AxioRankZero-Trust for AI Agents
Open the console

Compliance evidence

Hand your auditor a bundle they can verify themselves.

Compliance work usually means screenshots and trust. Instead, export one bundle with the signed checkpoints, the receipts, the policies in force, and the public key, so a SOC 2, ISO 27001, or EU AI Act reviewer can confirm it offline.

Open the consoleRead the docs

SOC 2 · ISO 27001 · EU AI Act · offline-verifiable

evidence-bundle.zip
├─ checkpoints/    signed tree heads
├─ receipts/       per-action proofs
├─ policies/       the rules in force
├─ jwks.json       the public key
└─ verify.md       how to check it
everything an auditor needs, nothing they must trust
1-click
Export the whole bundle
SOC 2 · ISO
Maps to the control evidence
Art 12+14
EU AI Act logging and oversight
Offline
Verifiable without our help

What's in the bundle

Proof, the rules, and the key to check them.

The bundle is self-contained. It carries the evidence and the instructions to verify that evidence, so a reviewer never has to log into anything of ours.

Signed checkpoints

The signed tree heads that prove the audit log was append-only across the period under review.

Per-action receipts

Receipts for the governed actions in scope, each with its membership proof and decision.

The policies in force

The exact rules that were enforcing during the window, so the controls are documented, not described.

The public key and a guide

The JWKS to pin and a short verify guide, so the bundle checks out on the reviewer's own machine.

Offline-verifiable

An auditor confirms it without trusting us.

The whole point is independence. Point the open-source verifier at the bundle and it re-checks every signature and proof locally. If anything was altered, verification fails.

# verify an exported bundle end to end
npx @axiorank/audit-verify bundle ./evidence-bundle.zip
✓ 184,203 entries · all heads signed · no gaps

Evidence, not assertions

The bundle does not say the log is intact. It lets the reviewer prove the log is intact, on their own.

EU AI Act

Evidence for the logging and human-oversight duties.

For high-risk AI systems, the Act expects automatic record-keeping and meaningful human oversight. The platform produces evidence that supports those obligations: a tamper-evident log of agent actions for Article 12, and signed human approvals for Article 14.

Article 12, record-keeping

An automatic, tamper-evident log of every governed agent action, retained and verifiable for the period you set.

Article 14, human oversight

Held calls routed to a person, with each decision signed under the approver's own key and bound into the receipt.

Team and above

This is evidence that supports your obligations. It is not a statement of conformity, which only your organization and its assessors can make.

Keep exploring

Continue across the control plane.

Provable security

Information-flow control plus an offline-verifiable receipt for every governed action.

Open

Audit integrity

A sealed Merkle log with hourly signed tree heads you can verify offline, even against us.

Open

Agent identity

Short-lived signed tokens that verify locally and cannot be replayed.

Open

Audit integrity

The Merkle log and signed tree heads the bundle is built from.

Open

Evidence bundle docs

What the bundle contains and how to verify it offline.

Open

EU AI Act evidence

Which artifacts support the Article 12 and 14 obligations.

Open

Turn your audit log into evidence an auditor can trust.

Export the bundle, hand it over, and let the reviewer verify every proof without ever logging into our dashboard.

Open the consoleCompare plans