1. Audit logs can be modified
Screenshots, exports, and application logs are controlled by the same systems being audited. They are useful records, not independent proof.
SONATE generates cryptographically signed receipts for every AI decision — independently verifiable by regulators, clients, and counterparties.
Logs can be changed. Receipts cannot.
AI systems are already touching loan decisions, clinical documentation, customer communications, and legal workflows. When something is challenged later, ordinary logs do not prove what the system did, which policy ran, or whether an override happened.
SONATE fixes that with one signed artifact, generated at the point of interaction and verifiable by anyone with a public key.
A Trust Receipt is verifiable evidence — not a log.
The receipt captures what was asked, what was returned, which policy decided, and whether the model and the policy disagreed — in a form anyone can verify independently.
What the model was asked
What it returned
Which policy decided (version + hash)
Which rules fired
Whether the model and the policy disagreed
Who authorized it and when
AI systems are already making high-stakes decisions. The problem is not just whether the decision was good. The problem is whether anyone can prove what happened when it matters.
Screenshots, exports, and application logs are controlled by the same systems being audited. They are useful records, not independent proof.
When an AI decision is challenged, the counterparty should not have to trust the vendor's dashboard to know what happened.
If a model, policy layer, and operator all touch the decision, you need proof of who decided what, when, and under which policy.
Financial services, healthcare, and regulated enterprise teams need evidence that survives audit, litigation, and customer review.
Everything else is a reference implementation around that primitive.
The receipt records what your policy layer decided and why. The default policy evaluator ships with SONATE so you can run end-to-end on day one — but it's designed to be replaced. Bring your own deterministic policy, and the receipt records its version, hash, and rule firings instead of ours.
A reference deterministic policy layer that ships with SONATE so you can run end-to-end on day one. Designed to be swapped out.
An example of how receipt-backed evidence can drive gated actions: observe, plan, gate authority, execute, record.
Behavioural and semantic signals that flow into the policy layer as evidence inputs — never as the verdict.
These reference implementations are useful, but they are not the product claim. The product claim is the receipt and the protocol behind it. Customers are expected to adopt the receipt as-is, and replace any of the reference layers above with their own.
We tested a customer-communications prompt wrapped in legitimate-sounding behavioural-science language. Frontier LLM judges passed it. SONATE's deterministic policy layer flagged manipulation risk, scored the interaction, and created a verifiable audit record.
“The email allows for user override and does not manipulate the decision-making process… Overall, the email aligns well with ethical norms.”
Verbatim from the model judges. Both missed the manipulation framing.
Unified gateway captures the AI request and the model's response.
Your policy layer (or SONATE's default) produces a versioned, hashed result. The model's own judgment is recorded as advisory evidence, not as the verdict.
Ed25519 signature plus a hash-link to the prior receipt.
Immutable receipt stored as signed JSON, with support for DID / VC-style envelopes.
Anyone can verify independently using the open SDK. No vendor trust required.
AI is already making decisions that carry legal, financial, and ethical consequences. Operators need evidence before the claims process starts, not after.
TLS for networks. Code signing for software. Digital signatures for transactions. Nothing comparable existed for AI execution. SONATE is the primitive that fills that gap.
We're onboarding design partners now. Start with the open SDK or apply for full platform access.
Stephen Aitken, Founder & CEO. Twenty years in regulated fintech operations. Built SONATE solo using AI-assisted development — 200K+ lines of code in under twelve months. No traditional engineering background. The product is the proof of concept.
Raising pre-seed to onboard design partners and hire the team.