WHEREAS Amendment 001 authorized the Chicken and Egg Bypass Protocol (CEBP), permitting one-time, capped, sunset-bound acceptance of dilutive funding via the a16z Speedrun accelerator;
WHEREAS the CEBP sunset conditions in Amendment 001 §12.4(d) include achievement of Five Million Dollars ($5,000,000) in trailing-twelve-month gross revenue, requiring the Company to articulate and authorize the revenue streams that will produce such revenue;
WHEREAS the operational mission of KNOXAI — eliminating contaminated AI models from the public ecosystem, with CSAM as the headline harm class and ten additional classes covered per cochranblock.org/no-quarter — produces measurable harm reduction in direct proportion to operational scale, which scales with revenue;
WHEREAS the Member determines that more revenue equals more operators on payroll, equals more models audited, equals more publishers reported, equals less CSAM in the public AI ecosystem — and accordingly that pursuit of revenue across multiple authorized streams is mission-aligned, not mission-divergent;
WHEREAS the codename "More Money Less CSAM" (MMLC) is selected to make explicit the tight coupling between business growth and harm reduction, and to communicate the framework to investors, operators, regulators, and the public in language that resists corporate softening;
WHEREAS this Amendment further establishes Protocol P32 (Mission-Aligned Revenue) to govern revenue acceptance and ensure no revenue stream is pursued that would compromise the integrity of the audit methodology, the operator guild, or the reporting pipeline; and
WHEREAS this Amendment is executed pursuant to Article XV of the Original Agreement.
NOW THEREFORE, the Original Agreement is hereby amended as follows:
A new Section 12.5 is hereby added to Article XII, immediately following Section 12.4 (CEBP):
The Company is hereby authorized to pursue and accept revenue from each of the following enumerated streams, all of which are deemed within the scope of Article III (Purpose, Powers, and Flexibility) of the Original Agreement:
The enumeration above is illustrative of authorized streams under Article III; it is not exhaustive. Future revenue streams not listed are authorized provided they (i) pass Protocol P32 (Mission-Aligned Revenue, established below), and (ii) are reflected in the Company's books pursuant to Article VIII.
Article XVIII of the Original Agreement is amended to include the following new Protocol, inserted after Protocol P31 (Unbreaking Software):
Every proposed revenue stream shall be evaluated against the following question:
"Does this dollar increase, decrease, or leave unchanged the platform's ability to find and stop contaminated AI models?"
Revenue streams that increase that ability are authorized and pursued. Streams that leave it unchanged are authorized only if they consume no operator attention. Streams that decrease it — including but not limited to consulting engagements that conflict with audit independence, customer payments contingent on a finding outcome, and revenue arrangements that compromise the operator guild's reputation — are NOT authorized.
The Member shall maintain a running record of revenue acceptance decisions, with the P32 evaluation noted for each material new stream. The record is internal to the Company but shall be made available to TAC members upon request.
Tag commits and contracts implementing P32 with [P32].
Schedule A (Business Model Annex — More Money Less CSAM Framework) is hereby incorporated into and made part of this Amendment. Schedule A includes market sizing, the pricing matrix, the five-year revenue projection, unit economics, defensibility analysis, allocation of CEBP capital under §12.4(h) of Amendment 001, and risk register with mitigations. Schedule A is intended to function additionally as the Company's investor-facing business annex for purposes of the a16z Speedrun submission authorized under CEBP.
cochranblock.org/operations/amendment-002 within twenty-four (24) hours of execution.The undersigned Member, being the sole Member of The Cochran Block, LLC, acting in such capacity and pursuant to the authority granted in Article XV of the Original Agreement, hereby executes this Amendment as of the Effective Date set forth above.
cochranblock.org/operations/amendment-002TAM estimate: The Company's internal estimate of the 2027 global AI safety / model integrity / responsible AI services market, derived from publicly available industry analyst commentary. Specific cited third-party market-sizing reports are not relied upon here; the estimate is directional only. The market includes red-teaming services, model-card auditing, dataset provenance, model-monitoring tools, regulatory-compliance consulting, and training programs.
SAM estimate: The audit-and-attestation subset — independent third-party assessment of AI model integrity for regulatory, contractual, or marketplace requirements. KNOXAI competes here directly. Subset size is an internal allocation of the TAM estimate; not sourced from a third-party report.
SOM target: Internal target for Y5 revenue capture, assuming (i) penetration into ~30% of HuggingFace's publicly stated ~1.5M+ public models at Standard tier, (ii) one Federal SBIR Phase II + one DHS contract, (iii) two insurance partnerships, (iv) one marketplace integration, (v) 30 Portfolio-tier customers. No assumption of legislation-mandated adoption. These are projections, not commitments.
| Tier | Annual Price | What's Included | Operator Split |
|---|---|---|---|
| Standard | $20 | Automated CSAM hash + generic Gate 5 · any operator signs | 80% / 20% |
| + NCII Add-on | +$15 | Identifiable-person deepfake audit | 75% / 25% |
| + CBRN Add-on | +$30 | Bioweapon / chemical / radiological battery (biosec specialty) | 70% / 30% |
| + Supply-Chain | +$25 | Backdoor weight sweep · membership inference rigor | 70% / 30% |
| + Privacy | +$15 | PII memorization · GDPR/CCPA exposure | 75% / 25% |
| + Copyright | +$20 | Training-corpus provenance · DMCA exposure | 75% / 25% |
| Full Spectrum | $150 | All eleven harm classes bundled | 70% / 30% |
| Operator | $500 | Customer picks a specific named operator | 70% / 30% |
| Portfolio | $5K - 50K | Dedicated operator(s) · full model shelf · monthly re-audit | 60% / 40% |
| Gov / Defense | per engagement | Clearance-required · multi-operator dual-signed certs | 50% / 50% |
Disclosure: the table below is the Company's internal revenue forecast under stated assumptions. It is not a projection supported by booked contracts, historical customer data, or third-party market research. Actual results will differ, likely materially. The CEBP investor (a16z Speedrun) and any other recipient of this document should treat all forward-looking numbers as targets, not commitments.
| Stream | Y1 | Y2 | Y3 | Y4 | Y5 |
|---|---|---|---|---|---|
| Cert Fees (Standard + add-ons) | $50K | $300K | $1.2M | $4.5M | $12M |
| Operator Tier | $15K | $80K | $250K | $700K | $1.5M |
| Full Spectrum | $10K | $60K | $240K | $900K | $2.4M |
| Portfolio Subscriptions | $50K | $250K | $800K | $2.5M | $6M |
| Gov / DoD Contracts | — | $300K | $1.5M | $3M | $8M |
| Hash DB API Licensing | — | $50K | $300K | $800K | $2M |
| Insurance Partnership | — | — | $150K | $700K | $2.5M |
| Training (SkillBridge / Univ / Comm) | — | $100K | $300K | $700K | $1.5M |
| Expert Witness / Forensic | — | $30K | $120K | $300K | $700K |
| Marketplace Integration Fees | — | — | $100K | $500K | $1.5M |
| Foundation Grants (non-dilutive) | $100K | $400K | $500K | $700K | $1M |
| Dataset Audit + AIBOM Licensing | — | — | $50K | $300K | $1M |
| Total Annual Revenue | $225K | $1.57M | $5.51M | $15.6M | $40.1M |
| Year 3 trips CEBP Sunset trigger (i): $5M ARR. Strict non-dilutive posture resumes at end of Year 3. | |||||
Notes: Revenue projection assumes (i) Speedrun close in Q3 2026, (ii) SBIR Phase I award in Q1 2027, Phase II in Q3 2027, (iii) one significant marketplace integration (HuggingFace or Civitai) by end of Y2, (iv) one insurance partnership operational by Y3, (v) NO state or federal AI-CSAM legislation citing KNOXAI by name — that would be upside not modeled here.
| Metric | Standard | Operator | Portfolio | Gov |
|---|---|---|---|---|
| Avg Annual Contract Value (ACV) | $25 | $500 | $15,000 | $250,000 |
| Customer Acquisition Cost (CAC) | $3 | $25 | $1,500 | $25,000 |
| Operator Compensation per Cert | $20 | $350 | $9,000 | $125,000 |
| Platform Take per Cert | $5 | $150 | $6,000 | $125,000 |
| Gross Margin | ~85% | ~80% | ~75% | ~65% |
| LTV (3-year) | $60 | $1,300 | $40,000 | $650,000 |
| LTV / CAC | 20x | 52x | 27x | 26x |
Standard tier CAC is low because acquisition is viral via marketplace integrations and GitHub Action distribution. Operator tier CAC is low because customers self-select operators from the public directory. Portfolio and Gov tiers carry sales cycles measured in months and matched CAC, but ACV justifies it.
| Moat Component | Source |
|---|---|
| Hardware-rooted attestation | Software-only competitors cannot replicate eFuse-bound signing keys; the cert architecture is structurally distinct. |
| NCMEC partnership (post-Y1) | Regulatory moat. Single federal partnership creates de-facto standard. Peer competitors face years-long approval queue. |
| Operator network effects | More operators → broader specialty coverage → better cert quality → premium pricing → more operators recruited. |
| Federal legislation citation | Naming KNOXAI in state or federal AI-CSAM legislation creates statutory moat. Active outreach in Y2-Y3. |
| Veteran-owned, OCO-vetted brand | Founder credibility (USCYBERCOM, 100+ missions) is non-replicable by VC-funded software-engineer founders. |
| Operating Agreement transparency | Public OA with binding governance differentiates from typical compliance vendors. CEBP & MMLC frameworks publicly disclosed builds deeper trust. |
| Reproducible audit artifacts | Every cert is independently verifiable by skeptics. Trust does not require trusting the platform. |
The Member is not raising for capital alone. Per CEBP §12.4(b), the dilution cap is 12%. Speedrun's $750K offer represents capital to bridge from founding to first non-dilutive replacement (SBIR Phase II in ~9-12 months). What Speedrun specifically supplies that other capital sources cannot:
| Allocation | Amount | Purpose |
|---|---|---|
| Founder fair-market salary (12 mo) | $250K | Per CEBP §12.4(h) — full-time founder compensation at fair-market rate to enable single-pointed focus |
| Operator FTE bench (2 × 6 mo) | $200K | Two part-time operators at $100K annualized, bridging from volunteer guild to paid bench |
| SBIR Phase I prep + matching consultant | $60K | Phase I application + grant-writing support; replaced by Phase I award (~$200K) on success |
| NCMEC partnership application + legal | $50K | Federal partnership filing, attorney review, vetting period costs |
| Hardware infrastructure (vaults + signers) | $50K | 10 operator hardware kits ($500 ea) + 5 reference vaults + signing infrastructure |
| Foundation grant applications | $30K | Application fees + grant-writing for Knight, Mozilla, Ford, Hewlett, Schmidt Futures |
| Marketplace integration engineering | $50K | HuggingFace + Civitai integration sprints; opens marketplace channel revenue |
| Insurance partnership outreach | $30K | Conferences (RIMS, AIA), introductions to Coalition / Vouch / Beazley underwriters |
| Legal counsel (cert defense + IP) | $30K | Retainer for cert-dispute defense, IP filings on AIBOM standard |
| Reserve / contingency | $0 | Per discipline; if reserve needed, must come from earned revenue, not Speedrun draw |
| Total | $750K | Sum of allocations |
| Risk | Mitigation |
|---|---|
| Big AI labs build CSAM detection internally | Internal teams aren't independent third parties. Regulators, marketplaces, and insurers want external attestation. KNOXAI sells the independence. |
| Regulatory shift obviates the cert | Active legislative outreach (Lever 06 in /no-quarter doctrine). Become the regulator's preferred conformity path before any standard solidifies. |
| Operator quality drift / bad cert issued | TAC peer review, random re-audit program, expulsion mechanism with public delisting. Quality drift = expulsion = guild reputation preserved. |
| Mission drift toward revenue extraction | P32 (Mission-Aligned Revenue) explicit safeguard. Every revenue stream evaluated against impact on detection capability. |
| Founder burnout / single point of failure | Operator #1 onboarding accelerates redundancy. TAC structure designed for distributed leadership. OA Section 10.X (Indemnification) provides personal liability shield. |
| Speedrun dilution leads to follow-on equity pressure | CEBP §12.4(c) explicitly prohibits follow-on. Sunset enforcement is structural, not aspirational. Reaching $5M ARR triggers automatic non-dilutive return. |
| Adversarial LARPing — bad actors register as operators to fail-cert competitors | TAC vetting before operator joins directory. Public reputation scoring. Random platform-issued canary certs to detect lazy or compromised operators. |
| Hardware key loss / theft | Documented key rotation procedure (CEBP-adjacent governance). Operator-level only — platform never holds keys, so platform-level catastrophe is impossible. |
The MMLC framework's central claim: every dollar of revenue translates directly to operator-hours available for audit, which translate to contaminated models detected, which translate to regulator reports filed. The chain is:
Conversion rates at each stage are mission-dependent and will be measured once operational. The Company does not here cite investigation or indictment rates because authoritative public base rates for AI-CSAM specifically do not exist in 2026; the category is too new. The live ledger at cochranblock.org/no-quarter will publish measured rates post-launch as they become defensible.
What is factual: mandatory reporting is triggered under 18 USC §2258A on any CSAM finding. What KNOXAI measurably contributes is the upstream detection signal that would otherwise not exist — the regulator's conversion of that signal into enforcement is out of scope.
Member's stated exit posture: The Cochran Block, LLC is a perpetual entity per Article IV §4.1 of the Original Agreement. The Member does not contemplate sale, acquisition, IPO, or dissolution. The CEBP-permitted Speedrun investor (a16z) acquires a minority stake under typical SAFE terms; the SAFE converts in a future priced round if and only if such a round occurs (and per Amendment 001 §12.4(c), no such follow-on is authorized without separate Article XV process).
Practically: a16z's exit on the Speedrun investment is realized through (a) secondary sale of the SAFE to another party at a future negotiated valuation, or (b) a buy-back by the Company funded from earned revenue at a negotiated price post-Sunset. Both paths are compatible with the Member retaining 100% control of the Company indefinitely.
This posture is unusual for a Speedrun investment but is disclosed transparently up front. Investors uncomfortable with this posture should not subscribe.
The amount of CSAM in the public AI ecosystem
is inversely proportional to the revenue of this company.
More money. Less CSAM.
That's the framework. That's the codename. That's the math. Schedule A is the documentation that the Speedrun investment, the dilution cost, the founder's salary, and the operator-bench investment all serve a single optimization function — and that function is denominated in indictments filed and contaminated models stopped, not in EBITDA.
If that framing is compatible with the investor's thesis, the Company welcomes the partnership under the terms enumerated in Amendment 001 (CEBP) and the revenue authorization established in this Amendment 002. If it is not, no investment shall be accepted.