AI Evidence Vault

Prove what your AI actually was.

Regulators are starting to ask the hard questions: which model version made this decision, what data trained it, and can you prove the records weren't edited after the fact? The AI Evidence Vault hash-chains a model's checkpoints, its training data and its inference logs into one tamper-evident file — and re-checks every artifact byte-for-byte.

Chain the model, its data and its decisions

$ at1 evidence init      acme_credit_model.vault --years 10
  initialized AI Evidence Vault  (retention 10 yr)

$ at1 evidence add-model acme_credit_model.vault  model_v1.safetensors  credit-scorer-v1
  sealed model 'credit-scorer-v1' -> chain seq 1 (hash b0f3efb7…)

$ at1 evidence add-data  acme_credit_model.vault  train.csv  training
  recorded training data 'train.csv' -> chain seq 2

$ at1 evidence add-data  acme_credit_model.vault  infer.csv  inference
  recorded inference data 'infer.csv' -> chain seq 3

Each event extends a hash chain: the model is sealed as a verified, addressable copy, and the training and inference data land as byte-exact columnar frames. Every entry's hash folds in the one before it, so the order and contents are locked.

Prove it's intact — and catch it when it isn't

$ at1 evidence verify  acme_credit_model.vault
  hash-chain: intact ✓ (4 events)
  ✓ model credit-scorer-v1: byte-exact + sealed
  VAULT INTEGRITY: PASS — chain + every artifact byte-exact (audit-ready)

# now someone quietly edits the sealed model on disk...
$ at1 evidence verify  acme_credit_model.vault
  hash-chain: intact ✓ (3 events)
  ✗ model credit-scorer-v1: ALTERED
  VAULT INTEGRITY: FAIL — tampering detected

verify walks the chain and re-reads every sealed artifact. A clean vault passes. The moment a single byte of the sealed model is altered on disk, the next verify names that artifact ALTERED and fails — there is no quiet edit.

Hand a regulator the whole record

$ at1 evidence export  acme_credit_model.vault  evidence_export.json
  exported evidence manifest -> evidence_export.json
  3 events | chain head ac2e0407596b9562…
  retention until 2036-06-20 | sign chain_head with your key/notary
  to attest the whole record

{
  "schema": "ai-evidence-export/1",
  "vault": "acme_credit_model.vault",
  "n_events": 3,
  "retention_until": "2036-06-20",
  "chain_head": "ac2e0407596b9562d763c533b63edf5133f4407d75a61057a5e4b8d3d78e82ee"
}

export emits a regulator-ready manifest: every event, a single chain-head hash that fixes the entire history, and a retention clock. Sign the chain head with your key or a notary and you've attested the complete record in one line — point-in-time, provable, portable.

Built on what already ships

Models seal through verified model-zoo storage; data lands as appendable, queryable frames. The Vault is the audit layer over both.

Tamper-evident by construction

A hash chain across every append means nothing can be inserted, deleted, reordered or edited without the next verify catching it.

Retention + attestation

Each vault carries a retention period and exports a signed, regulator-ready manifest — record-keeping the EU AI Act expects.

One file: the model, its lineage, and the proof

The Evidence Vault composes three AT-1 capabilities — verified model storage, appendable data frames, and a hash-chained log — into a single record-keeping artifact for AI systems. It pairs with per-tensor tamper detection for model integrity and the AT-1 Ledger for general event chains.

Start a vault Model-zoo storageRegulated Archive