Codenotary Patent Cements Trust in AI and Software Supply Chains

HOUSTON, TX – February 10, 2026 – In a move that fortifies the digital backbone of modern software development, Codenotary has been awarded a U.S. patent for a groundbreaking immutable database technology. The patent protects a system designed to create a cryptographically verifiable and unalterable history of digital assets, addressing urgent security challenges in both traditional software and the burgeoning field of artificial intelligence.

This newly patented technology underpins Codenotary's platform, which is engineered to ensure the integrity and auditability of software from creation to deployment. The company’s approach uses append-only transaction logs and advanced cryptographic verification to build a tamper-proof record.

“This patent formalizes the architectural foundation behind Codenotary’s trust platform,” said Moshe Bar, CEO and co-founder of Codenotary. “As AI-generated software, SBOM mandates, and regulatory pressure accelerate, the ability to prove what existed, when it existed, and that it hasn’t been altered is becoming mission-critical.”

An Unbreakable Ledger for a Fragile Supply Chain

The software supply chain, once a behind-the-scenes component of IT, has become a primary target for cyberattacks. With industry reports indicating that supply-chain attacks have surged by over 300% in recent years and that modern applications are composed of over 70% third-party and open-source code, the need for a new security paradigm is undeniable. Traditional databases, which can be altered or manipulated, are no longer sufficient to guarantee the integrity of a software artifact's history.

Codenotary's invention directly confronts this vulnerability. By creating a permanent, auditable history that cannot be modified without detection, the technology provides what the company calls “mathematically provable immutability.” This allows organizations to securely store, index, and validate data at immense scale, preserving cryptographic integrity without sacrificing the high performance required by modern continuous integration and continuous delivery (CI/CD) pipelines.

“The software supply chain has become a primary security risk,” noted Paul Nashawaty, practice lead and principal analyst at theCUBE Research. “Immutable data records provide a permanent, auditable history that cannot be altered without detection, acting as a key requirement for secure supply chains.” This principle is the cornerstone of Codenotary's offerings, which are built upon its open-source immutable database, immudb.

Meeting a Wave of Global Regulation

The timing of this patent aligns with a global push for stricter cybersecurity regulations. Governments worldwide are recognizing that voluntary measures are insufficient to protect national infrastructure and digital economies. In the United States, Executive Order 14028 on Improving the Nation's Cybersecurity has made the Software Bill of Materials (SBOM)—a detailed inventory of all components in a piece of software—a cornerstone of federal procurement.

Across the Atlantic, the European Union’s Cyber Resilience Act (CRA) imposes even more stringent obligations. As of late 2027, the CRA will legally mandate that manufacturers not only provide detailed SBOMs but also manage vulnerabilities throughout a product's lifecycle and maintain robust, cryptographically signed logs to prove the provenance of all software updates. These regulations are forcing organizations to move beyond assuming trust and toward continuously verifying it.

Technologies that provide immutable, compliance-ready audit trails are no longer a luxury but a necessity for operating in these regulated markets. Codenotary's patented system is positioned as a foundational tool for organizations scrambling to meet these new legal standards, offering a way to generate unalterable SBOMs and maintain forensic-grade audit logs that can withstand intense scrutiny.

Securing the Future: From SBOMs to AI Provenance

While securing the current software supply chain is a monumental task, the patent’s implications extend into the next frontier of technology: artificial intelligence. As AI models and AI-generated code become more integrated into critical systems, ensuring their integrity is paramount. Research has already shown that a significant percentage of AI-generated code contains security flaws, and the “black box” nature of many models raises serious questions about accountability and bias.

Codenotary is tackling this emerging challenge by extending the concept of the SBOM to the AI domain. The company's platform can treat AI models and datasets as software artifacts, creating an immutable record of their lineage. This allows for verifiable AI model and dataset provenance, ensuring that training data has not been tampered with and that the model's development history is transparent. Such capabilities are crucial for building trustworthy AI systems and complying with future AI-specific regulations that will demand explainability and fairness.

“As software becomes the backbone of every critical system—from AI pipelines to national infrastructure – trust can no longer be assumed,” Bar added. “This patent reinforces our commitment to making trust mathematically provable.”

Technology in Practice: Powering Trust at Scale

This patented technology is not merely theoretical; it is the core engine driving Codenotary's product suite, including Trustcenter and Guardian, which are used by hundreds of customers globally, including major banks, government agencies, and defense organizations. The platform is designed for enterprise-scale challenges, leveraging a proprietary “dual-proof” technology that enables rapid verification across datasets containing billions of software artifacts.

For security teams, this speed is essential. When a potential compromise is detected, answers are needed in minutes, not days. Codenotary's architecture provides that speed without compromising on the mathematical guarantees of immutability. The platform provides a range of use cases, from generating unalterable SBOMs and attesting to the origin of firmware to maintaining immutable audit logs that satisfy strict compliance frameworks like PCI-DSS and FedRAMP.

The full patent can be accessed by searching for U.S. Patent No. 12,530,6852, titled “Data Retention in a Cryptographically Verifiable Immutable Database,” via the United States Patent and Trademark Office website.