AI Audit Trails
Tamper-evident, replayable, portable across vendors and decades.
Most AI systems produce logs. Logs can be edited, replayed, deleted, or contradicted. Audit trails — the kind regulators and auditors accept — must be tamper-evident, replayable across vendor changes, and verifiable by parties who do not trust the original system. H33 produces AI audit trails that survive the AI vendor, the cloud provider, and the auditing season.
The audit trail problem
Audit trails for AI face three failure modes that conventional logging does not address. Mutability: Standard logs are append-only at best and editable at worst. An administrator with database access can rewrite a log entry. A vendor update can change the log format. A migration can lose entries. None of these compromise debugging, but all of them compromise audit value. Vendor coupling: Logs are tied to the system that produced them. When the AI vendor is acquired, sunset, or replaced, the logs lose verifiability. Verification opacity: Logs require the verifier to trust the system that produced them. A regulator reading an enterprise's AI audit log has no cryptographic way to confirm the log has not been edited.
How H33 audit trails work
An H33 audit trail is a sequence of evidence bundles. Each bundle covers one AI decision and contains eight evidence control objects that together prove the policy, model identity, authority, abstention, execution pipeline, corpus, evidence rows, and citation binding. Bundles are signed by three independent post-quantum algorithm families: ML-DSA-65, FALCON-512, and SLH-DSA-128f. The signatures bind the bundle's canonical-JSON content. Any modification to the bundle invalidates the signatures. Bundles can be anchored to a public blockchain: the 32-byte canonical commitment is published on-chain; the bundle itself stays private and under customer control. The verifier is open source. Anyone can run it.
What makes an audit trail real
A real audit trail must satisfy properties standard logs cannot. Tamper evidence — any modification must be detectable; H33 bundles are cryptographically signed, modification invalidates the signatures. Replayability — the audit trail must let a third party reproduce the decision from the evidence on file; H33 bundles are deterministic. Independent verifiability — the verifier must not depend on the system that produced the trail; H33 verification runs entirely offline against the bundle in hand. Survival — the audit trail must remain verifiable across vendor changes and cryptographic primitive transitions; H33 bundles are schema-versioned and PQ-signed. Portability — the audit trail must be transferable to third parties without losing fidelity; H33 bundles are self-contained JSON documents. Time binding — the audit trail must prove when each entry was created; H33 bundles can be anchored to a public chain.
Use cases
Compliance review. A bank's compliance system uses AI to flag transactions. Each flag produces an H33 audit bundle. At the next compliance review, the bank presents the bundles to the regulator. The regulator runs the open-source verifier and confirms the bundles independently — without trusting the bank's internal logs.
Litigation preservation. A healthcare provider's clinical decision support AI recommends a treatment. The recommendation is later contested in malpractice litigation. The H33 bundle from the recommendation moment is presented in discovery. Both sides run the verifier and agree on what the AI's basis was.
Regulatory submission. A pharmaceutical company uses AI to analyze trial data. The regulatory submission includes H33 audit bundles for the analyses. The regulator runs the verifier on the bundles without granting the company the ability to influence the verification.
Acquirer diligence. A company being acquired uses AI for credit decisions. The acquirer's diligence team requests audit bundles for a sample of decisions. The bundles verify under the open-source verifier. The acquirer confirms the credit-decisioning basis without depending on the acquired company's representations.
What you get
A continuous audit trail for every AI decision your system makes. The audit trail is tamper-evident at the cryptographic level, replayable from the evidence on file, survives vendor and cloud changes, is verifiable by third parties without your participation, can be anchored to a public blockchain for proof of existence in time, and stays under your control — H33 retains no copy. The audit trail format is open. The verifier is open source. The schema is published.
Common questions
How is this different from a standard system log?
Standard logs describe what a system claims happened. They can be edited, lost, or contradicted. H33 audit trails are cryptographically signed bundles. They are tamper-evident, replayable, and verifiable by parties who do not trust the system that produced them.
How long do H33 audit trails remain valid?
Indefinitely. The three-family post-quantum signatures are designed for decade-plus retention windows. If any single algorithm family is broken in the future, the other two remain valid.
Can the audit trail be inspected without revealing the underlying data?
Yes. The bundle's structure and signature can be verified without decrypting the underlying evidence. When anchored to a public chain, only the 32-byte commitment is public; the bundle and its contents stay under customer control.
What is the storage footprint of an audit trail?
A typical bundle is tens of kilobytes. Sidecars for offline replay add proportional to the evidence row count. At enterprise scale, an organization generating millions of decisions per year produces gigabytes of audit data — well within standard retention infrastructure.
Related: Agent Audit Trails · H33 vs Traditional Audit Logs · AI Evidence Chains · Cryptographic Audit Trail