In 1956, two engineers named Bill Fair and Earl Isaac had a simple idea. Instead of letting bank managers decide who got a loan based on handshakes and gut instinct, they would build a score. A number, derived from actual financial behaviour, that any lender could read and trust. It took decades for the market to accept it. Today no bank on earth makes a significant lending decision without one.

Hiring is in 1956.

The average recruiter reads a resume for six seconds. They are pattern-matching against a mental model built from previous hires, personal bias, and whatever the job description says. They have no trust layer. They have a document that a candidate wrote about themselves, optimised to pass a keyword scanner, and polished by an AI that has read ten thousand similar resumes.

The result is a market that is simultaneously flooded with unverifiable claims and blind to genuine talent that doesn't know how to perform on paper.

78% of candidates admit to embellishing their resume
6s average resume review time by a human recruiter
$17K average cost of a single bad hire at mid-level

The resume is not a data source

A resume is a marketing document. It exists to get the candidate into the room — not to provide an accurate assessment of capability. We have always known this. We have always hired anyway.

The problem has compounded. AI writing tools have erased the friction that used to correlate with authenticity. A candidate who could write a coherent, specific, well-structured resume was, probabilistically, more likely to be the kind of person who paid attention to detail. Now any resume can be coherent and specific. The signal is gone.

We are now in a world where the very best fake resume and the very best real resume are indistinguishable to the human eye. Evidence is the only thing left.

Evidence means data that exists independently of what the candidate wrote. A GitHub repository with commits. A Credly badge cryptographically linked to a certification authority. A name that appears alongside an employer in a press release, a conference agenda, a team page. An ORCID profile attached to a peer-reviewed paper. These things cannot be faked by rewriting a bullet point.

But a single data point is not enough. A credit bureau does not trust one account — it looks for the same borrower appearing across multiple lenders, each reporting independently. The same principle applies here. When a candidate’s identity is confirmed by GitHub, corroborated by SEC EDGAR filings, and independently verified through a patent record, those three sources are not additive — they are multiplicative. Each independent confirmation makes the others more credible. We call this the Signal Mesh: a corroboration matrix that cross-references every fact category against every independent source. When three or more sources agree, the evidence compounds.

How the trust layer got credible

The trust layer was not trusted immediately. Lenders resisted it. They believed their loan officers, with decades of experience, could read a borrower better than a formula. They were wrong, and the data proved it. Loan officers had unconscious biases toward people who looked and spoke like them. The score did not.

The trust layer gained credibility through one mechanism: predictive accuracy tracked over time. Borrowers who scored above 700 defaulted at a dramatically lower rate than those who scored below 600. The data was irrefutable. The market adopted the score not because it was philosophically compelling but because it made better decisions.

Alloy is built on the same logic. The score is a function of independently verified evidence. Past behaviour — real, documented, externally confirmed behaviour — predicts future performance. A candidate with active GitHub repositories, verified certifications, and a name that appears in published work is statistically less risky than a candidate whose resume says the same things but whose claims vanish when you search for them.

What moves the score

Code — verified repositories, contribution depth, PRs, reviews, commit frequencyhigh weight
Credentials — third-party verified certifications, expiry monitoredhigh weight
Identity — triangulated across GitHub, SEC EDGAR, USPTO, web presencehigh weight
Community — published writing, conference appearances, professional bodiesmedium weight
Military & clearance — service confirmed via independent sourcesmedium weight
Extended — patents, academic publications, package contributions, CrossRefmedium weight
Tenure — career trajectory length and consistencyrole-adjusted
Leadership — seniority signals confirmed across sourcesrole-adjusted
Corroboration multiplier — facts confirmed by 3+ independent sources compoundup to ×1.25

The bias problem that nobody talks about

Hiring bias is usually discussed in terms of demographics — race, gender, age, educational background. These are real and important. But there is a second category of bias that receives far less attention: the bias toward candidates who are skilled at presenting themselves.

The candidate who went to a prestigious university and worked at a brand-name company learned, by osmosis, how to write a resume. They networked with people who gave them feedback. They applied to enough roles to learn what worked. Their polish is a function of access, not capability.

The veteran transitioning from military service to the private sector has spent twenty years executing at the highest possible stakes. They do not know what a ATS keyword scanner wants. Their resume is blunt and chronological. They often score poorly on automated screening systems designed to reward a particular kind of self-presentation.

An evidence-based score addresses this by adjusting what it measures based on what the role actually demands. A software engineer is weighted toward code contributions and technical certifications. A program manager is weighted toward tenure, leadership signals, and professional credentials. A cybersecurity analyst is weighted toward certifications and clearance. The score does not apply a single template to every human being — it recognises that evidence of competence looks fundamentally different depending on the work.

Signal Resume-based screening Evidence-based scoring
Military background Often filtered out — wrong keywords Confirmed via independent sources — service record and public presence score positively
Career changer Penalised — no linear history Scored on current evidence — GitHub, certs, community signals in new domain
Non-traditional background Screened out — wrong institutions Self-taught engineers score on code, not on school name
Strong resume writer Scores high regardless of substance Score is 0 until evidence is found — writing ability is irrelevant
Private / classified career Looks thin — cannot disclose detail DoD and government employers exempt — confirmed service earns positive points

The score improves in real time

One of the trust layer's most important properties is that it is not static. A borrower who pays down debt, opens a new account responsibly, and lets their credit history age will watch their score improve. The score is responsive to behaviour.

Alloy works the same way. When a candidate provides their GitHub URL, the score updates immediately as repositories are verified against their claimed stack. When they add a Credly profile, their certifications are confirmed against the issuing authority in real time. When a confirmed employer is found in a web search, the points are added and the score reflects the new evidence.

This creates something that hiring has never had before: a score that candidates can actively improve by providing more evidence, not by polishing their language. The incentive is to be transparent, not to perform.

Like a trust layer, it also decays. Certifications that expire lose their weight. Code repositories that go dormant gradually contribute less. But permanent achievements — a degree, a patent, a military service record — remain. The score reflects who you are now, not who you were three years ago.

And like a trust layer, it tells you exactly why. The top factors limiting a candidate’s score are surfaced explicitly: “No verified certifications found,” “GitHub contributions below depth threshold,” “Employment not independently confirmed.” There is no mystery. The candidate knows what to provide. The recruiter knows what is missing.

Gaming the system is addressed in the same way FICO handles it. A sudden burst of activity — three new certifications, a freshly created GitHub, and a LinkedIn profile all appearing within sixty days — triggers the same kind of suspicion that opening five credit cards in a week does. Depth matters more than breadth. A GitHub account with three years of consistent contributions is worth more than one created last month with a flurry of commits. Evidence that takes time to build cannot be fabricated overnight.

When the score responds to evidence, candidates stop gaming the system and start demonstrating what is actually true about them.

What this means for hiring

The analogy is not decorative. Credit scoring changed the economics of lending by making risk quantifiable, comparable, and defensible. A lender who rejected a borrower with a 740 score would have to explain why. The burden of proof shifted.

Alloy shifts the same burden in hiring. A recruiter who rejects a highly-scored candidate will need to explain what evidence led them to a different conclusion. Gut instinct is no longer sufficient justification.

Conversely, a candidate with a score of 22 has not been unfairly treated. They have simply not provided — or do not have — independently verifiable evidence of the claims they are making. The score tells them exactly what to fix.

Hiring does not need more AI that writes better job descriptions or generates more targeted outreach. It needs a standard. A number that any party in the transaction — recruiter, candidate, or hiring manager — can look at and understand, with confidence that it reflects something real.

Alloy is that number.