Who Controls the Proof Now Controls the Internet

In the history of the internet, trust has always been a claim, but was rarely tested –  a website asserting it was safe, a vendor asserting its product worked, and a visitor presumed human until something suggested otherwise.

That arrangement, which had held for decades on the strength of assertions alone, came apart last week across six separate announcements spanning frontier-model access, browser standards, post-quantum cryptography, software remediation, publisher controls and a multinational malware takedown.

Each of these described the same movement, in which trust is ceasing to be something a party asserts and becoming something a party issues, demands, or attests.

The significance for enterprise operators sits not in the products themselves but in a quieter consequence that whoever controls the issuing of proof now controls the relationship that depends on it, and the security industry has accordingly stopped asking whether you are trustworthy and started asking whether you can prove it, which means the firms that decide what counts as proof are the firms that consolidated power last week.

What follows traces that shift from its most concentrated form through to its outer limit.

A credential the vendor cannot grant itself

The week opened with the purest expression of proof as power, when Check Point Software Technologies announced on 25 June its admission to OpenAI's Daybreak Cyber Partner Program, a designation extended to only a small group of security vendors cleared to embed OpenAI's frontier models directly into customer-facing products rather than confining them to internal use.

The detail that carries the weight is not the partnership itself but the gate standing in front of it, because OpenAI has established itself as the issuer of a credential that no security vendor can grant to itself, the proof that a company is trusted enough to put frontier defensive AI into the live systems protecting enterprises, and that authority to admit or exclude sits entirely upstream of any product Check Point ships.

Roi Karo, Chief Strategy Officer at Check Point Software, located the real prize in the standard rather than the technology when he said that leading in AI-powered security means “not just adopting new technology, but shaping how it gets built and deployed responsibly across the industry.”

The rollout is deliberately gradual, beginning with tightly controlled defensive uses and widening only as the safeguards prove themselves, which underlines the principle that in this arrangement trust is dispensed in measured increments by the party holding it. For the wider sector, the precedent is the consequential part, since a model provider that becomes the gatekeeper of who may wield its most capable systems redraws the competitive map of security around access that nobody can buy or build their way into unilaterally.

Writing the definition everyone else will inherit

Where OpenAI issued a credential, the announcement that followed reached for something larger in the form of the power to define proof itself for the entire web, when Cloudflare announced on 24 June that it was developing Private Access Control Tokens, known as PACT, alongside Mozilla, Google, Microsoft and Shopify, a privacy-preserving protocol submitted for standardisation that lets humans and authorised bots demonstrate their traffic is legitimate without invasive tracking or forced logins.

The protocol answers a problem that the agentic internet has made urgent, in which the line between a human visitor and an automated one has blurred to the point where the older methods of telling them apart have stopped working at scale.

Dane Knecht, Chief Technology Officer of Cloudflare, set out the nature of that shift when he observed that “normal tasks like ordering food previously required a user to personally navigate menus and payment gateways,” whereas “now, autonomous agents are starting to orchestrate these workflows on behalf of people,” a change that renders the older defences self-defeating because, as Knecht added, existing tools “are too generic and coarse.”

The commercial cost of that coarseness was put plainly by Ilya Grigorik, Distinguished Engineer at Shopify, who noted that “in commerce, every extra challenge, delay, or false positive can turn a purchase into an abandoned cart.”

While Bobby Holley, Chief Technology Officer for Firefox at Mozilla, described how “an avalanche of automated traffic is pushing sites to adopt blunt defences like paywalls, identity checks, CAPTCHAs, and invasive tracking, simply to tell whether a request comes from a human.”

The deeper significance is structural rather than technical, because a coalition that includes the major browsers is not issuing one credential among many but proposing the very definition of proof-of-personhood that the rest of the internet will eventually be built upon, and the power to write that definition exceeds by some distance the power to grant any single token.

Proof that survives the provider, and the computer that does not yet exist

The third announcement carried the question of proof onto sovereign ground when OPAQUE launched OPAQUE 3.0 at the Confidential Computing Summit in San Francisco, an open standard for producing verifiable cryptographic proof of how AI systems operate, with the Technology Innovation Institute serving as a founding partner and contributing the Abu Dhabi-developed post-quantum cryptography that secures it.

The standard generates a tamper-resistant, independently verifiable record for every action an AI agent takes, which allows an organisation to demonstrate how its systems behaved without relying on the assurances of whoever supplied them.

That distinction carries particular weight for governments, and Dr. Najwa Aaraj, Chief Executive Officer of TII, drew it directly when she said that “sovereignty in the age of AI is defined by the ability to verify, not trust,” adding that “open, transparent standards give organisations and nations the confidence to independently validate how AI systems are governed, while post-quantum cryptography preserves the confidence against the security challenges of the future.”

The timing sharpened the argument, arriving days after the United States issued executive orders on 22 June directing the migration of federal systems to post-quantum cryptography, a signal that quantum readiness now sits at the centre of national strategy.

Ion Stoica, Co-Founder of OPAQUE, set the platform apart on exactly this combination when he said that OPAQUE “is the only platform delivering hardware-attested cryptographic evidence across the full AI lifecycle — training, fine-tuning, inference, and agents — with protections engineered to withstand quantum-era threats,” before concluding that “that combination doesn’t exist anywhere else in the market today.”

By embedding its own cryptography into an open standard, TII exercised the most enduring form of proof-power available, inserting sovereign-grade security upstream into the foundation that other organisations will adopt, in continuation of a national strategy that earlier saw cryptographic AI technology developed at the institute acquired by OPAQUE.

Holding the line while the real fix is verified

The fourth announcement applied the same logic to time, treating proof as the thing that governs how quickly protection can be trusted, when Palo Alto Networks, IBM and Red Hat expanded Project Lightwell on 26 June, pairing Palo Alto Networks' virtual patching with IBM and Red Hat's software remediation to shorten the interval between a vulnerability being discovered and an organisation being protected against it.

The urgency behind the collaboration was stated without softening by Nikesh Arora, Chief Executive Officer and Chairman of Palo Alto Networks, who said that “AI has compressed the window between vulnerability discovery and exploit from weeks to minutes,” and that “traditional patching cannot keep pace,” before adding that “by collaborating with IBM and Red Hat, we are shifting the advantage back to defenders.”

The architecture reads as a study in the sequencing of trust, with Palo Alto Networks deploying a virtual patch at the network layer to block exploit attempts the same day a flaw appears, while Project Lightwell, backed by a $5 Billion open-source security commitment, supplies the validated software fix that customers can test and deploy behind that shield.

Arvind Krishna, Chairman and Chief Executive Officer of IBM, described the combination as extending security “from the source code directly to the network front lines,” and characterised the result as giving clients “immediate, automated resilience against emerging threats, combined with the rigorous validation required to safely update their core systems.”

The ecosystem significance lies in what the model concedes, namely that in an environment moving at machine speed, defenders can no longer wait for certainty before acting, so the discipline shifts toward holding a verified line while that certainty is established.

When the switch is handed down

The fifth announcement runs in the opposite direction to the others, distributing proof-power outward rather than concentrating it, when Cloudflare announced a partnership with beehiiv two days after the PACT initiative, embedding its AI Crawl Control technology directly into the newsletter platform and giving independent publishers a clear choice over how AI models use their work, whether to opt into maximum discovery and allow AI search engines to crawl their content freely, or to choose protection and block the scraping to preserve their archive for future licensing.

Matthew Prince, co-founder and Chief Executive Officer of Cloudflare, located the partnership within a longer commitment when he said that “Cloudflare is dedicated to protecting and enabling content creators, from independent bloggers to the world’s largest publishers,” and that the integration gives “newsletter operators the transparency and control to navigate the AI era on their own terms, whether they are optimizing for discovery or preserving their work for future opportunities.”

Tyler Denk, co-founder and Chief Executive Officer of beehiiv, put the matter in terms of leverage when he said that “as AI changes how people find and consume content, publishers need real leverage,” and that the partnership gives creators “the data and controls they need to either maximize discovery and distribution, or protect their writing and dictate their own terms.”

What gives the announcement its weight is the redistribution it represents, because managing AI crawlers once demanded manual robots.txt edits and firewall rules, a capability held by engineers, and reducing it to a dashboard toggle places the proof-power, the ability to dictate the terms on which one's work may be used, into the hands of more than 135,000 publishers who previously had to surrender it for lack of technical means.

The limit of proof

The final announcement marks the boundary of the entire shift, in the case where proof cannot be fully held by anyone, when Infoblox welcomed the latest phase of Operation Endgame on 24 June, the multinational law enforcement action that remediated nearly 15,000 compromised websites and dismantled more than 100 servers and domains tied to the SocGholish malware operation, also known as FakeUpdates, a long-running network used as an initial access vector for ransomware groups. The disruption was substantial, and the scale of the problem behind it gives the action its meaning, with Infoblox Threat Intelligence research finding that nearly 55% of its cloud security customers encountered SocGholish-related activity during 2026.

The careful refusal to overclaim is what makes this the right story to close on, and Dr. Renée Burton, Vice President of Infoblox Threat Intel, struck that balance when she said that “SocGholish is not a niche threat,” because “their activities reach deep into public sector and commercial environments, paving the way for other cybercriminals to gain access to networks,” before allowing that “TA569 and their affiliates have likely had a very bad week,” and committing that the company “will continue tracking how this ecosystem evolves, whether old partnerships re-emerge, and what new infrastructure or delivery chains may take shape in response.”

Here the logic of the week reaches its limit, because a takedown can prove that infrastructure was seized but cannot prove that the threat is gone, and the ecosystem's tendency to regenerate means no party walks away holding durable proof of victory, so that where the week's other announcements showed proof becoming the instrument of power, this one showed precisely where that instrument runs out, against an adversary that simply rebuilds what was taken.

The question underneath all six

Six announcements, read apart from one another, amount to six unrelated bids for attention in a crowded week, yet read together they describe the same reordering, in which trust has become something issued rather than asserted, and the authority to issue it has become the most valuable position in the market.

OpenAI now decides who may wield its models, a browser coalition is drafting the definition of personhood that the web will inherit, TII is embedding sovereign cryptography into the standard others will adopt, Palo Alto Networks and its partners are governing the tempo at which protection can be trusted, Cloudflare and beehiiv are handing the switch to creators, and Operation Endgame marks the point at which proof reaches its limit.

The operators who internalise the shift early will be the ones who stop asking their vendors whether they are secure, and start asking the only question that now carries weight, which is whether they can prove it.