See It Work · S2 Vol 1 · Sovereign Inference & Memory · Chapter 7
Try to break it — and watch it hold
A determined attacker has three angles: fake a seal (forge the tamper-proof signature), mislabel sensitive data (sneak RED past as YELLOW so it can leave), or corrupt the memory filter (trick it into hiding something). Each one is stopped by the design itself, not by you remembering to check.
The full detailed chart. Condensed for print legibility in the book; shown here at full size.
The sneakiest attack is swapping in a fake version of the checking tool itself. The defense: the public reference plus checking on more than one machine — break it on one, and the others catch the mismatch instantly.
Your machine · the full test suiteready
What this means for you
Every attack is stopped by the design — public checkability, locked-down data labeling, recorded filtering — not by a person remembering to look. Anything suspicious flows up one clear escalation path. What this means for you: your AI's safety doesn't depend on constant vigilance; it holds because breaking it would require breaking math that's checked in public, on more than one machine.
The test suite is itself the proof — every defense, run end to end:
corrupt the memory filtercaught — filtering is recorded
suiteevery attack fails
Run it on your own machines and compare — it either breaks loudly and visibly, or not at all.
For the technical reader — the command, and how to verify it yourself
# one line · you do not need to run this bl-run-tests
bl-run-tests # -> the integration suite passes — defenses hold
Full step-by-step is in Appendix RX: Hands-On Demonstrations in the book.
ⓘDeterministic demonstration. The conversation is a faithful dramatization of the exercise; the receipt is the artifact it produces — the same every time, because the system is receipted. (Representative of the demo's structure; the production page renders the captured run.) No output here is fabricated. A live "run it yourself" mode is coming.