I read Sten Tamkivi’s piece on Labrys this week. Good company. Real operators. Serious problem framing. The thesis is correct: militaries and humanitarian networks have been duct-taping consumer chat apps into mission infrastructure because nobody built the right tool. Labrys is building the right tool at the application layer. Maps, tasks, payments, identity onboarding, encrypted comms. The cockpit a coordinator actually needs.
I want to talk about the floor below the cockpit.

Every guarantee an application like this advertises rests on assumptions that live one layer down. The user was verified at onboarding, so we trust the session. The photo carries geolocation, so we trust the metadata. The payment went to a verified wallet, so we trust the rails. The chat is end-to-end encrypted, so we trust the channel.

Each of those sentences contains the word trust. Each of them is an assumption, not a proof.

The same gap is now showing up loudly in agentic AI. OpenAI stated in late 2025 that prompt injection is unlikely to ever be fully solved. The UK’s National Cyber Security Centre warned that prompt injection attacks may never be totally mitigated. OWASP ranks prompt injection as the #1 vulnerability in their 2025 Top 10 for LLM Applications. Different domain, same root cause. The agent reads instructions and cannot tell where they came from, whether they were altered, or whether they were meant for it.

That is a provenance problem, not a confidentiality problem. The cryptographers are very good at confidentiality. Provenance is a different job and it needs a different tool.

We built that tool. A mathematical stamp bound to origin, integrity, and destination. The stamp does not read your data. It does not touch your data. It does not need to. Whatever you stamp, plain text or encrypted blob, photograph or sensor reading or payment instruction or AI prompt, the proof guarantees the same three things. Rides with the data. Verifies only at the intended destination. Anywhere else it is inert. Nothing for an attacker to steal because there is nothing in the system worth stealing.

Imagine the Labrys stack with that stamp underneath it. Every photo carries a proof of the device that captured it and the destination that should verify it. Every task instruction carries a proof of the coordinator who issued it and the operator it was meant for. Every payment instruction carries a proof of the authority who authorised it and the wallet that should receive it. The cockpit gets to make claims about its data that no application-layer product can make today.

The same architecture applies to agents. An agent that only acts on stamped instructions cannot be hijacked by an unstamped one. The attack surface does not shrink. It disappears.

This is not a criticism of Labrys. They are solving the workflow problem that needed solving. I am pointing at the layer below, the one the industry has been pretending was already handled, and the one OpenAI, NCSC, and OWASP have now publicly admitted they cannot solve from the top down.

We have been quietly solving it from the bottom up. From Lund, Sweden.

Trust math, not middlemen.