H33-128 (BFV)H33-256 (L5)H33-CKKS (Float)H33-TFHE (Gates)TFHE BootstrapFHE-IQ (Auto)H33-CompileFHE OverviewZK LookupsZKP-AIRBiometricsZK-KYCZK-PhishZK-TrustlessZK-VerifyArchiveSignH33-3-KeyH33-GatewayH33-MPCPQC ArchitectureDeviceProofH33-Agent-ZeroAI ComplianceBotShieldFraudShieldH33-HealthH33-KeyH33-ShareH33-ShieldH33-VaultMedVaultQuantumVaultVaultKeyEncrypted SearchStorage Encryption
Encrypted ComputeBiometric AuthIdentity VerificationFraud PreventionDocument SigningSecret SharingREST APIRust SDKNode SDKPython SDKSingle Script Tag
Cyber Insurance (HATS)BankingGovernmentHealthcareLaw FirmsPayments (WireProof)Tokenization
SOC 2 Type IIISO 27001HIPAA BAAGDPRPCI DSSFedNowNIST FIPS 203/204
Live Systems
Live API TestAuthentication DemoEncrypted ComputeAI ClassificationH33-Agent-74WireProof (Payments)
Verification
Bitcoin Mainnet ProofSolana ProofIndependent VerificationSTARK Proof ExplorerToken
Performance
BenchmarksH33 vs SEALWhite PaperHICS Code Scoring
Security
What Hackers SeeSecurity TestingThreshold Decrypt DemoHATS Standard
API ReferenceDocumentationQuickstartGitHubBlog
PricingDemo
Log InGet API Key
Select a fraud scenario
Scenario 1
Retroactive Policy Insertion
$2.4M claim
Meridian Financial
Scenario 2
MFA Gap Cover-up
$1.8M claim
Cascade Health
Scenario 3
AI Agent Scope Escalation
$4.2M claim
Vertex Trading

A $2.4M cyber claim just landed on your desk.

Cyber Insurance Claim — Filed 2026-03-16   $2,400,000
Policyholder: Meridian Financial Services
Incident: Unauthorized data access — March 15, 2026
Policyholder states all controls were active at time of breach:
  • MFA was enforced for all admin access
  • API keys were rotated within 90-day policy
  • Rate limiting was active at 500 req/sec
  • AI bias monitoring was operational
  • Model deployment was governance-attested

They provided logs, a SOC 2 report, and screenshots. Everything looks clean. Do you pay the $2.4M?

Or do you replay the cryptographic evidence first?

Evidence DAG WAITING...
hats replay -- evidence-bundle.json
REPLAYING EVIDENCE BUNDLE...
verification result

Replay failed at receipt #4.

HATS attempted to verify the Rate Limit Policy the policyholder claimed was active before the breach. The receipt hash does not match the governance chain. This policy was inserted after the incident to make it appear controls were in place.

FRAUDULENT
Rate Limit Policy — 500 req/sec
CLAIMED: 0xa7f3c291e8b1d4f0 ACTUAL: 0x9c2e4f71a3b8d602
The policyholder's logs said this policy was active since February 10. The cryptographic receipt chain says it was inserted on March 16 — one day after the breach.

Logs can be fabricated. Governance receipts cannot.

HATS doesn't ask whether logs look reasonable. It reconstructs the exact operational state from cryptographic evidence and rejects any history that cannot be independently reproduced.

For Insurers

Catch fabricated claims before payout. Mathematical proof, not forensic investigation.

For Regulators

Independently replay any organization's governance state at any historical timestamp.

For Legal

Evidence that authenticates itself. Tamper-evident. Vendor-independent. PQ-signed.

For CISOs

Prove your controls were genuinely active — not just logged. Replay-grade evidence survives litigation.

hats replay
$ hats replay --at "2026-03-15T14:30:00Z" evidence-bundle.json nodes: 8 verified: 8 signatures: 24/24 chain: INTACT replay: DETERMINISTIC result: VERIFIED
Schedule Insurance Replay Demo Download Verifier CLI Read HATS Standard →