Reconstruct. Verify. Prove It.
AI Forensics reconstructs an agent's entire decision chain, commits to it with a KMS-signed DSSE attestation, and exports evidence any auditor can verify offline — without trusting our infrastructure.
Monitoring tells you something broke.
Forensics tells you which agent did it, what it was trying to do, and whether the audit chain was tampered with.
Monitoring / Observability
- •What's happening now?
- •Metrics, traces, APM dashboards
- •Application-level logs (mutable)
- •Alert when something goes wrong
AI Forensics
- ✓What exactly happened, provably?
- ✓Cryptographic chain of evidence
- ✓Tamper-evident, independently verifiable
- ✓Reconstruct and replay any incident
Forensic Capabilities
Every capability is built into the platform — not bolted on after the fact.
Chain-of-Thought Capture
Every gateway decision — ALLOW, DENY, policy match, upstream call — becomes an HMAC-chained entry tied to the specific agent, policy version, and credential used.
Incident Replay
Given any agent and time window, reconstruct every request, every policy evaluation, and every outcome in order. Step through the full session timeline.
Signed Session Attestations
Every session closes with a DSSE envelope signed by a KMS-held ECDSA P-256 key. The signed payload commits to the exact audit range, so an auditor can prove offline that the chain hasn't been altered since sign time.
Chain Verification
One API call (or the offline CLI) verifies the integrity of your entire audit chain. If a single record was altered or deleted, the chain breaks — and we tell you exactly where.
Anomaly Detection
Automated detection of latency spikes, cost outliers, and deny clusters. Surface suspicious agent behavior before it becomes an incident.
Forensic Export
Export forensic reports as JSON with chain-of-custody certificates, or as CSV for spreadsheet analysis. Built for auditors, not just engineers.
Shadow Agent Detection
Automatically detect unregistered agents attempting to access your infrastructure. Surface rogue agents through denied request patterns.
The Four Pillars of AI Agent Governance
Most solutions cover one or two. AI Identity covers all four.
| Pillar | Core Question | AI Identity Capability |
|---|---|---|
| Identity | Who is this agent? | Per-agent API keys, lifecycle management, scoped credentials. |
| Policy | What is it allowed to do? | Fail-closed gateway, deny-by-default policy evaluation. |
| Compliance | Can we prove rules were followed? | DSSE-signed session attestations, HMAC-verifiable audit logs, automated compliance assessments. |
| Forensics | What happened, provably? | Hash-chained logs, incident replay, export, offline cryptographic verification. |
Forensics Meets Compliance
AI Forensics isn't optional — it's what regulators are already requiring.
EU AI Act
Traceability & record-keeping (Art. 12)HMAC-chained audit trail with full request metadata, configurable retention, and evidence export.
SOC 2 Type II
Tamper-evident audit loggingDSSE-signed session attestations (ECDSA P-256) over an HMAC-SHA256 hash chain. Dual-key separation: signing keys in KMS hardware, chain HMAC keys in the application tier — forging evidence requires both.
HIPAA
Audit controls (164.312(b))Per-agent activity logging with attribution, chain-of-custody certificates for evidence export.
NIST AI RMF
Agent observability & integrityContinuous monitoring, anomaly detection, forensic replay of agent decision sequences.
If it didn't go through AI Identity, you can't prove what your agent did.
Start with the free tier — 5 agents, tamper-proof audit trails, and chain verification included.