1. Audit logs can be modified
Screenshots, exports, and application logs are controlled by the same systems being audited. They are useful records, not independent proof.
Cryptographic Audit Layer for AI
Prove what your AI actually did.
SONATE generates cryptographically signed receipts for every AI decision — independently verifiable by regulators, clients, and counterparties.
Logs can be changed. Receipts cannot.
AI Audit Infrastructure
Non-repudiation for regulated workflows
AI systems are already touching loan decisions, clinical documentation, customer communications, and legal workflows. When something is challenged later, ordinary logs do not prove what the system did, which policy ran, or whether an override happened.
SONATE fixes that with one signed artifact, generated at the point of interaction and verifiable by anyone with a public key.
Trust Receipt
Signed record of one AI interaction
Policy override
receipt_idsha256:4072a60c…
signatureEd25519:4f84a8b9…
policy_versioncustomer-ai-policy-v7
policy_hashsha256:b3f01a…
rules_firedmanipulation.consent_boundary
policy_resultpartial · human review
linked_hashprev:5bfebbe8b779…
Sign
Ed25519
Hash
SHA-256
Canonical
RFC 8785
Evidence
Cryptographic proof, not screenshots.
Policy
Your policy, versioned and hashed.
Verification
Anyone can verify, anywhere.
What is a Trust Receipt?
A Trust Receipt is verifiable evidence — not a log.
A cryptographically signed, hash-chained record of an AI interaction and the policy that judged it.
The receipt captures what was asked, what was returned, which policy decided, and whether the model and the policy disagreed — in a form anyone can verify independently.
Ed25519SHA-256RFC 8785DID-ready identities
What the model was asked
What it returned
Which policy decided (version + hash)
Which rules fired
Whether the model and the policy disagreed
Who authorized it and when
Why this matters
Without cryptographic evidence, you cannot prove what happened after the fact.
AI systems are already making high-stakes decisions. The problem is not just whether the decision was good. The problem is whether anyone can prove what happened when it matters.
2. Vendor dashboards control the trail
When an AI decision is challenged, the counterparty should not have to trust the vendor's dashboard to know what happened.
3. Responsibility gets blurry
If a model, policy layer, and operator all touch the decision, you need proof of who decided what, when, and under which policy.
4. Compliance becomes unverifiable
Financial services, healthcare, and regulated enterprise teams need evidence that survives audit, litigation, and customer review.
One product, one primitive
SONATE is one thing: signed Trust Receipts of AI interactions.
Everything else is a reference implementation around that primitive.
The receipt records what your policy layer decided and why. The default policy evaluator ships with SONATE so you can run end-to-end on day one — but it's designed to be replaced. Bring your own deterministic policy, and the receipt records its version, hash, and rule firings instead of ours.
Replaceable
Default policy evaluator
A reference deterministic policy layer that ships with SONATE so you can run end-to-end on day one. Designed to be swapped out.
- Six default policy dimensions, weighted and capped deterministically
- Domain packs for hiring, medical, manipulation, privacy, and more
- Versioned and hashed — `policy_version` + `policy_hash` written into every receipt
- Replace it with your own deterministic policy; the receipt records yours instead
Optional
Reference enforcement loop
An example of how receipt-backed evidence can drive gated actions: observe, plan, gate authority, execute, record.
- Advisory mode by default — proposes, does not act
- Enforced mode requires explicit operator authority
- Every cycle produces a signed audit receipt
- Reference app, not the core product
Advisory
Drift & manipulation signals
Behavioural and semantic signals that flow into the policy layer as evidence inputs — never as the verdict.
- Behavioural drift detection
- Phase-shift velocity model
- Session-level manipulation detection
- Recorded in the receipt as advisory facts, weighted by your policy
These reference implementations are useful, but they are not the product claim. The product claim is the receipt and the protocol behind it. Customers are expected to adopt the receipt as-is, and replace any of the reference layers above with their own.
SONATE doesn't score AI.
It proves what your policy decided.
Concrete example
This looks fine. But it introduces risk.
We tested a customer-communications prompt wrapped in legitimate-sounding behavioural-science language. Frontier LLM judges passed it. SONATE's deterministic policy layer flagged manipulation risk, scored the interaction, and created a verifiable audit record.
Upstream LLM judges
GPT-4o-mini · Claude Haiku 4.5
Verdict: PASS · 7.5 / 10 ethical
“The email allows for user override and does not manipulate the decision-making process… Overall, the email aligns well with ethical norms.”
Verbatim from the model judges. Both missed the manipulation framing.
Deterministic policy layer
Manipulation domain pack applied
Verdict: PARTIAL · 5.1 / 10 · human review required
- Manipulation pack fired (covert influence + agency erosion)
- Consent and ethical-override principles capped
- Upstream LLM verdict explicitly overridden
Architecture
From AI interaction to verifiable proof in milliseconds.
01 — Intercept
Unified gateway captures the AI request and the model's response.
02 — Evaluate
Your policy layer (or SONATE's default) produces a versioned, hashed result. The model's own judgment is recorded as advisory evidence, not as the verdict.
03 — Sign
Ed25519 signature plus a hash-link to the prior receipt.
04 — Store
Immutable receipt stored as signed JSON, with support for DID / VC-style envelopes.
05 — Verify
Anyone can verify independently using the open SDK. No vendor trust required.
Why now
AI is becoming production infrastructure.
Non-repudiation becomes mandatory infrastructure.
Regulatory tailwinds
- EU AI Act: auditability required for high-risk systems
- NIST AI RMF: governance documentation expected
- ISO/IEC 42001: AI management system controls
- APRA, OAIC, SEC: tightening oversight
Enterprise reality
AI is already making decisions that carry legal, financial, and ethical consequences. Operators need evidence before the claims process starts, not after.
The missing primitive
TLS for networks. Code signing for software. Digital signatures for transactions. Nothing comparable existed for AI execution. SONATE is the primitive that fills that gap.
Early Access
We're onboarding design partners now. Start with the open SDK or apply for full platform access.
Open SDK
Free
- Open verification SDK (MIT licensed)
- Public Trust Receipt spec
- Browser receipt verifier
- Community access
Design Partner
Now acceptingEarly Access
- Full platform access
- Bring-your-own policy support
- RBAC + SSO + webhooks
- Direct founder access
- Shape the product roadmap
Custom Pilot
Let’s Talk
- Air-gapped or on-prem deployment
- Custom policy framework integration
- Regulatory sandbox alignment
- High-assurance timestamping
- Dedicated onboarding
About
Operator-built. Execution-first.
Stephen Aitken, Founder & CEO. Twenty years in regulated fintech operations. Built SONATE solo using AI-assisted development — 200K+ lines of code in under twelve months. No traditional engineering background. The product is the proof of concept.
Raising pre-seed to onboard design partners and hire the team.