Every AI decision generates a cryptographically signed receipt. Here’s a real example of what your team, your auditors, and your board can verify.
A single attestation receipt, captured the moment an AI decision executes. Every field is immutable once signed.
GLACIS Attestation Receipt ─────────────────────────────────────── Receipt ID: att_7f3a2b1c-e4d5-4a8f-9b2e-1c3d4e5f6a7b Timestamp: 2026-03-14T14:23:47.891Z Epoch: 1710425027 AI System: Clinical Documentation Assistant (v2.4.1) Model: gpt-4o-2024-08-06 Provider: Azure OpenAI (East US 2) ┌─ Policy Evaluation ───────────────────────────────┐ │ Policy: prod/clinical-docs/v3 │ │ Decision: PERMIT │ │ Controls Applied: │ │ ✓ PHI detection — 0 entities found │ │ ✓ Jailbreak guard — score: 0.02 (threshold: 0.7) │ │ ✓ Toxicity filter — score: 0.01 (threshold: 0.5) │ │ ✓ Token budget — 847 / 4096 │ │ Confidence: 0.98 │ └───────────────────────────────────────────────────┘ ┌─ Cryptographic Proof ─────────────────────────────┐ │ Request Hash: a7f3...2b1c (SHA-256) │ │ Response Hash: e4d5...4a8f (SHA-256) │ │ Signature: ECDSA-P256 │ │ Witness Status: 3/5 witnesses confirmed │ │ Transparency Log: anchored ✓ │ │ Inclusion Proof: verified ✓ │ └───────────────────────────────────────────────────┘ ┌─ Zero-Egress Verification ────────────────────────┐ │ Data Egress: 0 bytes │ │ Boundary: Only HMAC’d commitments crossed │ │ Storage: Customer environment (local CAS) │ └───────────────────────────────────────────────────┘
Every field in the receipt exists for a reason. Here’s what your compliance team and auditors care about.
“Did the AI follow the rules?” Shows permit, deny, or escalate — and which controls ran against the request before it was allowed through.
“What guardrails were active?” PHI detection, jailbreak prevention, toxicity filtering — with scores proving each control executed, not just that it was configured.
“Which AI made this decision?” Exact model version, provider, and configuration — captured at the moment of inference, not reconstructed from logs.
“Can anyone tamper with this?” Signed with ECDSA. Hashed. Witnessed by independent third parties. Anchored in a transparency log that anyone can audit.
“Did any data leave?” Proves 0 bytes of PHI crossed the trust boundary. Only hashed commitments were shared — the actual content never left your environment.
“When exactly?” Millisecond precision. Bound to system state at the time of the decision. Not a log entry written after the fact — a commitment sealed at runtime.
Individual receipts aggregate into a single, structured deliverable your auditors and regulators can consume without calling a meeting.
X decisions attested across Y AI systems over Z days. One number that tells the board how much of your AI estate is covered.
Every safety control, every execution, pass/fail rates. Not a policy document saying controls exist — proof they ran.
How receipts map to ISO 42001, NIST AI RMF, and EU AI Act controls. One evidence base, multiple frameworks.
Queryable log of every decision — searchable by date, system, outcome, or control. Your auditors don’t wait for you to pull reports.
Machine-readable format for auditors and downstream compliance tools. No more spreadsheets — structured data that feeds directly into GRC platforms.
Full observability for your team. Zero data exposure to us. That’s what zero egress actually means.
Logging this costs less than your current observability stack. Every receipt is structured, queryable, and stored in your environment.
Walk through a live Evidence Pack with our team. We’ll show you exactly how receipts map to your frameworks, your audit requirements, and your procurement checklist.
Talk to Us