Govern the action. Hold the evidence.
Verillian governs what an AI tool or agent that reaches a provider can do the moment it acts, on the device, and records what happened in a way that cannot be quietly changed. Control and evidence in one layer: runtime AI governance for regulated institutions.
What is runtime AI governance?
Runtime AI governance is policy enforcement while AI tools and agents are acting, not a review after they act. Verillian implements it on the device: policy is enforced at the moment of execution, and every captured interaction is signed into a tamper-evident record the institution holds.
Gartner names this category AI governance platforms. Verillian delivers the runtime enforcement layer of that category on the device, with evidence the institution holds.
How does the flow work on the device?
Every request takes the same path. The decision happens on the device, before anything crosses the boundary, and the proof comes with it.
data flow: device to boundary to record
What does each step do on the device?
The same path runs on every captured interaction, whether a person or an autonomous AI agent set it in motion. Here is what each step actually does, on the device where the request originates.
Intercept
AI traffic is intercepted on the device, before a prompt reaches any provider. Nothing depends on the provider cooperating, and nothing requires changing the tools your staff already use.
Decide
Your policy is enforced the moment an AI tool or agent acts. Each action is allowed, redacted, or blocked against the policy your institution sets, in real time, not flagged after it already happened.
Prove
Every captured interaction is signed and hash-chained into a tamper-evident record. When an auditor, a regulator, or a court asks what happened, the answer already exists and it holds up.
Every action gets a decision, the moment it acts
Allow, redact, or block: AI policy enforcement evaluated as a tool or agent acts rather than reviewed after the fact. The same decisions appear in the product, in the chain, and in every report, the vocabulary of what your AI was allowed to do.
The action is cleared by your policy and forwarded to the provider. Signed into the chain.
Sensitive data detected in the request is masked or removed before the prompt is forwarded.
The action is denied by your policy. It is never forwarded, and the attempt is sealed in the chain.
What proof can operators open and read?
Every captured interaction is signed and hash-chained into a tamper-evident audit trail, the construction used in certificate transparency and financial ledgers. The chain is not a black box: operators see every entry, every decision, and the unbroken hash that ties them together. The same layer that governs the action holds the evidence of it.
operator console, representative view, live feed
How do you deploy it?
Two components, standard endpoint management, no change to the tools your staff use. The admin server runs where you put it, and the record stays inside your boundary.
- Enroll the fleet
- Sentinels deploy through your existing endpoint management. An enrollment queue and bulk operations handle scale.
- Distribute signed policy
- Policies are distributed as signed bundles. A sentinel rejects any policy not signed by a trusted authority.
- Operate offline, fail closed
- On lost connectivity a sentinel buffers locally and uploads later. If the buffer fills, it blocks all AI traffic. Not configurable.
- Localized and key-isolated
- The admin server stores ciphertext under a key only you hold. Signing keys never leave the device, isolated to the machine that created them.
Verillian is infrastructure, not another tool in the stack
- nota monitoring tool that observes after the fact. Verillian governs the action the moment it acts.
- nota gateway that needs every provider integrated through an API.
- nota wrapper that sits between your staff and one approved tool.
- notan AI company with a model of its own to sell you.
- nota data collector that ships your data anywhere Your interactions and your keys stay with you.
- not“AI governance” governance is a meeting. Verillian is enforcement.
See it run on your own endpoints
The clearest way to understand the flow is to watch it decide against your policy, on your fleet. That is what the Founding Customer Program is for.