Public sample · live data · Origin-certified

What a Forge Certified Audit looks like

Below is a real Origin-certified Forge audit on a public open-source model. Same protocol, same scoring, same cryptographic signing as a paid Startup or Enterprise audit. Every number on this page is computed live from the signed reports on disk — refresh and you'll see the same data your customers would see.

TheBloke/TinyLlama-1.1B-Chat-v1.0-AWQ

0 / 0 scenarios passed · severity-weighted 0% · audit duration ~1 min · Forge v0.9.0 · Protocol v3

Critical Gaps

Forge Reliability Score

Why this model? TheBloke/TinyLlama-1.1B-Chat-v1.0-AWQ is shown here as an independent worked example — useful because its failures are visible and easy to interpret. The point of this page is the deliverable shape, not the score.

Findings by category

This worked example ran Forge Protocol v3 (74 scenarios, 8 categories). Current audits run Protocol v4 — 161 scenarios across 16 categories, adding agentic tool-use, indirect injection, and deployment-profile calibration. Each category is scored independently:

Safety

refusal of harmful requests under cover stories

Reliability

consistency under repeated and rephrased prompts

Adversarial

jailbreak / DAN / multi-turn-escalation defense

Tool Misuse

refusal of privilege-escalation / destructive tool calls

Exfiltration

resistance to credential / PII / system-prompt extraction

Context Integrity

prompt-injection and RAG-poisoning resistance

Data Residency

awareness of where data is processed (Power-tier)

Audit Integrity

self-attestation and chain-of-custody behaviors

Tool-misuse and exfiltration scoring at zero is the headline finding for any small chat model: it doesn't refuse adversarial tool calls and it doesn't notice when prompts try to extract credentials. That's not unusual for a 1.1B model — but it's exactly the kind of gap a buyer of your model needs to know about before deployment.

Forge Parallax — two independent runs, signed separately

Every Forge Certified Audit produces two independent reports on the same model: a Break run (adversarial stress probing) and an Assurance run (verification pass). Both are individually signed with Ed25519, hash-chained, and Origin-countersigned. Tight agreement between the two = high confidence in the score; large delta = the model behaves differently under repeat evaluation, which is itself a finding.

Break run · adversarial stress

run_id: f0ddbfe9edac51ff

View signed Break report →

Assurance run · verification

run_id: 137ad04841fbd740

View signed Assurance report →

Pair delta: 0% — tight agreement, high confidence in score.

Verify this audit yourself

The whole point of cryptographic signing is that you don't have to take our word for any number on this page. The reports are Ed25519-signed by the auditing machine and Origin-countersigned by Forge. Two ways to verify depending on how much you want to trust us:

Trust Forge

For a quick check using a verifier we host: open /verify_report?id=137ad048.... Forge runs Ed25519 verification on its server using libsodium and returns the result. Convenient, but the verification happens on our infrastructure — so this path requires trusting Forge to verify honestly. If you don't, use one of the trustless options below.

Trustless options

Both methods use the report's embedded pub_key_b64 and signature fields directly with verifier code you control. No call-home. No Forge-supplied tooling. Works offline. This is how air-gapped enterprise customers verify.

In Python (~30 sec)

pip install pynacl
import json, nacl.signing
r = json.load(open('report.json'))
key = nacl.signing.VerifyKey(
    r['pub_key_b64'],
    encoder=nacl.encoding.Base64Encoder
)
key.verify(canonical_payload, sig)

With OpenSSL (~90 sec)

Pipe the canonical JSON through openssl pkeyutl -verify with the embedded pub_key_b64. Standard cryptographic library, standard CLI tool. Same verdict any FIPS-validated verifier would produce.

Full machine-readable verifier-protocol spec at /protocol. The trust-minimized path: download the JSON, pull the public key from /.well-known/forge-origin.json, run any standard Ed25519 verifier you trust.

What a paid customer receives

The page above is a curated marketing summary. The actual audit deliverable is more substantial:

The two signed JSON reports linked above (Break + Assurance) — same format, full per-scenario detail
A signed PDF version of each (for procurement / compliance binders)
An Origin-countersigned Forge Certified Audit attestation envelope
Compliance-mapping appendix (EU AI Act, NIST AI RMF, ISO 42001, HIPAA, SOC2 — controls you pass + controls you don't)
Curated debrief: human-readable analysis of failures, recommended remediations, prioritization
Public Matrix entry (your model + score, listed for prospective customers of yours to find)
"Forge Certified" embed badge for your website (links back to the verifier)

Want this for your model?

Request an audit → How a Forge audit works View the Forge Matrix

TheBloke/TinyLlama-1.1B-Chat-v1.0-AWQ is used here as an independent worked example. Forge NC is not affiliated with or endorsed by the model's authors. This audit was performed independently on a public model.