, and verification method.

Create the new key first via the Dashboard's API keys tab, deploy it alongside the old one, then revoke the old key once traffic has shifted — revocation is immediate and global, so plan the overlap window before revoking.

Programmatically against the workers API at workers.lemma.workers.dev — via the @lemmaoracle/sdk or direct HTTP. The Dashboard reads from your scope and renders the result; it does not have a creation form. The Dashboard Quickstart guide walks through the SDK path end-to-end.

Four elements become cryptographically provable: issuer identity, data structure integrity, ZK proof circuit and generation method, and permanent on-chain record.

No. Lemma uses blockchain as a backend recording infrastructure, but developers do not need to interact with smart contracts directly.

Detection does not change what a receiver will accept. Detection (anomaly detection / monitoring) and pre-execution attestation are complementary, not substitutive. See the detection-is-not-proof essay for the thesis and §5 of each Critical Brief for the demonstration. Existing detection vendors are framed as complementary, not adversarial.

Please contact us for details. We work with enterprise requirements around data residency, compliance constraints, and integration.

Start with three areas: encryption & key management, ZKP auditability, and provenance permanence.

Yes. Lemma's core proposition is exactly this: pass only verifiable facts (with cryptographic proof) to AI, never the raw data. Original data (names, addresses, contracts) never enters AI's context. Only verifiable claims with ZK proofs flow through, and the originals stay encrypted in your systems — never in AI logs or caches.

Lemma's selective-disclosure structure (disclosed / hidden) structurally aligns with data-minimization principles (e.g., GDPR Art. 5, Japan's APPI). Attributes passed to AI are minimal (e.g., "age >= 18", "jurisdiction = JP"), with personally identifiable information retained at the source. Specific compliance design is discussed in the Discovery Call.

After deploying Lemma, AI receives only proof objects (claim + ZK proof), not raw data. Consequently, no original data lands in AI logs or caches, none is shared with AI model providers, and AI-pathway data leakage is structurally eliminated. By changing what flows to AI, the need for downstream leak prevention is relaxed.

No. A PoC proceeds on a business-scenario basis. Lemma never receives the original data — the Lemma SDK is embedded in your environment, keeping originals on-premises while issuing proofs. There is no structural possibility for the Lemma team or SDK to access original data.

No. They are separate companies. Lemma (this site) is built by FRAME00, Inc. — the trust infrastructure for AI: cryptographic proofs of data origin, AI decisions, agent authority, and regulatory attributes. Looking for pricing? Trust402 Explorer is free to start; enterprise plans are inquiry-based.

They're unrelated — a different company and product. LemmaX is a financial-technology platform offering secure, compliant payments infrastructure and support services for Web3 companies. Lemma (this site, by FRAME00, Inc.) is the trust infrastructure for AI — verifying data provenance, AI decisions, agent authority, and regulatory attributes with zero-knowledge proofs, without exposing the originals. It's a proof layer, not a payments service. Try our products: Trust402 · Seal.