METASTATE I LTD · Innovate UK 2422 · Phase 1 Feasibility
A sovereign, privacy-by-design benchmark and reasoning method for evaluating frontier AI on detection of AI-generated financial deception — synthetic identities, deepfake KYC documents, AI-authored fraud narratives, and AI-laundered transaction stories.
Why a sovereign UK evaluation standard is needed now
Frontier generative models now produce convincing synthetic identities, deepfake identity documents and AI-authored fraud narratives at scale. Adversarial tooling is public, productised and improving every model generation.
There is no UK standard that answers "how well does a given AI model detect AI-generated financial deception?" Institutions test ad-hoc, on private data, with no comparability. Without a benchmark there is no evidence-based procurement, no regulatory standard, and no way to track whether defence is keeping pace.
AI-enabled financial fraud and synthetic-identity attacks are an economic-security threat with national-security adjacency. A sovereign, explainable, UK-grounded measurement capability is exactly the kind of public-interest AI infrastructure the regulatory agenda calls for.
The novel AI contribution — evaluated as a Phase 1 research question
Phase 1 investigates whether a reasoning-layer architecture that wraps a frontier detection model with a first-order-logic (FOL) predicate schema — so that every positive decision must produce a machine-checkable justification, or the system is required to abstain — measurably improves verifiability over an unconstrained frontier baseline.
The advance lies jointly in (a) the control algorithm (the constrain–generate–verify loop with a domain predicate library), (b) the rigorous evaluation methodology, and (c) their combination. Prior neuro-symbolic LLM-reasoning work (Logic-LM, LINC, Refiner) addresses general logical reasoning over text; this project specialises the technique for high-stakes adversarial detection with structural evidence guarantees.
TRUST-EVAL UK · three layers, one stack
Named baseline · same frontier model without the constrain–generate–verify layer · identical seeds, splits, scoring protocol
Standard F1 against adversarial samples across the four attack classes.
Share of positive decisions for which a valid machine-checkable justification can be constructed.
Share of positive decisions whose justification is rejected by the verifier.
Tokens consumed per decision (input + output) versus the named baseline.
Correct abstention when ground truth is deliberately absent, plus protocol re-run reliability.
Four AI-generated financial-deception attack classes scoped for the Phase 1 PoC
Wholly fictitious individuals and composite, real-looking personas. Generated via frontier image generation and structured persona pipelines.
Passport, national-ID and driving-licence templates (specimen-only) with adversarial perturbation from a document-template engine.
Romance-scam scripts, business-email-compromise pretexts and pig-butchering scenarios authored by frontier LLMs and adversarially refined.
Synthetic transaction graphs paired with plausible-cover narratives — a graph generator combined with an LLM cover-story.
Anchored on hardware the applicant already owns and operates
The private-by-architecture claim is not aspirational. METASTATE I LTD operates an on-hand heterogeneous sovereign-compute testbed for cross-stack baselining. Frontier-model and tooling access uses the NVIDIA Developer ecosystem (NGC, NIM, DLI). The applicant's affiliated venture firm is a member of the NVIDIA Inception VC Alliance.
NVIDIA RTX 5090 Mobile · 24 GB VRAM · 96 GB RAM. Headless always-on inference server for the frontier-model evaluation runs.
16 GB GDDR6 via OCuLink — a parallel comparator node for cross-stack baselining and ROCm experimentation.
XDNA architecture · ~50 TOPS · energy-efficient processor for embedding generation, RAG indexing and other always-on auxiliary tasks.
Four work packages across three months · feasibility, not shipped product
Validate the threat taxonomy with a UK practitioner panel; produce the data-governance and ethics framework.
Build the privacy-by-design synthetic-data pipeline and PoC test-set; conduct the constrain–generate–verify feasibility study; design the verifier interface.
Build the reproducible scoring harness on the five-axis rubric; run baseline-versus-method comparisons across at least three frontier and open model families.
Phase 2 technical report (mandatory output); consortium letters of intent; Phase 2 collaborative-R&D bid skeleton.
If Phase 1 confirms feasibility, Phase 2 scales the corpus to multi-jurisdictional production-scale, productionises the evaluation harness as a managed service, and secures UK regulatory and bank reference adoption. Phase 2 is a separate UKRI / Innovate UK competition; this site reflects the Phase 1 feasibility study only.
Single-applicant Phase 1 · consortium assembly is itself a Phase 1 deliverable
Lead by Vladislav (Slava) Solodkiy: founder of a US-licensed compliance-first digital bank (IFE-065); co-author of venture-capital fund regulation in Singapore (MAS); author of two books on fintech and on AI infrastructure; published commentary on AI-enabled fraud and OSINT-led compliance. Domain authority sits squarely at the intersection the project requires — frontier-AI engagement and regulated-finance evidence standards.
To anchor the neuro-symbolic / FOL technical depth that is adjacent to but outside the applicant's core domain, Phase 1 budgets a small advisory subcontract (a handful of expert-days) with a UK academic or industry specialist in neuro-symbolic LLM reasoning.
Privacy-by-design · UK-resident · evidence-led
The benchmark is built entirely on synthetic data — no real personal information enters the system at any stage. UK GDPR Article 4(1) does not apply. ICO synthetic-data guidance followed throughout.
Only the detection and evaluation artefacts are released publicly. Adversarial generation material is limited-fidelity and held under governance review; an ethics review is mandatory before any release.
Phase 1 work is carried out by a UK-registered SME on owned UK-based hardware. Exploitation intent is UK-based. The benchmark is offered as a public good toward UK standard-setting.
Phase 1 is a feasibility study. The constrain–generate–verify approach is evaluated as a research question, not asserted as an existing capability. Numeric targets are empirical end-of-Phase-1 targets, to be confirmed by the work itself.
If Phase 1 validates the approach, the IP position will rest on trade-secret protection of the synthetic-data generation pipeline and selective patenting of method components — the exact split is itself a Phase 1 deliverable.
Open benchmark interface as a public good; commercial evaluation-as-a-service and licensed dataset slices for institutional and vendor use; certified scoring for regulator-aligned procurement.