Cryptographic evidence for every AI decision.
Sign it. Log it. Prove it. Pack it. The core attestation engine that turns AI decisions into regulator-admissible evidence.
The four-stage pipeline
RFC 8785 canonical JSON. Hash inputs, outputs, model version, confidence. Deterministic — the same decision produces the same bytes in every region, in every SDK language.
Ed25519 signature via your KMS — AWS KMS, Azure Key Vault, GCP KMS, HashiCorp Vault, or any PKCS#11 HSM. The key never leaves your control. Veridra sees only the signature request.
Append to a Trillian-backed Merkle transparency log. Tenant-isolated tree. Inclusion proofs returned synchronously. Log roots co-signed by third-party witnesses.
On request, bundle signed decisions, policy enforcement records, incidents, and inclusion proofs into a single signed evidence pack — PDF for regulators, ZIP for auditors.
What makes Attest defensible
A third party can verify every signature and every log inclusion using our open-source CLI. They do not need Veridra servers to be running. They do not need Veridra's cooperation.
BYOK is not a checkbox. Your KMS holds the signing key. Veridra's signer service requests signatures over mTLS — nothing else. If you revoke the key, Veridra stops being able to sign. That's the point.
Conformance-tested across every SDK (Python, Node, Go, Java) via golden vectors in CI. A Python-signed decision and a Go-signed decision of the same payload produce identical signatures. Nondeterminism is treated as a bug.
Append-only, architecturally. No update, no delete path exists in the evidence tables. Corrections are new events that reference the original. This is the regulator-grade property: a signed record cannot be quietly changed later.