Project Simurgh: Privacy-Preserving Device Integrity Proofs for Capture-Resistant High-Stakes Sessions

Project Simurgh is a privacy-preserving integrity architecture for high-stakes AI-mediated and remote assessment sessions. The system replaces surveillance-first visual monitoring with signed, metadata-only integrity proofs.

The prototype combines browser behavioural telemetry, local device integrity daemons, cryptographic challenge-response proofs, native operating-system metadata scanners, server-side verification, and HMAC-SHA256-linked tamper-evident audit trails.

It does not collect screen pixels, webcam frames, microphone audio, typed content, pasted content, raw process names, raw window titles, window handles, process identifiers, or personal device identifiers. Every anomaly is treated as a signal for human review; no automatic misconduct finding is produced.

This preprint presents the system threat model, architecture, proof protocol, privacy contract, platform implementations for macOS, Windows, and Linux, evaluation results, limitations, and ethical deployment boundaries.

Preprint version: v1.0; project implementation baseline: Project Simurgh v0.4.18.