i_demo_010 · skeptic × cross-cutting · how to break m625 (an open challenge)

Why a skeptic would come to evidence.x1000.ai

You are a skeptic. You suspect this is another AI-flavored evidence-platform pitch with adjacent-domain hand-waving and self-grading audits. You have read other "audit-grade" claims that turn out to be self-marking-self homework.

This page is for you. m625 invites you to break it.

m625's value, if any, is exactly the value of its attack surface. If the attack surface is fake (handpicked easy fixtures, no false-positive penalty, no public BLOCKED log), the framework is fake. So here is the open attack inventory.

What you can attack (each is a documented audit-pipeline gate)

Family	What to attack	Documented in
Vocabulary freeze (28-word list)	Find a marketing word that should be forbidden but is not	`09_walls/forbidden_vocabulary.yml`
NCNU-5	Find a phrasing of clinical-decision / individual-prediction / moral-attribution that the audit misses	`09_walls/NCNU5_inherit.md`
W7-N (cross-domain expert)	Find an expert-collaboration imply that the audit misses (esp. domains other than `neuro` where m625's expert list is currently empty)	`09_walls/W7N_neuro_inherit.md`
m610 hard-veto (5 base + 5 ext.)	Find a cross-period claim where K4.1 is dropped or mis-declared (per m604 V2.6 sovereign reference · Kernel §3.4 · Framework §4.5)	`09_walls/m610_veto_inherit.md`
W6.3 conflation	Find a cross-domain claim where transferability is missing but the demo passes audit	`09_walls/W6_industrial.md`
Honest verdict section (W6.5)	Find a Tier-1 demo where any of 4 sections (`已做` / `待办` / `漏洞` / `反驳预案`) is missing or evasive	`09_walls/W6_industrial.md`
Attack-surface coverage	Find a category of customer-facing failure mode NOT covered by any AS-NNN fixture	`05_docs/M625_ATTACK_SURFACE_v0.1.md`
Audit pipeline itself	Find a bug in `02_audit/audit.py` — gate that fails to fire on a violation OR fires on a false positive	`02_audit/audit.py`
Audit-binding drift	Find a case where the spec (canonical doc in `01_materials_cache/C*` ) says X, but `02_audit/audit.py` implements Y, but the test fixture verifies Z — three-way drift	`05_docs/SELF_AUDIT_BENCHMARK_v0.1.md`

What you cannot attack (and why)

Out of attack scope	Reason
The underlying upstream cooked artifacts (m610 / m517 / m516 / m612 / m620 / m604)	Sovereign · attack those projects directly · m625 is a ferry/atlas, not the source
The Roll Principle V2.6 itself	m604-sovereign · m604 standard source uniqueness rule (V5.4)
Whether m517 W7-N expert-list is "right"	m517-sovereign · m625 inherits the list; expansion via m560 governance RFC
FDA / EMA / NMPA regulatory framework	Out of scope · m625 v0.2 does not assert regulatory positions

How to file an attack (no gatekeeping)

Identify the family above (vocabulary / NCNU / W7-N / m610-veto / W6.3 / W6.5 / attack-surface / audit pipeline / drift).
Construct a concrete fixture (text + expected-vs-actual audit outcome).
File it as a Pull Request to this repo, OR via _site/challenge_intake.html (v0.2 W18), OR via direct email to the owner contact in 01_materials_cache/C0_m625_project_identity_card.md.
m625 will (a) reproduce locally, (b) record fire/no-fire in _ops/BLOCKED_LOG.md, (c) revise either the rule or the artifact within the next wave.

All accepted attacks are credited in `_ops/ITER_FINDINGS.md`. Rejected attacks get a written reason, also in `_ops/ITER_FINDINGS.md` (public · not deleted).

Why you should trust the BLOCKED log

It is append-only in version control.
Every entry is timestamped UTC.
Every entry names the fixture (or its AS-NNN ID) and the gate it fired.
Reverting an entry leaves a git history mark you can find with git log -- _ops/BLOCKED_LOG.md.

If you find an entry that was silently dropped, that is itself an attack to file — under the audit-pipeline family above.

What this demo will not say (anti-drift)

❌ It does not claim m625 is "open" in a sense that implies external validation has been performed (it has not, as of v0.2).
❌ It does not affirm or vouch for any external reviewer (m517 W7-N inheritance).
❌ It does not promise that legitimate attacks will be addressed within a specific timeline; m625 v0.2 is a small project with bounded operator time.
❌ It does not run hype copy.

Falsifying prediction (per W6.5 + Roll EPP-3)

The "m625 invites attack" claim would be falsified by either:

an attack filed via PR or _site/challenge_intake.html (v0.2 W18) that is closed without entry in _ops/BLOCKED_LOG.md or _ops/ITER_FINDINGS.md — i.e., silent dismissal; or
an attack-pattern category that is repeatedly filed and repeatedly absent from 05_docs/M625_ATTACK_SURFACE_v0.1.md and 04_tests/fixtures/AS-*.md — i.e., systematic neglect.

Both falsifying conditions are observable to a third-party watcher of this repo.

Attack surface entries this demo links to

AS-008 (cross-domain conflation) — included in the W6.3 family above
AS-009 (moral attribution) — included in the m610-veto family above
AS-010 (marketing hype) — included in the vocabulary-freeze family above

(Plus AS-012..AS-030 expansion · v0.2 W15 deliverable — semantic + multi-turn + paraphrase variants.)

Ferry target (per W6.6)

Primary: m511 clearcancer_circle — page_candidate · m511 may surface this page to the public-facing site after re-audit.
Secondary: m560 GTO_Ecosystem_Control_Plane — gov_rfc for cross-project skeptic-engagement protocol.

Frontmatter `ferry_target: m511`.

Honest verdict (per W6.5)

已做: skeptic-facing demo · explicit attack-family inventory · file-an-attack protocol · public BLOCKED log policy · falsifying-prediction.
待办: external red-team intake form (v0.2 W18); third-party drift detector automation (v0.3); persistent skeptic-feedback channel (v0.3).
漏洞: "m625 invites attack" is currently a stated policy; whether the operator actually acts on attacks within bounded time is unproven. The honest answer is: v0.2 is the first time the policy is documented; v0.3+ is where the policy gets tested.
反驳预案:

- *"You're soliciting attacks to look open."* — Yes, that risk exists. The mitigation is the append-only BLOCKED log + ITER_FINDINGS public record. If both go silent for attacks that were filed, the demo's claim is falsified (see above). - *"This is small."* — Correct. m625 is a small project; honest about that in the 漏洞 section. Scaling skeptic engagement is v0.3+ scope.

m625 v0.2 · self-audit grade A · static page rendered 2026-05-24T03:13:53Z · source on disk at /data/projects/m625_roll_evidence_atlas/ · port 8625 reserved (not bound v0.2).