Security

Every output Lucy produces is signed at the moment it is produced.

Two signatures. One post-quantum. A chain that links to every prior step. A receipt your counsel can verify without us.

The chain

One capsule per step. Each linked to the last.

Curated source ingested

Named clinician, named journal, named guideline. Signed at ingest.
Reasoning step over patient context

Every read of the patient record produces a capsule. Two signatures: Ed25519 and ML-DSA-65.
Output sealed

Chain hash links to the previous capsule. Verifiable by your counsel, without our cooperation.

Cryptographic primitives

Named. Standard. Side by side.

Primitive	Role	Detail	Family
Ed25519	Classical signature	Elliptic-curve signing. The fast path. Verifies on any standard library.	Classical
ML-DSA-65	Post-quantum signature	FIPS 204. Module-lattice digital signature. Parallel signature on every output, so the chain survives Shor's algorithm.	Post-quantum
SHA3-256	Hashing and chain linkage	Each capsule's hash includes the previous capsule's hash. Tamper anywhere and the chain breaks at every downstream link.	Classical
AES-256-GCM	Symmetric encryption at rest	AEAD with rotating keys. Authenticated, not just encrypted.	Classical
Argon2id	Key derivation	Memory-hard. Resistant to GPU and ASIC attacks on derived keys.	Classical

Every classical signature is paired with a post-quantum signature on the same capsule. Verifiers that do not understand ML-DSA-65 can still verify Ed25519. Verifiers that do understand both can confirm both. The chain survives the day Shor's algorithm is published.

Standards posture

Submitted to NIST. Patent pending.

The capsule protocol has been submitted to the National Institute of Standards and Technology. Patent is pending. The architecture was designed against the FIPS 203 and 204 finalists, not against a vendor specification.

No third-party cloud key-management system holds the chain's signing keys. The operator holds the keys. The buyer's counsel verifies the chain against the operator's public keys, published on a stable URL.

Training provenance

Named clinicians, named journals, named guidelines.

Lucy is not trained on the open internet. The training provenance is curated: a defined list of clinicians, journals, and guidelines, each signed into the capsule chain at ingest. The list itself is proprietary; the architecture is the disclosure.

When Lucy cites a source in an output, the cited source is verifiable against the ingest capsule. No hallucinated citations survive the chain.

HIPAA posture

Business associate, signed.

Lucy in the Loop, Inc. executes a Business Associate Agreement with every health-system, payer, and pharmaceutical partner. The substrate is licensed from Quantum Pipes Technologies LLC under terms that allow LITL to act as a HIPAA business associate without the substrate licensor entering the chain of custody.

Patient records are processed in the customer's environment. Inference may be served from a managed cloud GPU service; the substrate is designed so the customer's audit chain stays end-to-end verifiable across that boundary.

Vulnerability disclosure

One mailbox. RFC 9116.

Report vulnerabilities to security@lucyintheloop.com . Acknowledgment within one business day. Coordinated disclosure preferred; we will not pursue legal action against good-faith security research.

The canonical disclosure record is published at /.well-known/security.txt per RFC 9116.