Claims and verification

AxioRank makes a small number of precise competitive claims. Each is stated here in full, with what it rests on and how you can check it yourself. We re-verify these against the shipping market every quarter; the dates below say when each was last checked. If you find one that no longer holds, tell us and we will fix it.

The transparency-log gateway

The only commercial AI agent gateway, as of June 2026, whose audit log is itself a hosted RFC 6962 Merkle transparency log: hourly Ed25519 signed tree heads with a public key endpoint, checkpoint APIs for independent log monitoring, and a per-action signed receipt for every governed call, each verifiable offline with a zero-dependency open source verifier (TypeScript, Python, CLI).

Verify it: fetch the public key at /api/v1/audit/public-key, pull the checkpoint series from /api/v1/audit/log/{logId}/checkpoints, and verify a receipt offline with @axiorank/audit-verify. See Verify our log yourself.

Runtime integrity information-flow control

The first runtime integrity information-flow control for AI agents shipped in a commercial gateway, with no agent rewrite, no framework migration, and no special hardware: untrusted tool outputs are minted as value-level taint with token-level fingerprints, propagated across the trace, and enforced at egress and destructive sinks with deny, hold, or allow tiers.

The load-bearing words are integrity (where untrusted data came from, not just where sensitive data goes) and no agent rewrite (it is a gateway you put in front of agents you already run). Confidentiality-direction taint DLP exists elsewhere; value-level integrity taint on untrusted tool outputs, in a gateway, does not.

Prevention and proof in one receipt

The only AI agent gateway that signs all three into one offline-verifiable receipt: the information-flow policy the call was evaluated under, the enforcement decision itself, and the cryptographic signature of the human who approved any exception, bound into the delegation chain. Verifiable with nothing but the receipt and a public key: no TEE hardware, no ledger, no vendor in the loop.

The uniqueness is the three-way conjunction in one artifact. Verification needs two inputs you control: the receipt, and the published log public key you pin once.

Opt-in cross-tenant threat intelligence

The only AI agent gateway with an opt-in, customer-contributed cross-tenant threat intelligence exchange for agent and MCP tool-call attacks, protected by a published k of 5 anonymity floor: an indicator detected in one participating tenant enriches verification for every participating tenant, without exposing who contributed it.

The anonymity floor is published and enforced in code: an external identity is only ever surfaced once at least five distinct workspaces have independently flagged it. See Detection intelligence.

The public protocol coverage tracker

The only agent security control plane that publishes a protocol coverage tracker, across agent, auth, and payment protocols, with a public per-protocol status and live-in-the-gateway count (as of June 2026).

Verify it: the live, machine-readable matrix is at /api/v1/protocols. The "live in the gateway" rows have a working adapter today; "watching" and "planned" rows are tracked but clearly marked as not yet live.

Things we deliberately do not claim

• We do not claim "the first signed receipts for agents" (the receipts primitive is standardizing across several vendors and IETF drafts).
• We do not claim "the only Merkle audit log" (a Merkle logging service exists).
• We do not claim "the first offline-verifiable evidence bundle" (others ship one).
• We do not claim conformity with the EU AI Act; our pack is evidence supporting a deployer's obligations. See EU AI Act evidence pack.

Last re-verified: June 2026. Next review: September 2026.