Platform

Govern the action. Hold the evidence.

Verillian governs what an AI tool or agent that reaches a provider can do the moment it acts, on the device, and records what happened in a way that cannot be quietly changed. Control and evidence in one layer: runtime AI governance for regulated institutions.

What is runtime AI governance?

Runtime AI governance is policy enforcement while AI tools and agents are acting, not a review after they act. Verillian implements it on the device: policy is enforced at the moment of execution, and every captured interaction is signed into a tamper-evident record the institution holds.

Gartner names this category AI governance platforms. Verillian delivers the runtime enforcement layer of that category on the device, with evidence the institution holds.

How does the flow work on the device?

Every request takes the same path. The decision happens on the device, before anything crosses the boundary, and the proof comes with it.

01 origin
AI tool or agent
Any app, agent, or browser tab on the endpoint, sanctioned or not, forms an outbound request to a provider.
02 on device
Verillian sentinel
Evaluates each request against your policy on the device, before it reaches the provider, and decides what the tool or agent may do.
ALLOWREDACTBLOCK
03 boundary
Provider
Receives only what policy permits. A blocked request never leaves the device.
04 after
Signed chain
Every captured interaction is Ed25519-signed and hash-chained, encrypted under keys only you hold.

data flow: device to boundary to record

What does each step do on the device?

The same path runs on every captured interaction, whether a person or an autonomous AI agent set it in motion. Here is what each step actually does, on the device where the request originates.

01

Intercept

AI traffic is intercepted on the device, before a prompt reaches any provider. Nothing depends on the provider cooperating, and nothing requires changing the tools your staff already use.

02

Decide

Your policy is enforced the moment an AI tool or agent acts. Each action is allowed, redacted, or blocked against the policy your institution sets, in real time, not flagged after it already happened.

03

Prove

Every captured interaction is signed and hash-chained into a tamper-evident record. When an auditor, a regulator, or a court asks what happened, the answer already exists and it holds up.

Every action gets a decision, the moment it acts

Allow, redact, or block: AI policy enforcement evaluated as a tool or agent acts rather than reviewed after the fact. The same decisions appear in the product, in the chain, and in every report, the vocabulary of what your AI was allowed to do.

What proof can operators open and read?

Every captured interaction is signed and hash-chained into a tamper-evident audit trail, the construction used in certificate transparency and financial ledgers. The chain is not a black box: operators see every entry, every decision, and the unbroken hash that ties them together. The same layer that governs the action holds the evidence of it.

operator console, representative view, live feed

How do you deploy it?

Two components, standard endpoint management, no change to the tools your staff use. The admin server runs where you put it, and the record stays inside your boundary.

Enroll the fleet
Sentinels deploy through your existing endpoint management. An enrollment queue and bulk operations handle scale.
Distribute signed policy
Policies are distributed as signed bundles. A sentinel rejects any policy not signed by a trusted authority.
Operate offline, fail closed
On lost connectivity a sentinel buffers locally and uploads later. If the buffer fills, it blocks all AI traffic. Not configurable.
Localized and key-isolated
The admin server stores ciphertext under a key only you hold. Signing keys never leave the device, isolated to the machine that created them.

See the full security model

Be precise about what this is

Verillian is infrastructure, not another tool in the stack

  • nota monitoring tool that observes after the fact. Verillian governs the action the moment it acts.
  • nota gateway that needs every provider integrated through an API.
  • nota wrapper that sits between your staff and one approved tool.
  • notan AI company with a model of its own to sell you.
  • nota data collector that ships your data anywhere Your interactions and your keys stay with you.
  • not“AI governance” governance is a meeting. Verillian is enforcement.

See it run on your own endpoints

The clearest way to understand the flow is to watch it decide against your policy, on your fleet. That is what the Founding Customer Program is for.