Private pilot · AI control and verification

Before your AI acts.
After it does.
Truveil covers both.

Truveil sits in the action path of critical AI workflows. It checks policy before execution runs. It seals independently verifiable proof afterward. For teams where logging after the fact isn't enough.

Most AI systems only record what happened. Truveil is built for teams that need to govern what happens before a critical action runs. Proposed actions get checked against policy, gated if needed, and sealed into proof regardless of outcome. The record is portable. Anyone can verify it without trusting you or Truveil.

Request pilot accessSee the capture flow

Founder-led onboarding · API integration · start with capture, move to guard

The problem

Logging what your AI did isn't
the same as governing what it does.

Logging and observability
Records what happened after the fact, in a system you control
Auditors have to trust your export
No policy check before execution — governance happens after
Evidence degrades as retention policies and schemas change
A third party can't verify your history independently
Truveil
Checks proposed actions against policy before execution runs
Produces portable proof — trust the math, not the vendor
Anyone can verify without touching your infrastructure
Proof works offline and doesn't depend on retention policy
Same bundle verifies the same way on any compliant verifier
The product

Policy before execution.
Proof after.

Two capabilities. One integration. Most teams start with Verify and move Guard into the action path once they're ready.

Guard
Policy enforcement
in the action path

The guard endpoint sits in the action path of critical AI workflows. Proposed actions get evaluated against your policy rules before execution runs. The policy engine is deterministic — rules are explicit, decisions are reproducible, no black-box scoring. Actions that pass proceed. Actions that fail can be blocked. Either way, the decision is recorded.

Verify
Independent verification
of governed events

Every captured or governed event produces a cryptographically chained proof bundle. It's self-contained and portable. Any third party can verify it without API access, without Truveil infrastructure, without your cooperation. The same bundle produces the same result on any compliant verifier.

The sequence

Check, gate, prove.

Each AI decision flows through five stages. The output is a self-contained proof bundle that any third party can validate without access to your systems or Truveil's.

  1. 01
    Capture
    Truveil records event context before or alongside execution — prompt, parameters, context, intended action — depending on how it's integrated.
  2. 02
    Guard check
    The proposed action is evaluated against your policy rules before execution. Guard returns a deterministic pass or block.
  3. 03
    Execute or block
    If it passes, the action runs. If it fails, it can be blocked. Either way it's recorded. No silent failures.
  4. 04
    Proof sealed
    The event, policy decision, and outcome get packaged into a verification bundle and written to the proof chain. Each event links to the one before it.
  5. 05
    Independent verify
    Any compliant verifier confirms chain integrity without touching your infrastructure or Truveil's. Same result every time.
How teams adopt Truveil

Start proving.
Then start governing.

Capture gives you verifiable proof straight away. Guard moves Truveil into the action path. Most teams do both, in that order.

Phase 1 · Start here
Capture and verify

Connect Truveil to your AI system and start generating proof bundles for decisions and actions. You get independently verifiable evidence of what your AI did — stronger than vendor-controlled logging from day one.

Most teams see value within the first integration session. The proof experience is demoable and shareable with compliance or customer teams immediately.

Phase 2 · Move to control
Guard in the action path

Once proof is in place, route critical AI actions through the guard endpoint before execution. Truveil evaluates against your policy, gates if needed, and keeps sealing proof — now with governance in the path, not just evidence after it.

Guard is where Truveil moves from evidence layer to control point. Once critical actions depend on the guard check, it's hard to remove from the stack.

Use cases

Where logging after the fact
is not enough.

Truveil is built for AI vendors whose products take actions in regulated or high-trust environments. You integrate the control and verification layer. Your customers get independently verifiable evidence for every governed decision your product makes on their behalf.

Healthcare

Clinical AI and decision support

AI systems writing to patient records or supporting clinical decisions need more than a log. Teams may need to show that outputs were evaluated against defined policy before being accepted, and produce proof that holds up under external review.

AI generates clinical summary
→ guard evaluates documentation policy
→ action proceeds → proof bundle sealed
Legaltech

Legal and compliance automation

Enterprise legal teams need defensible records of AI-assisted decisions. Independently verifiable proof of what the model did, under which policy, at which point in time is a different category of evidence from a vendor-controlled export.

AI flags contract clause
→ guard checks review policy
→ decision recorded → portable bundle available for client or regulator
Fintech

Automated financial decisions

In regulated financial workflows, AI decisions on risk or eligibility need governance in the action path. When a decision gets challenged, the question isn't just what the AI decided — it's whether the right policy was in effect when it decided.

AI produces risk assessment
→ guard evaluates decisioning policy
→ result applied → proof sealed per decision
How proof works

Verification that does not
depend on vendor trust.

Hashing an output and storing it proves the stored value hasn't changed. It doesn't prove when it was stored, whether the right policy governed the action, or whether a third party can reproduce the check without trusting you.

Deterministic hashing
Truveil applies a canonical serialisation step before hashing so the same event always produces the same digest — regardless of runtime or environment. That's what makes chain replay reproducible by a third party.
Chain replay validation
Each event digest links to the previous one. Verifying the chain means replaying every digest in sequence. Alter any event at any position and the chain breaks. You can't reconstruct a consistent chain retroactively.
Portable proof bundles
Every governed event produces a self-contained bundle. Verification runs against the exported file — no network requests, no Truveil infrastructure, no access to your systems. It works offline and doesn't expire.
Vendor-neutral verification
The verifier is independent of Truveil. A third party with the bundle file and a compliant verifier gets the same result every time. The proof doesn't depend on our continued operation.
Optional trusted timestamp anchoring — letting bundles carry a signed timestamp from a third-party authority — is part of the product direction. It would let any verifier confirm not just chain integrity, but when each event was recorded.
FAQ

Common questions.

What does Truveil actually do?
Two capabilities. The guard endpoint sits in the action path of critical AI workflows, evaluating proposed actions against your policy before execution. The verification layer captures events and produces independently verifiable proof bundles. Many teams start with capture and move to guard as the integration matures.
Why is this not just logging?
Logging records what happened in a system you control. Anyone verifying your logs has to trust you haven’t altered them. Truveil produces proof bundles that any third party can verify without accessing your infrastructure, without trusting you, and without depending on Truveil. That’s a different category of assurance.
When is capture enough, and when do I need guard?
Capture is the right starting point. It gives you independently verifiable proof of what your AI did, which is stronger than vendor-controlled logging. Guard is for when you need policy checked before a critical action runs — not just recorded after. If an action is high-stakes, regulated, or irreversible, the check should happen before, not after.
How does independent verification work?
Every captured or governed event produces a self-contained proof bundle. Any compliant verifier can validate it without API access, without Truveil infrastructure, and without your cooperation. Same bundle, same result, every time.
Can my auditor or regulator verify this themselves?
Yes. The bundle is portable and self-contained. Your auditor doesn’t need a Truveil account, API credentials, or access to your systems. They run the verifier against the exported bundle and the result is reproducible.
What does the policy engine support?
The policy engine is deterministic and file-based. Rules are defined explicitly — no probabilistic scoring, no black-box decisions. Guard evaluates proposed actions against those rules and returns a pass or block. Specific policy logic depends on your integration configuration.
What’s in a proof bundle?
Each bundle contains the captured event, the policy decision where applicable, the recorded outcome where applicable, and a chain digest linking it to every prior event. Self-contained and portable.
How do I start?
Most teams start with capture — connecting Truveil, generating proof bundles, and confirming independent verification works end to end. Guard comes next. Request pilot access and we’ll scope the right starting point for your stack.

Your AI is taking actions.
Are they governed?

If your AI is taking actions that affect real systems, records, or decisions — Truveil is worth evaluating before those actions run and verifying after they do.

Request pilot accessTalk through an integration

Founder-led onboarding · API integration · start with capture, move to guard

Truveil is verification infrastructure, not observability.