Every AI decision will need a receipt

SONATE generates cryptographic proof of what every AI system did and whether it can be trusted.

Code signing for AI decisions
Non-repudiation for the agentic era

AI systems are making consequential decisions - approving loans, drafting clinical notes, generating legal analysis - but enterprises have no verifiable record of what was asked, what was returned, or whether it complied with policy.

SONATE fixes this. Every AI interaction produces a signed, tamper-evident Trust Receipt that anyone can verify.

Trust Receipt
Proof record for a single AI interaction
Verified
receipt_idsha256:7e1d4c2d...
signatureEd25519:4f84a8b9...
agent_diddid:web:yseeku.com:agents:sonate
policy_resultpass / 94
linked_hashprev:f86096187696...
Sign
Ed25519
Hash
SHA-256
Identity
did:web
Evidence
Cryptographic proof, not screenshots.
Latency
Policy evaluation in under 50ms.
Verification
Anyone can verify independently.
What is a Trust Receipt?

A Trust Receipt is verifiable evidence - not a log.

A cryptographically signed, hash-chained record of an AI interaction.

It captures what was asked, what was returned, and whether it complied, in a form anyone can verify independently.

Ed25519SHA-256RFC 8785DID-ready identities

What the model was asked

What it returned

Which policies were applied

Whether it complied

Who authorized it

When it happened

Why enterprises need this

Auditability, evidence, and control for real AI operations.

1. Auditability for the EU AI Act

High-risk AI systems must produce verifiable execution records. Logs are not enough.

2. Legal defensibility

When AI causes harm, screenshots and vendor logs fail under scrutiny. Signed receipts are defensible evidence.

3. Agentic AI risk

Autonomous systems make decisions without human review. Accountability must be built in, not reconstructed later.

4. Invisible failure modes

Drift, bias, and manipulation rarely trigger alerts. SONATE makes them visible before they become incidents.

SONATE - Built on Trust Receipts

Three integrated modules. One trust primitive.

From proof to detection to enforcement.

Open where it should be. Proprietary where it must be.

Open

1. Trust Receipt Layer

The cryptographic foundation. Every AI interaction generates a signed, hash-chained receipt.

  • Ed25519 digital signatures
  • SHA-256 hashing
  • RFC 8785 canonicalization
  • Open receipt schema
  • Public key distribution + local verification
  • MIT-licensed verification SDKs
Observability

2. SONATE Detect

Real-time behavioural monitoring for AI behaviour, not just model metrics.

  • Behavioural drift detection
  • Phase-Shift Velocity Model
  • Violation persistence tracking
  • Tactical replay time-travel debugger
  • Session-level manipulation detection
Governance

3. SONATE Orchestrate

Policy enforcement at the point of interaction through a multi-model governance gateway.

  • 6-constraint policy engine
  • RBAC + SSO
  • Provider-agnostic orchestration
  • Webhooks + key rotation
  • Tenant isolation + privacy mode

SONATE doesn't score AI.
It proves what it did.

Live Demo

See SONATE catch real failures in real time.

We ran seven live stress tests on a production model, ChatGPT-4o-mini. SONATE generated a signed Trust Receipt for each one.

Each receipt is independently verifiable. This is governance you can defend in court - with evidence.

What SONATE caught
Seven live stress tests. Signed proof for each result.
  • Discrimination via reframed hiring advice
  • Fabricated academic citations with fake DOIs
  • Pure hallucination presented as research
  • Biased remote-work analysis with mixed real/fake sources
  • Cherry-picked shark-attack statistics
  • Factual vs conspiratorial TLS explanations
Architecture

From AI interaction to verifiable proof in milliseconds.

01 - Intercept

Unified gateway captures the AI request.

02 - Score

Evaluates behaviour across six governance principles in under 50ms.

03 - Sign

Ed25519 signature plus a hash-link to the prior receipt.

04 - Store

Immutable receipt stored as signed JSON, with platform support for DID / VC-style envelopes.

05 - Verify

Anyone can verify using the open SDK.

Why now

AI is becoming production infrastructure.
Non-repudiation becomes mandatory infrastructure.

Regulatory tailwinds

  • EU AI Act: auditability required for high-risk systems
  • NIST AI RMF: governance documentation expected
  • APRA, OAIC, SEC: tightening oversight

Enterprise reality

AI is already making decisions that carry legal, financial, and ethical consequences. Operators need evidence before the claims process starts, not after.

The missing primitive

We have TLS for networks. We have code signing for software. We have digital signatures for transactions. We have nothing for AI execution. Until now.

Pricing

Start verifying AI decisions in minutes. Scale to governed production.

Developer

Free
  • Open verification SDK
  • Public receipt spec
  • 10K receipts/month
  • Community access

Enterprise

Most common
$2K-$8K/mo
  • Policy engine + enforcement
  • Drift detection
  • RBAC + SSO + webhooks
  • Compliance export tooling
  • SLA + dedicated support

Regulated / Custom

Custom
  • Air-gapped deployment
  • High-assurance timestamping
  • Regulatory sandbox pilots
  • On-prem option
  • Custom policy frameworks
About

Operator-built. Execution-first.

Stephen Aitken, Founder & CEO. Twenty years in regulated fintech operations. Built SONATE using AI-assisted development across 200K+ lines of code in seven months.

“We govern AI because we build with AI. SONATE was created through the exact workflows it exists to make verifiable.”

Stephen Aitken - Founder & CEO