Use case: AI audit trail

Prove what your AI did

An AI audit trail is a tamper-evident record of the prompts, responses, and tool calls an AI system processed, signed and hash-chained so any change is detectable. Verillian produces one at the device for every captured interaction, under keys the institution holds.

Where the control sits

Every request takes the same path. The decision happens on the device, before anything crosses the boundary.

01 origin
AI tool or agent
Any app, agent, or browser tab on the endpoint, sanctioned or not, forms an outbound request to a provider.
02 on device
Verillian sentinel
Evaluates each request against your policy on the device, before it reaches the provider, and decides what the tool or agent may do.
ALLOWREDACTBLOCK
03 boundary
Provider
Receives only what policy permits. A blocked request never leaves the device.
04 after
Signed chain
Every captured interaction is Ed25519-signed and hash-chained, encrypted under keys only you hold.

data flow: device to boundary to record

Every captured interaction lands in the chain because the same control decided it. See how Verillian enforces your policy at the boundary in AI policy enforcement.

How do you investigate any turn?

Filter, run, and review the exact request, response, and decision, with the chain verified end to end.

audit, representative view

What an AI audit trail captures

Every captured interaction is signed and hash-chained into a record your institution holds, under keys only you control.

Non-repudiation
Each entry is signed on the device. The server can verify signatures but cannot forge them, because the signing key never leaves the machine.
Tamper-evidence
An append-only chain where each entry depends on its predecessor. Any modification breaks the chain, visibly.
Chain of custody, verifiable
The chain holds the integrity of every entry from capture onward. Verify it across every device at any time: tampering, gaps, or anomalies, per device and fleet-wide.
Retention by framework
Designed to support retention aligned to each obligation, such as one year under CJIS Security Policy v6.0 or six years for HIPAA documentation.
Per-user and attributable
Every captured interaction is signed on the originating device. You see who used which AI tool or agent, when, and what was sent, governed as it happens rather than observed after the fact. Non-repudiation, not guesswork.

The record exists. Now prove it.

A signed, hash-chained entry for every captured interaction. Verifiable at any point, under keys only you hold. We work with our first institutions on their own endpoints, against their own policies. Thirty minutes shows more than a slide deck ever will.