VAiDR · Verified AI Decision Records

The evidence layer
for AI accountability.

Audit-grade, verifiable, client-controlled records of what your AI agents actually did, credible to the regulators, courts, and insurers.

  • Your policy. Your rules.
  • Every AI decision, provable to anyone.
  • Your data never leaves your VPC.

A log is not a defensible record.

Enterprises are moving from small AI pilots to hundreds of AI agents taking real action at machine speed. When a regulator, court, or insurer asks what your AI did, most teams have a log: plain-text rows, editable by anyone with access, rotated on a retention schedule.

Any system can show that an agent acted. Few can prove what it did, who authorized it, and that the record hasn't been altered since. Here's what's missing when the subpoena arrives:

  • No identity binding to the agent and human that acted
  • No independent proof the record existed at that moment
  • No tamper-evidence if a row is changed later

With VAiDR, each of those becomes a property of the record itself: signed, witnessed, and independently verifiable, at the moment the decision is made.

Every agent action becomes a signed, witnessed record.

Step 01

Observe

VAiDR sits where your agents act: an inline control plane over every model and tool call. It captures the metadata of each action: which agent, which human authorized it, which policy version was in force, which model ran. Never your prompts or outputs.

Step 02

Govern

You author the policy, not us. It runs in the request path, before the model is called. Block the action, pause it for a human, allow it with a flag, or allow it. High-stakes rules fail closed: if the check can't run, the request doesn't either.

Step 03

Attest

Every decision becomes a signed record, hybrid Ed25519 + ML-DSA-65, witnessed in a public transparency log within seconds. Anyone with the record and your public key can prove what happened, years later, without trusting Stones AI or the operator.

Control before the action, not an alert after.

Monitoring observes; it never intervenes. By the time an alert fires, the data has left, the claim is denied, the funds have moved. For agents acting at machine speed, the only control that matters happens before the action, and every enforcement decision is recorded and signed.

Block

The request is rejected before the model is ever contacted. A signed "blocked" record is still emitted.

Pause for human

The request is held for operator approval. A human approves or rejects before anything proceeds.

Allow with flag

The request proceeds, but the record is marked with the policy match for audit and review.

Allow

The request proceeds normally and a standard signed record is written.

You author the policy. We don't decide what's safe for you. Rules are plain, auditor-readable conditions on prompts, tools, models, agents, and thresholds. Each rule declares whether it fails closed or fails open when a check can't run, and that choice is itself part of the auditable policy.

Only a hash and a signature cross the line.

One rule: your confidential data stays in your environment. Stones AI never sees it, never stores it, never holds your keys. What crosses the line is proof a decision happened, with none of the content.

  • Prompts and inputs
  • Model outputs and completions
  • Documents and data the agent touched
  • Private signing keys
  • SHA-256 hashes of the request and response
  • Signatures (Ed25519 + ML-DSA-65)
  • Token counts, model name, latency
  • Identity, policy version, enforcement outcome
  • Transparency-log inclusion proofs

The signing key is generated and held by you, never by Stones AI. Records are witnessed in the public Sigstore Rekor transparency log plus an independent witnessed log. Disagreement between the two is itself the tamper signal. Anyone can verify the record. No one can read your data.

Built for the industries already on the hook.

Financial services, insurance, legal, healthcare: anywhere AI actions have to be answered for. Regulated industries are converging on one demand: a durable, inspectable record of what your AI did.

Compliance and risk officers

Your examiners are converging on one demand: a durable, inspectable record of what your AI did, provably unaltered. VAiDR produces exactly that record at runtime, in the same format for the regulator, the court, and the insurer.

CISOs and platform teams

Guardrails today are vendor-decided and after-the-fact. VAiDR puts your rules in the request path: enforcement before the action, not an alert after the data has left.

General counsel

You're liable for the AI's action either way. The question is whether you can prove what it actually was. A plain-text log is weak evidence; a signed, independently witnessed record is a chain of custody.

VAiDR is our principles, made infrastructure.

The deliverable is evidence: a record a regulator, a court, and an insurer can all trust, without trusting us. VAiDR doesn't ask anyone to take your AI's behavior on faith, including you.

Read the principle

You author the policy. High-stakes actions pause for a human before anything proceeds. The record binds every AI decision to the person responsible for it. Accountability with a name on it.

Read the principle

Every decision is signed, publicly witnessed, and verifiable by anyone with the record and your public key, years later, no matter what happens to the vendor. That's showing your work, cryptographically.

Read the principle

Built end-to-end. Hardening now.

VAiDR is built and tested end-to-end and in production hardening. Design-partner pilots start in H2 2026.

Shipped

SDK

Signs a record at the point your agent acts.

Shipped

Proxy

Sits inline over HTTP and enforces your policy on every call.

Shipped

Console

See and verify every record VAiDR creates.

In build

IAM

Identity for every agent that acts.

Early enough that your input shapes what this becomes.

If you're deploying AI agents in a regulated environment and can't yet answer for what they did, we want to talk. Design-partner pilots start in H2 2026.