Defense / Intelligence

Attestation infrastructure for high-assurance operations.

ZATONA DYNAMICS brings together open protocols, sealed execution, and managed integrity services to make records, claims, runtimes, artifacts, and people independently verifiable — from code to the disconnected edge.

Built on public specs and running systems. Applied first to defense and intelligence.

claim: doppler track matched · frame: 0x5a7c…d1 · verdict: VALID
Request a briefing See ATL-TacRoot →

We make truth verifiable. First in code. Then in execution. Now at the disconnected edge. One evidence fabric.

Target Environment

Built for defense and intelligence programs, and the industrial base that supports them.

Lockheed Martin
RTX (Raytheon)
Northrop Grumman
Boeing Defense
General Dynamics
L3Harris

Trademarks shown for identification only.
No affiliation or endorsement implied.

The stack

Foundations

Open protocols — published specs, open-source Rust, conformance test vectors.

ATL

Open standard

Append-only, anchored history

A privacy-preserving, append-only log of facts. Selective disclosure, offline-verifiable receipts, anchored to RFC 3161 timestamps and Bitcoin — trust is derived from external anchors, not the operator.

verify

APL

Open standard

Frame-bound claims

Every claim bound to its frame by content hash — what was observed, how, and under which assumptions. The verifier returns apl-valid or apl-invalid on that binding; it does not decide whether a claim is true.

verify

Deployed systems

Running today.

Evidentum

Live SaaS

Managed integrity

The integrity layer delivered as a service — custody, retention, export, and tamper-evident evidence packages structured for audit review.

verify

Thunderwind

Live platform

Sealed execution

Source → binary → runtime → output as an attested chain on Intel TDX. The standard profile removes SSH and interactive console access and relies on hardware attestation rather than operator assurances.

verify

Applied defense vector

ATL-TacRoot

NEW · IN ACTIVE DEVELOPMENT

Trust that holds when the network doesn't.

For intelligence collection and special operations at the disconnected edge.

Public ATL establishes verifiable truth through external anchors — and anchors need connectivity. The field often has none: jammed, denied, or simply out of range.

ATL-TacRoot moves the first anchor into hardware — a record is sealed at the point of capture, holds while disconnected, and reconciles into wider history at the first secure handoff.

How it works

Seal at capture
The device seals the artifact the moment it is taken — in hardware, not in a server it may never reach.
Keep order offline
Each receipt preserves hardware-enforced ordering, so disconnected collection still has a defensible sequence.
Bind the bundle
The verifier checks the bundle, not just the file — cutting off cross-case substitution.
Verify at handoff
A receiving system can verify the artifact, the receipt, and the device identity offline.
Reconcile into ATL
On reconnection, the record reconciles into ATL — wider, externally auditable history.

First wedge

Chain-of-custody for field-collected data at the disconnected edge.

Airborne sensors · field collection devices · emplaced arrays

When an image, track, or mission artifact leaves the edge, the receiving system can prove it is the same artifact that was sealed at capture.

Trust model

Offline when needed, reconciled when possible.

TacRoot doesn't pretend disconnected capture is magic. In the field, integrity and ordering come from authority-provisioned hardware; wider consistency is finalized at the first secure handoff. Every receipt states what is proven now and what is finalized later.

Built on ATLOffline verificationAuthority-provisioned rootHandoff reconciliationIn active development

ATL-TacRoot extends the open ATL transparency log; the deeper trust model is shared under briefing.

Applied defense vector

Viventum

NEW · IN ACTIVE DEVELOPMENT

Match proven, raw biometrics withheld.

For biometric and genomic match verification in disconnected environments.

Biometric and genomic data are non-revocable and uniquely identifying; retaining raw samples or templates creates permanent liability.

Viventum emits a receipt a third-party verifier can check offline without trusting the device vendor, matching service, or operator. Enrollment is published as a cryptographic commitment, not held in raw form by any participant, including the operator.

How it works

Bind at capture
The device binds the sample or sensor frame to the collection event, so later proof refers to that specific act of capture.
Evaluate the predicate
A bounded match predicate is proved without releasing the underlying biometric or genomic material.
Seal the receipt
The receipt binds the proof to the session nonce, enrollment commitment, predicate, and device context, blocking substitution across sessions, enrollments, predicates, or devices.
Verify offline
A receiving system can verify the receipt, the match predicate, and the binding to an Authority-resolved device key offline.
Anchor in ATL
The match receipt is emitted as an ATL Evidence Receipt in the APL-on-ATL carrier, with ATL external anchors covering the receipt.

First wedge

Capture-to-proof match receipts with offline-capable verification.

Biometric match · genomic match · offline-capable verification

When a match receipt is presented, the receiving system can verify which capture event and enrolled commitment it is bound to — without taking custody of the underlying sample.

Trust model

Prove the result, not the sample.

Viventum removes vendor trust from matching and binding, but not all trust. The verifier checks the receipt cryptographically and accepts liveness only with respect to a CaptureRoot Authority it has chosen to trust. The sample stays inside the sealed capture environment.

Built on APL + ATLOffline verificationFrame-bound proofSample stays localIn active development

Viventum is specified as an APL/Bio profile over ATL carrier rails; in this revision, all registered predicates remain PRELIMINARY. Helper-data leakage is a bounded, published property of the frame, and formal non-transferability remains an open proof obligation pending the external review and artifacts required for a later revision.

Dmitrii Zatona

Founder

Built and published by Dmitrii Zatona
Author of the ATL and APL protocols, maintainer of the open-source reference implementations, and builder of the deployed systems behind this umbrella.

zatona.dev
IN-Q-TEL

Strategic outreach

business plan submitted

Exploring mission fit around attestation infrastructure, sealed execution, and evidence integrity. Trademark shown for identification only. No affiliation or endorsement implied.

Bring verifiable integrity to high-assurance systems, from code to the disconnected edge.

Request a briefing