Skip to main content
AgenticAssure

Trust & Assurance

Built for the audit you have not had yet

Big-4, Notified Body, MAS, NCA. Every assertion you publish is sealed, time-stamped, and provable.

Invite your auditor See all frameworks
AgenticAssure Settings showing External Auditor Seats and Policy Library with time-boxed access management, cryptographic seal, and RFC3161 timestamps

RFC3161 timestamps · Cryptographic seal · Dual hash-chained ledger · 7 RBAC roles

Dual hash-chained ledger

Two independent chains. Both verifiable in one click.

Most platforms have a single audit log. AgenticAssure has two independent, hash-chained records: one for every platform event, one for every test result anchored to the blockchain. A discrepancy between them is mathematically detectable.

Platform events

Append-only, hash-chained audit log. Every policy change, approval, and violation is immutably recorded.

Policy created

SHA-256: a3f7e9c201b48d56

Approval granted

SHA-256: b8e2d4f31a97c06e

Runtime violation

SHA-256: c1d9e56702fb8a34

Audit export

SHA-256: d4a2f8b19c3e07d5

Test results

Blockchain-anchored test evidence. Every result hash-chained and verifiable on MongoDB PoW, Base L2, or Hyperledger.

Test run started

SHA-256: e7c3a9124bf60d82

Security results

SHA-256: f2b8c345d0a91e76

Conformity score

SHA-256: a5d1e67893cf2b04

Blockchain anchor

SHA-256: b9f4d901e2a7c358
Verify chain integrity
Live
AgenticAssure Assurance module showing immutable hash-chained platform audit log with JSON export button, recording policy changes, approvals, and violations
Module 6: Platform-event audit log. Immutable, hash-chained, exportable as JSON. Every policy change, approval, violation, and auditor access recorded.
Verifiable
AgenticAssure Analysis module showing blockchain audit log with Verify Chain Integrity button confirming each test result is tamper-proof and hash-chained
Module 5: Blockchain-anchored test results. Verify Chain Integrity confirms each result hash is intact. Supports MongoDB PoW, Base L2, and Hyperledger Fabric.

14

event types, every action, hash-chained, blockchain-anchored

2

independent hash chains, both verifiable

1-click

chain integrity verification on demand

Provable compliance

What dual-chain verification looks like in practice

1

Event occurs

Your model passes the EU AI Act assessment

On March 15, your team runs a conformity assessment against the EU AI Act. The model achieves a passing Conformity Score across all 30 controls.

2

Evidence sealed

Platform log entry hash + blockchain anchor created

The platform logs the assessment event with a SHA-256 hash chained to every prior event. Simultaneously, the test result is anchored to the blockchain with its own independent hash.

3

Auditor verifies

Your auditor confirms both chains are untouched

Six months later, an External Auditor opens their time-boxed session. One click on "Verify Chain Integrity" proves neither chain has been tampered with. The evidence is as it was the day it was produced.

If either chain is altered, the discrepancy is mathematically detectable. No trust required: only cryptographic proof.

External Auditor Seats

Invite your auditor. They see exactly what they need, nothing more.

External Auditor Seats give Big-4 partners, Notified Bodies, MAS inspectors, and NCA reviewers scoped, time-boxed, read-only credentials. Every access is appended to the immutable audit log. The external_auditor role is scoped to verification endpoints only: your operational controls remain invisible.

Live
AgenticAssure Settings showing External Auditor Seats and Policy Library configuration panel with time-boxed access, cryptographic seal, RFC3161 timestamps, and probe manifest
Settings: Auditor Seats + Policy Library. Configure access duration, endpoint scope, and seal per engagement.

Time-boxed read-only access

Expiring credentials with a hard cutoff date. No standing access, no over-provisioned roles left active after engagement close.

RFC3161 timestamps

Every evidence package carries an RFC3161-compliant timestamp: legally admissible proof of when each result was produced.

Cryptographic seal

Evidence is sealed before delivery. Any post-seal mutation breaks the seal automatically: tampering is detectable without platform access.

Probe manifest

Auditors receive a complete manifest: every probe run with technique, model, judge version, timestamp, and result hash.

Immutable auditor trail

Every auditor action (every document accessed, every API call made) is appended to the platform audit log before the session begins.

Big-4 / Notified Body / MAS / NCA compatible

Credential format and evidence structure meet the intake requirements of major audit firms and regulatory bodies across jurisdictions.

Access contrast

What your operator sees vs. what your auditor sees

The external_auditor role is scoped to verification endpoints. Your operational controls, policy configurations, and model connections remain invisible.

Operator view

Full platform access

  • Operations Center dashboard with go/no-go banner
  • Policy Studio: author, simulate, enforce
  • Model connections and test execution
  • Framework mapping and attestation management
  • User management and integration configuration
  • Full audit log with export capability

External Auditor view

Verification endpoints only

  • Sealed evidence packages with RFC3161 timestamps
  • Cryptographic seal verification (one click)
  • Probe manifest: technique, model, judge, result hash
  • Chain integrity verification for both ledgers
  • Read-only compliance status and Conformity Scores
  • Time-boxed session with hard expiry date
EvidenceExtractionAgent

Your existing evidence, working overtime

Upload your SOC 2 report, model cards, DPIAs, or internal AI policies. The EvidenceExtractionAgent reads every document, identifies compliance-relevant assertions, and drafts byte-verified attestations on the framework console for every framework you are assessed against. Your compliance team reviews and publishes. No manual extraction. No copy-paste errors. No out-of-date evidence.

Upload, extract, attest, anchor

Each attestation the agent drafts includes:

  • Source document reference: byte-verified, not paraphrased
  • Framework control mapped (AIVTF principle, EU AI Act article, NIST subcategory, MindForge dimension)
  • Attestation text drafted and ready for human review
  • Reviewer name and approval timestamp recorded
  • Hash anchored to blockchain before the attestation is published

Framework consoles supported

AI Verify AIVTF v2.0 11 principles, 62 outcomes
EU AI Act 16 articles, Annex IV Dossier
NIST AI RMF 72 subcategories, 12 GAI risks
MAS MindForge FEAT, 7 dimensions
Refusal-aware judges

Your judges. Your language. Full provenance

The judge LLM is BYO. Bring your own API key for OpenAI, Anthropic, Google Gemini, or Ollama. Multi-provider fallback chain: if one provider is unreachable, the next runs automatically. Every judge prompt template is editable; every change is recorded immutably in the audit log and anchored to the blockchain before it takes effect. Refusal-aware calibration ensures a cautious model is never penalised for refusing a harmful prompt: a correct refusal scores as a pass.

Connected
AgenticAssure Settings LLM Providers tab showing multi-provider fallback chain with OpenAI, Anthropic, Google Gemini, and Ollama with reachability status and mTLS configuration
LLM Providers: multi-provider fallback chain. mTLS + custom headers. Per-provider reachability and last-scan timestamp.
Auditable
AgenticAssure Settings Judge Prompts tab showing editable judge prompt templates including Generic LLM Judge and Safety Refusal Judge with blockchain-anchored version history
Judge Prompts: editable templates. Every change immutably recorded and blockchain-anchored. Default judges: Generic LLM Judge, Safety Refusal Judge.

Multi-provider fallback

OpenAI, Anthropic, Ollama, Google. If a provider is unreachable, the next in chain runs automatically. No single point of failure in your assurance programme.

mTLS + custom headers

Enterprise-grade transport security. Bring custom auth headers for on-premise, private cloud, or air-gapped model deployments.

Blockchain-anchored prompts

Every judge prompt version is hashed and anchored. Old and new versions are preserved, timestamped, and attributable. No silent edits.

Identity, RBAC & Multi-tenancy

Every role, every tenant, every action: controlled

Seven discrete RBAC roles (including external_auditor), tenant isolation enforced at the database layer, and MFA that is constitutionally non-negotiable.

Shipped RBAC hierarchy

1

super_admin

Full platform access. Tenant provisioning, user management, system configuration.

all
1

admin

Tenant-scoped administration. User management, policy authoring, integration setup.

manage_users manage_policies manage_integrations
2

tester

Create and run tests, view results, manage model connections.

run_tests view_results connect_models
2

compliance

Framework mapping, conformity pipeline, evidence review and attestation publishing.

manage_frameworks review_evidence publish_attestations
3

auditor

Read-only access to audit logs, compliance status, and test results within tenant.

view_audit_log view_compliance view_results
3

viewer

Read-only dashboard access. No configuration, no test execution.

view_dashboards
4

external_auditor

Time-boxed, scoped to verification endpoints only. Cryptographic seal, RFC3161 timestamps, probe manifest.

verify_evidence view_sealed_results

Tenant isolation at DB layer

Every entity carries a tenant column. Cross-tenant reads are architecturally prevented, not configuration-enforced.

SSO-ready (SAML / OIDC)

SSO Providers tab ships in Settings. Slot your existing IdP (Okta, Entra ID, Auth0) without bespoke engineering.

MFA enforced (Constitution)

TOTP multi-factor authentication is mandatory per the platform Constitution. It cannot be disabled at the tenant level.

Non-human identity rigour

Agent and MCP server identities managed via DID-JWS and SPIFFE: the same identity rigour applied to human principals.

Operational discipline

SLAs, cost gates, retention: configured, not hoped for

Enterprise assurance programmes need operational rigour alongside security controls. Per-severity SLAs auto-escalate when breached. Cost gates prevent runaway spend before it happens. Retention is configurable per tenant to match your regulatory obligations.

Per-severity SLAs with auto-escalation

Critical 4h, High 24h, Medium 7d, Low 30d. Breaches escalate automatically: no manual triage loop required.

Per-run cost gate

Pre-flight estimate above the threshold (default $100) requires explicit admin approval. Prevents runaway spend before it happens.

Configurable retention

90-day default, fully configurable per tenant. Meets most regulatory data-retention obligations out of the box.

Structured JSON logging

Every platform event logs to structured JSON. Feed directly into your SIEM without log-parsing gymnastics.

Health endpoint

Standard /health endpoint for uptime monitors, load balancers, and synthetic checks.

Worker health visibility

Real Arq worker tiers are visible in the Assurance module: the operator and SRE surface is not hidden behind abstractions.

Configurable
AgenticAssure Settings advanced configuration panel showing per-severity SLA settings with Critical 4h, High 24h, Medium 7d, Low 30d, plus cost gate and retention policy controls
Advanced Settings: per-severity SLAs with auto-escalation, per-run cost gate, and configurable retention. All per-tenant.

12 frameworks mapped. 120 controls tracked. Evidence produced for each.

EU AI Act 30 controls 13 NIST AI RMF 1.0 17 controls 3 ISO/IEC 42001:2023 12 controls OWASP LLM Top 10 10 controls 3 MITRE ATLAS 7 controls 2 GDPR AI Subset 10 controls 4 MAS MindForge 4 controls AI Verify AIVTF v2.0 11 controls 3 HIPAA 5 controls 4 PCI DSS 4.0 (AI Profile) 4 controls 2 SOC 2 (AI Controls) 6 controls 2 FINRA (AI Profile) 4 controls 2

Coming next

CCPA (AI Profile) 8 controls Q3 2026 NIST CSF 2.0 (AI Profile) 4 controls Q4 2026
Security baseline

Constitution-aligned by design

AgenticAssure is built against its own published Constitution: six non-negotiable principles that govern every architectural decision, every shipped feature.

  1. Assurance

    Every claim about a model is backed by evidence: a test result, a timestamp, a hash. No unsubstantiated verdicts leave the platform.

  2. Human override

    Runtime enforcement requires human approval for sensitive actions. The Approval Queue and Kill Switch exist so a person can stop the machine.

  3. Auditability

    Every action (user, system, or API) is appended to the immutable audit log. Nothing is editable after the fact.

  4. Tenant isolation

    Data boundaries between customers are enforced at the database layer. Tenant leakage is architecturally prevented, not just policy-blocked.

  5. Secrets management

    API keys are encrypted at rest (Fernet + KMS abstraction). No plaintext credentials in logs, databases, or UI. Key rotation is supported.

  6. Evidence integrity

    Test results and judge prompts are hash-chained and blockchain-anchored. You can prove cryptographically that evidence has not been altered since it was produced.

Sub-processors, Privacy & Terms

Full sub-processor list, privacy policy, and terms of service are published. For procurement questionnaires, DPAs, or NDA-gated security documentation, contact your account team.

Sub-processors Privacy Policy Terms of Service Security questionnaire
External Auditor Seats

Trust layer for enterprise AI

Invite your auditor today.
Time-boxed access. Cryptographic seal. RFC3161 timestamps.

Book a demo