Lucid Research

A conveyor belt for verification technology.

We build the technology that lets the world trust the AI it buys and sells — carrying a verification idea from first principles to deployed, open, secure infrastructure.The research program is open: experiment on real hardware, red-team the architecture, or contribute to emerging cryptographic standards.

Explore the research pipeline ↓

The research program.

A verification idea enters unproven and leaves proven, standardized, and deployed in the open. Four stations carry it the whole way.

01

Experimentation

A multi-silicon research cluster the community can physically touch.

with VCF Learn more ↓
02

Validation

Adversarial red-teaming against the attacks that matter most.

Government red teams Learn more ↓
03

Standards

Open cryptographic standards that the whole industry adopts.

IETF · CCC · OCP Learn more ↓
04

Deployment

Shipped in NeoCloud — and published as open hardware.

NeoCloud Learn more ↓
◼ Unproven idea Verified, deployed, open ◼
verify

01 · Experimentation

An AI cluster the verification community can actually touch.

Hardware verification, side-channel analysis, TEE research, network inspection — this work needs physical, bare-metal access to datacenter-grade GPUs that no cloud provider offers. So we built it, and opened it to the community in partnership with the Verifiable Compute Foundation.

Multi-silicon by design. A dedicated bare-metal cluster spanning NVIDIA H100, H200, and B300 (Blackwell) and AMD Instinct MI355X — because real verification can't assume one vendor's chip. Pre-installed NVIDIA drivers, CUDA, fabric manager, and OFED. Schedule workloads via Kubernetes or Slurm.

Root of the machine. BIOS/UEFI-level access, IPMI/BMC management, custom firmware, and NVIDIA Confidential Computing enabled. Opens up directions like side-channel analysis to distinguish GPU workload types, or probing TEE boundaries under real datacenter conditions.

Physical access, supervised. Install instrumentation, swap NICs, change BIOS/firmware, and run network-level experiments on real frontier-class hardware. Need a different setup? We can reconfigure to meet your needs.

Qualifying safety and verification research groups receive compute access at no cost, allocated through an open fair-share process and covered by research funders through the Verifiable Compute Foundation. If your needs exceed the free allocation, dedicated remote capacity is also available.

Run an experiment with us →

Silicon in the cluster

VCF

Verifiable Compute Foundation — operates the community research cluster with Lucid.

02 · Validation

Verification means surviving the attacks that matter most.

An architecture is only as good as the attacks it withstands. Before a government adopts verifiable compute, its own agencies need to try to break it — so we run adversarial programs with national security agencies and government research institutes, on a Builder-vs-Breaker model where the teams trying to break it are never the ones who built it.

Red-teamed for government adoption. We run structured adversarial programs with national security agencies and government research institutes — the buyers who need the strongest possible proof before they trust verifiable compute.

Builder vs Breaker. The teams trying to break the architecture are never the teams who built it. Independent red teams keep full technical authority over their own methodology and reporting.

Four capabilities under fire: data residency, compute integrity, confidentiality, and AI Passports — each one attacked, not just asserted.

The output is public. Fully documented, open-source, state-backed reference architectures — built to be demonstrated to policymakers and submitted to standards bodies.

Case study RISE — Research Institutes of Sweden

An 18-month validation program with RISE — Research Institutes of Sweden — deploying our verification platform on their GPU infrastructure at the ICE Datacenter in Luleå. RISE's cybersecurity group runs the adversarial testing and delivers formal vulnerability and penetration-test reports, retaining full technical authority over its own methodology.

Builder

Lucid deploys the verification platform on real GPU infrastructure.

Breaker

RISE red teams attack it independently and report what breaks.

◉ ICE Datacenter — Luleå, Sweden

03 · Standards

Four questions. Four open standards.

Verifiable AI compute comes down to four questions that today are asserted but never proven. We turn each into evidence a regulator, a sovereign customer, or an auditor can independently verify — as open standards, so the whole industry can adopt them.

WHERE Published

Sovereignty Certificates

Where, physically, is the chip running this workload? Proven by ping-based location attestation — a bound derived from the speed of light, which no VPN can fake.

View the standard at sovcert.org →
WHO In development

Verifiable Compute Identity

Who — and which agent — is using this chip, and did it stay in scope? Human identity-proofing, sanctions screening, and signed agent delegation chains.

WHAT In development

Attestable Audit Profile

What can the deployed model actually do? Independent, cryptographically signed evaluations bound to a specific model checkpoint.

HOW In development

Verifiable Compute Accounting

How much compute, of what class, by whom? Hardware-rooted FLOP counting the operator can't reset.

Standards bodies & communities we engage with

IETF
Confidential Computing Consortium
Open Compute Project
SL5 Taskforce
The Linux Foundation
IETF
Confidential Computing Consortium
Open Compute Project
SL5 Taskforce
The Linux Foundation

04 · Deployment

Verification, in production — and in the open.

What survives the belt doesn't stay in the lab. We ship it as part of our NeoCloud offering for government and enterprise clients — verifiable AI compute as a service — and we publish the reference architectures as open hardware so anyone can build, inspect, and certify their own.

AI PASSPORT VERIFIED
Sovereign Agent operated by Lucid Computing
sha256:7f3a...e9d1 · Stockholm (Sweden) · AWS
SECURITY & COMPLIANCE All 12 Passed
Is personal data protected?
GDPR
Names, emails, and phone numbers are automatically removed before processing Removes personal data automatically
◦ GDPR mode active ◦ 7,350 items redacted last month ◦ 0 data leaks
Where is my data stored?
STOCKHOLM
All computation stays within your chosen geographic region Stays in your region
◦ Stockholm (Sweden) ◦ No cross-border transfers
Is all my data encrypted?
INTEL TDX
AI runs inside encrypted memory that nobody — not even us — can access Encrypted memory nobody can access
◦ TEE hardware attested ◦ SLSA Level 3 ◦ All memory encrypted
Is it safe from prompt attacks?
ACTIVE
Every prompt is scanned before the AI sees it Blocks harmful content & attacks
◦ 385,410 prompts scanned ◦ 2,012 blocked ◦ 0 bypassed
Does it follow your rules?
ENFORCED
Custom business rules are checked on every request and response Enforces your policies
◦ 5 active rules ◦ 100% compliance rate
Has the model been tampered with?
SECURE
The AI model is scanned for backdoors, trojans, and unauthorized modifications No backdoors or tampering
◦ 5 integrity scans completed ◦ 0 threats found

Get in touch

Tell us about your deployment.

Bring us your security and confidentiality specs — we'll show you what verifiable compute can prove, end to end.

© 2026 Lucid Computing · Research