1999
Mars Climate Orbiter
$327M
burned up over Mars
One team's software produced thrust in pound-force. Another's read it as metric. Both handled a perfectly valid number.
cause: pound-force read as newtons
Verified software composition
Software you can prove, built from blocks you can trust.
Most software is trusted the way medieval medicine was practised: by reputation, ritual, and testing a few cases. BriX makes software trustworthy the way a bridge is trustworthy — every part certified, every connection checked, every step of construction on record.
The problem
The most damaging software disasters on record are not exotic. They repeat. And the industry’s answer to all of them is the same: test more, and hope.
1999
$327M
burned up over Mars
One team's software produced thrust in pound-force. Another's read it as metric. Both handled a perfectly valid number.
cause: pound-force read as newtons
1996
37 sec
from launch to loss
The guilty component had worked flawlessly for years — on Ariane 4. A faster rocket produced a value nobody had guarded against.
cause: correct part, fatal new context
2012
$440M
lost in 45 minutes
A deployment reached seven of its eight servers. The eighth ran a stale component that misread a repurposed flag.
cause: reviewed source, wrong running software
2014
64 KB
of memory, per request
A message said “I am sending 64,000 bytes” while actually sending one. Servers worldwide handed back whatever sat in memory.
cause: an input nobody had mapped
2020
signed
and shipped to thousands
Attackers never touched the source code developers reviewed. They compromised the build system, and malicious code shipped inside digitally signed updates.
cause: the build betrayed the source
2021
1 string
ran code on millions of servers
A logging library treated a specially crafted piece of text as an instruction to fetch and execute code.
cause: text treated as an instruction
2024
2 years
of politely earning trust
A contributor spent two years becoming a maintainer of a core Linux library, then inserted a backdoor. The library's name never changed — only its contents. Caught by luck.
cause: trusted by name, not by content
2026
all of it
automated, at machine speed
AI assistants generate software and pick dependencies faster than humans can review — with the same blind trust in names, the same untyped connections, the same unreviewed glue.
cause: every weakness above, accelerated
Testing runs a few cases and extrapolates. It cannot prove that every connection is valid, that every input has a defined fate, or that the thing running is the thing reviewed. These failures aren’t rare events to be tested away. They are what the standard way of building software permits.
The idea
Every mature engineering field builds from certified parts. Nobody hand-forges a bolt for a bridge and hopes. Software is the last engineering discipline that hand-writes almost everything — and hopes. BriX changes the construction method itself, with three moves.
Move 1
A BriX program is a wiring diagram of sealed blocks. Each block does one defined job — parse this, verify that, decide the other. The diagram is the program. There is no separate pile of text that “really” defines it, and no glue code hiding between the parts.
Programming stops being typing and becomes architecture: choosing and connecting proven parts.
Move 2
Today, when software imports a library by name, it gets whatever currently answers to that name. That is how the xz-utils backdoor nearly reached most of the world’s servers — the name never changed, only the contents.
In BriX, a block’s identity is a cryptographic hash of what it actually contains — a fingerprint, not a filename. Change one bit and it is a different block, refused everywhere downstream. The fingerprint is recomputed before every single use, so tampering is caught at the door. Nothing can be quietly swapped, because a swap is a change of identity.
filename vs fingerprint
today
import “compression-library”
→ whatever answers to that name today. Contents unknown.
BriX
use block cs_8f41…d2
→ exactly one thing in the universe. Recomputed and checked before every use.
Move 3
Before two blocks may be wired together, the connection has to clear five mechanical checks — like stamps at a border post. Do the data types match? Do the units match — because metres are not seconds and pound-force is not newtons? Does the receiving block get every guarantee it demands? No accidental loops? And does every possible rejection have a wired destination?
Fail any gate and the composition is refused before the software exists to fail at runtime — with a report naming the connection and the reason.
And then it stacks. A composition that passes all gates is sealed: put into standard form, fingerprinted, stored as a new block. Verified assemblies become parts for bigger verified assemblies — turtles all the way up. Verification effort is spent once and reused forever, which is what makes proof scale in a way testing never has.
Tests of the tests
Everyone has met the test suite that passes in the lab and means nothing in production. BriX takes testing personally.
Every block ships with its own attackers — sealed adversary blocks that throw boundary values, malformed inputs, unit mismatches, and known exploits at it. A block enters the catalogue only when it survives.
And every attacker is paired with a discriminator — a sealed checker that proves the attack actually bites. Because a test that doesn’t bite is worse than no test: it manufactures confidence.
The admission record stores the fingerprints of exactly which attack and which discriminator were used. “It was tested” is never a stale claim.
No hiding
Every block carries a verification level — from “exists and is fingerprinted” up to “formally checked”. When blocks are composed, the assembly inherits the level of its weakest constituent.
So one unreviewed part can never hide inside a reviewed product. A safety-critical deployment can mechanically refuse anything below its threshold. Assurance stops being a claim in a brochure and becomes a property computed from the graph — and marketing doesn’t get a vote.
The consequence
Go back to the disaster cards. In BriX, those aren’t risks to manage down. The architecture has no way to say them.
| Failure class | Why BriX cannot express it | The incident it answers |
|---|---|---|
| Silent dependency substitution | Identity is the fingerprint of the content. A changed dependency is a different identity, refused everywhere. | xz-utils (2024) |
| Unit and meaning mix-ups | The unit gate rejects the connection at assembly. Two ports can both carry a number and still be refused. | Mars Climate Orbiter (1999) |
| Correct part, fatal context | Every input has a defined accept-or-reject fate. The out-of-range value is a wired rejection, not undefined behaviour. | Ariane 5 flight 501 (1996) |
| Memory disclosure via malformed input | The malformed message is a rejection with a destination, not a memory read. | Heartbleed (2014) |
| Injected code via crafted input | Input is typed data with a defined fate — never an instruction. | Log4Shell (2021) |
| Build-time code insertion | Artifact attestation chains the shipped binary to the verified source graph. Deployment refuses artifacts that don't verify. | SolarWinds (2020) |
| Wrong or stale version deployed | Deployment-time fingerprint checks refuse any artifact whose attestation doesn't match. | Knight Capital (2012) |
One honest note. BriX moves correctness inside blocks onto proofs and sealed evidence, and correctness between blocks onto mechanical gates. Asking the system to do the wrong thing remains a human problem. BriX shrinks the failure surface to that question — which is where human attention belongs.
Why this matters now
Every defence and infrastructure organisation now faces the same choice. Ban AI coding — and fall behind. Or trust it — and inherit every failure pattern above, automated. BriX is the structural third answer: let AI assemble, because assembly is checked.
An AI that can only select from the verified shelf cannot introduce a buffer overflow, an injection flaw, or a swapped library — no sealed block contains those classes, and every connection it proposes passes the same gates as a human’s. When the AI gets it wrong, it picks a weaker-but-valid block or proposes a connection the gates refuse. Failure degrades to suboptimality, not to exploitability. And an AI proposing a genuinely new block gets no shortcut: same attacks, same discriminators, same admission bar.
It doesn’t matter whose AI it is. The architecture checks the work.
Status
As of , BriX is a working system with a real catalogue — not a slide deck.
Every catalogue entry is content-fingerprinted, and new blocks seal together with their attacks in the same change — the testing discipline is practised, not aspirational. The five gates run today, including the unit gate that catches the Mars Climate Orbiter class of error. The storage layer re-derives fingerprints on write and on read and refuses mismatches. Blocks are built and verified by separate sessions: the producer never reviews their own work.
Not finished — and it says so. Several architecture extensions are designed but not deployed, each queued for its own patent filing: cross-organisation sharing of verified block libraries, hardware-vouched input where software touches the world, bringing the full compiler chain inside the evidence discipline, and a memory-and-parallelism architecture in which whole failure classes have nothing to act on. Like every system today, BriX currently runs on standard external runtimes that remain a conventional trusted base; retiring that base is on the roadmap. The trust spine — fingerprints, gates, sealing, attack-paired admission, storage enforcement — is the part that is real first.
Intellectual property
A UK patent application covering the composition and verification core — gate-checked composition, fingerprint identity with recompute-before-use, attack-plus-discriminator admission, weakest-link inheritance, artifact attestation with deployment refusal — was filed on : UK application GB2615954.1, priority date established. Further applications are queued.
This is the lab’s second patent family. The first, filed , covers the geometric concept-space architecture behind Concept-Native Intelligence. The two stand alone: a challenge to one does not propagate to the other.
Who this is for
In the lab
The lab’s three layers make AI claims auditable: no claim without a source, no result without a condition that could kill it. BriX applies the same discipline to software construction: no block without evidence, no connection without a gate, no artifact without provenance.
Written enquiries only: curious@lily-labs.co.uk