fallrisk.ai / attest
Operational Authority

attest.fallrisk.ai

The operational authority surface for Fall Risk model identity attestations. Public key, signed registry, verification API, advisory series. Each artifact consumable without conversation.

This domain exists so Fall Risk claims can be checked without asking Fall Risk.

You are on the authority surface.

This is where Fall Risk publishes the public key, signed registry, verification guide, API documentation, and advisories used to check its model identity claims.

If fallrisk.ai explains the system, this domain is where the system can be verified.

JWKS Public key used to verify Fall Risk signatures. Signed Registry Canonical signed model enrollment records. Verification Guide Step-by-step reproduction of the trust chain. API Docs Lookup layer over the same signed records. Advisories Dated operational records of model identity risks.

Each surface is fetchable, parseable, and verifiable without further communication with us.

The API is hosted at api.attest.fallrisk.ai/v1/. The API serves signed registry fields verbatim. It does not recompute, re-derive, or weaken any signed value. A registry snapshot with missing or invalid signatures is not served as authoritative. Verification is performed locally against the public key below; the API has no privileged path. API documentation →

The canonical path is /.well-known/jwks.json, following RFC 8615. Fetching that URL returns a single RSA-2048 public key with the key identifier fallrisk-96cd5e6a01e1. The matching private key sits offline on a single machine and never touches a server.

The same key is also embedded directly in every page of fallrisk.ai that performs in-browser signature verification. The bytes are identical. If a relying party fetches the key from this endpoint and finds it differs from the key embedded in the page they were reading, the bytes do not match the public trust anchor and the page should not be trusted for that session. That comparison is the cheapest possible test that the page a reader received matches the page Fall Risk published.

Anyone with a standard JWT library and the key below can verify any Fall Risk enrollment record or attestation token offline, on their own hardware, with no further communication with us. That property is the entire point of the design.

Public Key Set

application/jwk-set+json View raw → 
{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "alg": "RS256",
      "kid": "fallrisk-96cd5e6a01e1",
      "n": "oYwBUy1rtISAbJNZJ6p8QoFK678smQLaKl4s1SZ9gYl_-mfsi7JVsBGbuaUVgFKxVaaTzYXyZo4WxXLxDxOt8xICjSIqP62G8sw-Y5v6ZbtDO8MkHsQNYjRfbb5xV6hPFz4ramYyC4d61Pa_l3JrmEu-oluEHU9Op8qR-FT7-1Qvlnjpz5xuYpeE-EAkx2Bh2UcvBZH6cdpcr8KTCEjxba-B5JwQ3E3J4pje4Xe9HW6x3cGA0Zi9AT-pqMZcpq_7KZzNccfLlWoD6S7hXKacZrzIUnx5NcPMoy9lPSNwEwqp6nj2OH9C1zF6XnTYjjs9ZBIwVmp-lwu_6vqL0iWb7Q",
      "e": "AQAB"
    }
  ]
}

Verification — minimum example

Install: pip install PyJWT cryptography 

import jwt, json, urllib.request

jwks = json.load(urllib.request.urlopen(
    "https://attest.fallrisk.ai/.well-known/jwks.json"
))
key = jwks["keys"][0]
public_key = jwt.algorithms.RSAAlgorithm.from_jwk(json.dumps(key))

# Replace with any signed enrollment record from
# https://fallrisk.ai/registry
JWS = "eyJhbGciOiJSUzI1NiI..."

claims = jwt.decode(JWS, public_key, algorithms=["RS256"])
print(json.dumps(claims, indent=2))
← fallrisk.ai Signed Registry → Verification Guide → API → Advisories →
Issuer: Fall Risk AI, LLC · New Orleans, LA
Key identifier: fallrisk-96cd5e6a01e1 · Algorithm: RS256 (RSASSA-PKCS1-v1_5 / SHA-256)
© 2026 Fall Risk AI, LLC