Runtime governance and evidence for regulated AI

Runtime AI governance you can prove.

Your team is already running AI tools and agents. Verillian sits on the device, governs what each one can do the moment it acts, and seals every captured interaction into a tamper-evident record encrypted under keys only you hold. Built for regulated environments: the day someone asks, you can show exactly what happened.

On device decisionsTamper-evident chainYour keys, your record
audit: live tail
14:02:07ALLOWperplexity.ai, research querysha256:9f3a…c1
14:02:08REDACTcharacter.ai, 1 SSN maskedsha256:7b20…e9
14:02:09LOGollama, local model observedsha256:3c9b…7d
14:02:10BLOCKdeepseek.com, unsanctioned providersha256:0f47…b8
14:02:11ALLOWclaude.ai, approved, policy v12sha256:d701…2e
14:02:12BLOCKagent, exfil.unknown-host.netsha256:48c0…f1
14:02:13
The model proposes. Verillian decides.

Honest by design: your keys, your record, your call. We are clear about what the instrument does and what it does not, because trust is the product.

live demo / the layer, off and on

One layer governs every AI, authorized or not.

Off, every endpoint reaches every provider in the clear and nothing is recorded. On, each request is decided at the device and sealed to your private server.

Toggle the controls to watch it work. Then block any provider or endpoint by its icon, or take it all dark.

Verillianoff
Revealredacted
Kill switchstandby
shadow AI activegovernedAI contained
0
requests
0
decided
0
sealed
0
in the clear
your endpoints
ep-01
ep-02
ep-03
ep-04
ep-05
no checkpointdecideidle
authorized AI
Anthropic
OpenAI
Google Gemini
Microsoft Copilot
unauthorized AI
Cursor
Ollama
DeepSeek
Qwen
Mistral
xAI Grok
Policy, at execution
enforcedon device

Allow, redact, or block is decided on the endpoint, before anything leaves your network. A blocked call never reaches the provider.

Every interaction
loggedand signed

Each request is Ed25519-signed and hash-chained to the one before it, then sealed to a server you host and read with your own key.

One move
containedon command

Block any provider or endpoint from its icon, or take the whole fleet dark. Each is stopped on the device, before the platform is reached.

The day someone asks

A nurse pastes a patient summary into a chatbot to save an hour. An analyst runs a coding agent that reads a credentials file it was never meant to touch. A teacher drafts an IEP with an assistant that keeps the draft on a server the district does not control.

None of them meant harm. All of them are using AI faster than any review can keep up.

The question is not whether it is happening. It is what you can show when someone asks. A family’s lawyer. A CJIS auditor. A FOIA request. A federal investigator.

Most institutions have nothing to show. A dashboard reports the incident after the data is gone. Verillian gives you the evidence to prove AI compliance: every captured interaction, signed at the device, sealed in a chain only you can read.

Read the architecture

Caught in the act, and on the record

A poisoned coding agent tries to read a developer’s credentials and ship them to an outside server. Verillian blocks it at the tool layer and seals the attempt in the chain. One turn, exactly as an operator reviews it.

audit, turn detail, representative view

The same chain, at rest

From live tail to sealed record

What you watch in motion is the same AI audit trail an auditor reads months later: every captured interaction, in order, each hash chaining to the one before. Quiet, exact, and yours to verify.

audit: sealed record
14:02:07ALLOWperplexity.ai, research querysha256:9f3a…c1
14:02:08REDACTcharacter.ai, 1 SSN maskedsha256:7b20…e9
14:02:09LOGollama, local model observedsha256:3c9b…7d
14:02:10BLOCKdeepseek.com, unsanctioned providersha256:0f47…b8
14:02:11ALLOWclaude.ai, approved, policy v12sha256:d701…2e
14:02:12BLOCKagent, exfil.unknown-host.netsha256:48c0…f1

audit: sealed record, representative view

Built for institutions that cannot afford a gap

The posture is the product. Your signing keys never leave the device, and the record of every captured interaction stays inside your institution.

Built to CJIS Security Policy v6.0
Purpose-built for the controls criminal-justice data demands. Aligned, not certified. CJIS compliance is validated through state-agency audit.
Built for HIPAA-regulated environments
Designed for institutions handling protected health information.
Customer-held keys
Audit content is encrypted under your key. The server cannot read it.
Evidence stays with the institution
The admin server stores opaque ciphertext, not your interactions.

Six sectors, six sets of obligations

Each regulated sector answers to its own obligations. Find yours to see the exposure and the control mapped to it.

Become a founding customer

We work closely with our first institutions, on their endpoints, enforcing their policies. The deployment becomes the proof. Talk to us about working together.