$THRT logo $THRT
Provenance • Review • Transparency

THRT secures the evidence trail behind Traceix dataset publication

THRT (Threat Research & History Trail) supports provenance records for decrypted AI training datasets in Traceix. It ties a publication to file hashes, analysis metadata, reviewer context, and an on-chain audit trail.

  • Provenance: Published datasets are linked to hashes, versions, timestamps, and analysis context.
  • Peer review: Review requests create a separate layer for human validation before broader citation.
  • Transparency: Researchers can inspect the record instead of relying on screenshots, claims, or informal exports.
View provenance model How peer review works
Contract
3o2ySLzzvf94VwGnqhNqxHx3Bq4NNimTVr9UKuksTHRT
Operated by the Perkins Cybersecurity Educational Fund, a 501(c)(3) nonprofit.
Published record
file_sha_hash
file_exif_data
third_party_vendors
model_classification_info
decrypted_training_data
license
payment_tx_url
Chain of custody

Each publication keeps the dataset connected to its original file and analysis run.

Peer review

Review requests add human judgment before a record is treated as citation-ready.

Reproducible records

Hashes, versions, and metadata make it easier to compare the same result later.

Transparent citation

Published datasets can be inspected and referenced without depending on private notes.

A provenance layer for AI training data

Traceix can decrypt and inspect datasets. THRT adds a publication layer for records that need to be cited, challenged, reviewed, or reused. The record is designed to preserve the actual evidence: file hash, EXIF data, vendor verdicts, model classification, decrypted training features, license, and transaction reference.

Evidence

Start with the file

The publication begins with a file hash, dataset version, and analysis metadata instead of a loose description.

Review

Add human scrutiny

Researchers can request review so a dataset is checked before others rely on it as a reference.

Publication

Record the result

THRT is used when the reviewed dataset is published with an auditable reference that can be checked later.

What a dataset record contains

A Traceix publication is structured evidence. Each record can preserve file identity, static metadata, vendor results, model output, decrypted training features, licensing, and the Solana transaction used for publication.

File identity

SHA-256 hash, file type, size, architecture, byte order, permissions, and timestamps.

External checks

Vendor verdicts from antivirus, hash lookup, and micro-antivirus engines.

Model verdict

Classification label, model version, accuracy statement, and verdict timing.

Training features

ELF or PE feature vectors such as sections, segments, entropy, imports, symbols, and entry points.

Example evidence snapshot
Hash
eb01db107fc89376d43a86d1d63bc19d4ae28b096a0586cc4627ab5aef88bc4f
File
Win64 EXE • 304 KiB
Model
o1 • malicious
Vendors
ClamAV / Intelix / xVirus
License
CC BY 4.0
Capabilities example

Allocate memory, create thread, encode data using XOR, delay execution, hide graphical window, parse PE header.

Publication reference

The payment transaction URL gives the record an external anchor that can be checked independently.

Peer review before trust

Peer review in this context means independent technical review of a dataset record before it is treated as reliable evidence. A hash can confirm file identity, but reviewers still need to evaluate the classification, metadata, capabilities, feature extraction, vendor disagreement, and limits of the model output.

  • Evidence review: Check whether the file hash, EXIF data, vendor verdicts, model classification, and decrypted training features support the stated conclusion.
  • Method review: Identify whether the record is reproducible, whether the feature set is complete, and whether the model verdict is consistent with the observed capabilities.
  • Interpretation review: Record caveats, disagreements, false-positive risk, conflicting vendor results, and whether the dataset is ready for citation or model training use.
Review framework
  1. 1 Record intake: Confirm the hash, file type, license, timestamp, and on-chain publication reference.
  2. 2 Static analysis check: Review EXIF fields, architecture, sections, segments, imports, entropy, symbols, and declared capabilities.
  3. 3 Verdict comparison: Compare model classification against third-party vendor results and extracted behavior indicators.
  4. 4 Reviewer note: Publish a concise conclusion: accepted, limited, disputed, or insufficient evidence.
Purpose

The review layer is not a separate form or marketing flow. It is a transparency step that explains why a dataset record should, or should not, be relied on by researchers, defenders, educators, or downstream model builders.

Security model

THRT is framed around evidence integrity: making it harder to alter, misrepresent, or detach a dataset from the context that produced it.

  • Tamper-evident references: On-chain publication creates a stable reference point for a dataset record.
  • Hash verification: File hashes let others check whether they are looking at the same artifact.
  • Metadata preservation: Capabilities, EXIF, vendor verdicts, model metadata, decrypted feature vectors, payment transactions, and analysis timestamps remain tied to the record.
  • Transparent limitations: Review notes and disputes can travel with the record, not sit in private channels.
Publication path
  1. Analyze: Search by hash or upload a file in Traceix.
  2. Inspect: Review decrypted data, capabilities, metadata, generated rules, and model output.
  3. Review: Apply peer review when the dataset will be used as evidence, cited externally, or reused for downstream model work.
  4. Publish: Use THRT to record the dataset with provenance and audit metadata.
THRT light paper Traceix light paper

This page is not investment advice. Product behavior, peer-review criteria, access limits, and publishing requirements may change.

Traceix demo

A typical review starts with a hash or file upload, then moves into evidence: training data, capabilities, EXIF/metadata, YARA output, and model metadata.

Traceix start page showing search by SHA-256 or file upload
Start — Search by SHA-256 or drop a file.

What THRT does in Traceix

Traceix analyzes files and exposes training data, capabilities, metadata, and generated rules. THRT is used when that evidence needs to be preserved as a provenance-backed, reviewable publication record.

Preserves evidence

Keep decrypted training data connected to the file, hash, analysis output, and timestamp.

Supports review

Attach reviewer context, confidence, disputes, or limitations to the record.

Improves transparency

Let others inspect the supporting record instead of relying on unverified claims.

Open Traceix Read review framework

Papers & links

More detail on THRT, Traceix, provenance, review, and publication records.

Paper
THRT Light Paper

THRT utility, provenance records, review workflow, and publication model.
Paper
Traceix Light Paper

Traceix analysis, classification, metadata, and dataset workflow.
Open Traceix Back to top

FAQ

Is THRT an investment product?
No. This page describes THRT as a Traceix utility for provenance, peer review, and transparent publication of decrypted datasets. It is not investment advice.
What does THRT add to Traceix?
THRT supports publication records that connect a dataset to its file hash, analysis metadata, peer-review context, and on-chain audit trail.
Who operates Traceix?
Traceix is operated by the Perkins Cybersecurity Educational Fund, a 501(c)(3) nonprofit.
When do I need THRT?
You need THRT when publishing a dataset to the public record. Peer review describes the evidence quality and limitations of that record.

This page is not investment advice. Product behavior, peer-review criteria, access limits, and publishing requirements may change.