1. Logs are not evidence
Vendor logs are mutable, unverifiable, and controlled by the same provider that produced the output. Courts, regulators, and auditors require independent, tamper-evident proof.
Why Trust Receipts
Why AI needs non-repudiation.
AI is becoming production infrastructure. But unlike networks, software, and financial systems, AI has no execution proof. Trust Receipts fix this.
2. Screenshots are inadmissible
They can be edited, fabricated, or misattributed. They do not prove what model was used, what policy was applied, who authorized the request, or whether the output was altered.
3. The EU AI Act requires auditability
High-risk AI systems must produce traceable, verifiable, tamper-evident, policy-aware records of execution. Trust Receipts are the architecture built for all four.
4. Agentic AI requires cryptographic accountability
As AI systems begin taking actions, making decisions, and triggering workflows, enterprises need proof instead of hope.
The Requirements
Any evidence system for AI accountability must deliver these five properties.
| Property | Meaning | Why It Matters |
|---|---|---|
| Integrity | Evidence cannot be modified without detection | Prevents retroactive alteration of records |
| Authenticity | The origin of a record can be verified | Establishes who or what generated an interaction |
| Non-Repudiation | Originators cannot plausibly deny creating a record | Prevents disputes over known interactions |
| Provenance | Context, timing, and system state are attested | Answers when and under what conditions an interaction occurred |
| Independent Verifiability | Verification does not require trusting a single party | Removes dependence on provider-controlled evidence |
Together these properties turn an interaction record from a log into evidence.
The missing primitive
Non-repudiation is a solved problem everywhere except AI.
We already rely on cryptographic proof in every other critical system. AI is the last major execution layer without it. SONATE closes that gap.
We already use cryptographic proof for
- TLS for network security
- Code signing for software integrity
- Digital signatures for transactions
Receipts are the accountability layer for autonomous systems.
A Trust Receipt is a compact, signed record containing prompt/response hashes, chain links (previous_hash), Ed25519 signature, agent/tenant context, and the exact policy result (including the six SONATE constitutional principle scores) at the moment of execution.