About Dokima

Trust scoring for AI models, built honestly by one person.

What Dokima is

Dokima takes a Hugging Face model identifier and returns a 0 to 100 trust score across seven dimensions: serialisation safety, model card completeness, licence clarity, namespace provenance, safety and bias evaluations, regulatory alignment, and ecosystem context. Every dimension has explicit rules. Every score is reproducible from the same Hugging Face metadata. The full methodology is published — no black box.

The name comes from Ancient Greek dokimasia, the formal Athenian process of vetting officials before they could take office. Dokimos means tested, proved genuine, approved. It maps precisely to what the product does.

Why this product exists

Hugging Face hosts hundreds of thousands of public AI models. Anyone can publish one. Most repositories carry no security context, no provenance signal, no compliance mapping. Procurement teams at regulated companies are asked to greenlight model use without a structured way to evaluate trust. Researchers cite models they have never inspected. Developers embed dependencies they cannot audit.

The EU AI Act, the UK AI Safety Institute framework, and the US NIST AI Risk Management Framework all require structured documentation of AI system risk. Dokima gives a trustworthy, reproducible signal that maps to those requirements without duplicating them.

It also gives model authors something they currently lack: a clear, public, fixable scorecard they can act on. A B grade with a remediation list beats a vague "this model has gaps" any day.

Who's behind it

D
Daniel Iwugo
Founder and sole developer

Cybersecurity practitioner based in Dorset, UK. BSc Computer Science, Babcock University. Hands-on experience in web application penetration testing and vulnerability classification against OWASP and CVE frameworks. Member of the BCS Dorset Branch Committee.

Dokima is the second product I have built under The Malware Files. The first, Anya, is a Rust based static malware analysis engine aimed at independent security researchers. Both share an underlying detection-intelligence layer and a shared standard of robustness, reproducibility, and honest documentation.

How I keep this trustworthy

A trust-scoring product whose own trustworthiness is opaque is worthless. Five concrete commitments hold:

  • The methodology is open. Every weight, every grade boundary, every hard-fail rule is published on the methodology page. Score is data, not code.
  • Recalibration is on a public cadence. Quarterly reviews of the highest-gameability dimensions; full seven-dimension sweeps when distribution drift triggers; every cycle gets a writeup on the blog under the Calibration tag.
  • Every score is reproducible. Two scans of the same Hugging Face model with the same metadata return byte-identical Verdicts. Methodology version + weights SHA stamped on every score report.
  • Dispute path is real. Model authors who believe a score is wrong can raise a dispute via the support page. Reviewed within five business days. Confirmed errors are corrected, logged, and rescanned.
  • The engine is open source. Dokima is licensed under AGPL-3.0-or-later. Source is available on request to [email protected] and may be made publicly browsable at a later milestone.

What Dokima is not

A high score is not a warranty. Dokima scores metadata and documentation signals available through the Hugging Face public API. It does not download model weights, run inference, or perform dynamic analysis at the Free, Hobby, or Pro tiers. It does not replace a security audit, a compliance review, or your own due diligence.

It is a structured signal that says: this model's documentation is in this state, this format carries this risk, this publisher has this provenance, these regulatory boxes are ticked. Use it to prioritise where to look harder.

Get in touch

For product questions, partnerships, press, or anything else, the support page routes to me directly.
Contact