Veridra
Built for regulated environmentsEU AI ActNIST AI RMFSR 11-7ISO 42001 (mapped)SOC 2 (in progress)
PlatformSolutionsArchitectureTrustDevelopersCompanyRequest review
Company · Thesis

AI defensibility is the next infrastructure category.

Cryptographic evidence for AI decisions will matter more than model performance in regulated enterprises over the next decade.

AI systems that can't be replayed and proven don't get deployed in regulated environments.

The premise

Auditability has shifted from post-hoc documentation to runtime enforcement. Regulatory frameworks including EU AI Act, SR 11-7, and NIST AI RMF now require systems where decisions can be reproduced and policies can be shown to have been enforced at the moment of decision. The era of writing a model card and filing it is over.

What changes

Logs-as-debug-artifacts → logs-as-regulator-evidence

The distinction between engineering grep queries and signed, canonicalized decision records in append-only transparency logs. One is a tool for finding bugs. The other is the evidence a regulator will subpoena.

Model cards → signed lineage

The movement from point-in-time documentation to verifiable system artifacts signed at runtime, checkable without trusting the builder. A regulator doesn't need to believe your documentation — they can cryptographically verify what actually ran.

Incident reports → signed postmortems

The shift from narrative PDFs to forensic artifacts with timestamped decisions, policy versions, and verified remediation chains. When did you first know? The signed log gives a cryptographic answer, not a corporate narrative.

Why this is infrastructure, not a feature

Veridra functions as substrate — the signer, the log, the policy engine, the evidence pack — rather than a dashboard overlay on top of existing ML tooling. A dashboard is something you check when you remember. Infrastructure is something your systems run through because they have to.

  • Vendor-neutral — keys in client KMS, logs verified via open-source CLI, evidence validates without Veridra.
  • Long-term operable — append-only evidence, witnessed log roots, signed lineage surviving organizational changes.
  • Cryptographically verifiable — signatures and inclusion proofs auditable by third parties end-to-end.
  • Substrate-level — governance pipelines run inline with inference, not as retrospective reporting.

How the platform embodies the thesis

  • Govern — defines expected state (inventory, framework mapping, policy-as-code).
  • Attest — proves actual execution (canonicalized, signed, logged, packed).
  • Watch — detects divergence (drift, incidents, signed postmortems).
The verification standard
One question, applied everywhere
Can a regulator, an auditor, or a court verify this claim without trusting the operator? If yes, it's evidence. If no, it's a promise. The platform is built to produce evidence by that standard — every feature is measured against it.
A 10+ year retention horizon
Infrastructure that outlives the vendor
Signed evidence is designed to remain valid long after the signer has been rotated, the operator has changed ownership, or the regulatory framework has evolved. A decision signed in 2026 must still be verifiable in 2036 by anyone holding the historical public keys and witness-co-signed log roots. That's the retention horizon regulated customers operate on, and it's the horizon we build for.
Talk to the team See the platform Read the architecture