HATS Insurer Portal

LIVE
Continuously Verified
Based on observed control coverage and real-time attestations across the portfolio.
79
Portfolio CRV
Verified: 186 Degraded: 53 Non-compliant: 8 Active exposure: 8 tenants
Actions to Maintain Portfolio Verification 3 items
8 tenants in non-compliant state — control deviations observed
53 tenants with degraded controls — verification confidence reduced
12 tenants approaching tier qualification threshold (28+ days)
Tier Distribution
Compliance Status
CRV Distribution 247 tenants
0-102030405060708090-100
Recent State Deviations 5 NEW
Operational Integrity Score
Portfolio OIS Distribution
OIS proves organizations are operating correctly — not just that they bought tools. 9 components, cryptographically attested.
POST-QUANTUM ATTESTED
61%
OIS 80-100
151 policyholders
Premium reduction eligible
28%
OIS 60-79
69 policyholders
Standard rates apply
11%
OIS below 60
27 policyholders
Elevated premium — remediation recommended
9 OIS Components — Underwriting Relevance
Governance Continuity
Approval chain intact — reduces claim disputes from authorization gaps
Identity Continuity
Session trust proven — lowers insider threat exposure
Decision Reproducibility
Deterministic scoring — defensible in litigation and audits
Historical Integrity
DAG lineage reconstructible — critical for claims investigation timeline
Control Verification
MFA, EDR, backups attested every 4h — direct claims loss reducer
Agent Authority ⚠ monitoring
AI scope bounds enforced — AI-driven incident liability containment
Evidence Durability
PQ triple-signed proofs — evidence valid for decade-long claim cycles
Policy Adherence
Active policy hash committed — coverage was actually followed at event time
Data Provenance
H33-Upstream chain of custody — data integrity from creation to claim
Sample Policyholder — Acme Corp (tenant_7f2e)
Click any tenant in the table above to view their individual OIS breakdown
87
OIS
C → A rate eligible
8/9 components green
1 component monitoring
Governance 96
Identity 94
Reproducibility 100
Historical 91
Controls 88
Agent Auth 74
Evidence 100
Policy 93
Provenance 89
Top 10 Highest-Risk Accounts
TenantCRVTierComplianceSectorDays Since Fail
Concentration Risk
Portfolio CRV Distribution Trend (30d)
Sector Breakdown
🔍
Policy #TenantCRVTier
Policy Detail Select a policy
Select a policy from the list or click a tenant in any table

Query Verified System State

Cryptographically proven state at any point in time. Same inputs always produce the same output. This state can be independently verified.

Verified System State
--
Cryptographically Proven State @ Time T
--
CRV
--
Tier
--
Compliance State
Verified Control Vector @ Time T
Linked H33-74 State Artifacts
Reproducibility Guarantee
deterministic: true | replayable: true
model_version: 1.0.0
input_set_hash: --
proof_lineage: control_states → SHA3-256 → substrate(58B) → 3x PQ-sign → on-chain(32B)
This artifact can be independently verified. Same inputs at time T will always produce the same output.
Surrounding Events (±1 hour)
Recent State Artifact Queries
Query IDTenantIncident TimeQueried ByQueried AtStatus
Risk State Migration Model
Portfolio CRV Trajectory (12m)
Unverified-to-Verified-A Conversion
--
Mean CRV Delta
--
Fastest State Migrations
TenantSectorStarting TierCurrent TierDays to MigrationScore Delta
Signal Stream
STREAMING
Signal Volume
0
Today
0
This Hour
0
Critical
Webhook Subscriptions
EndpointEventsStatus
https://cowbell.internal/hats-events ALL ● Active
https://claims.cowbell.io/webhook CRITICAL ● Active
https://soc.cowbell.io/ingest WARN+ ● Active
https://backup.cowbell.io/events ALL ● Inactive

Model Transparency

Deterministic computation model. Same inputs always produce the same output. No black box.

Computed Risk Value (CRV) — Computation Model DETERMINISTIC
// CRV = weighted sum of control verification states
CRV = f(MFA × 0.25, EDR × 0.20, Backup × 0.20, Patch × 0.10, Network × 0.10, DataProt × 0.15)
// where each control state maps to:
VERIFIED = 100 | DEGRADED = 60 | FAILED = 0 | UNKNOWN = 30
// staleness decay applied per control type:
MFA: 15min | EDR: 5min | Backup: 24h | Patch: 24h | Network: 1h | DataProt: 5min
// model version locked at computation time for audit replay
model_version: "1.0.0" | output_range: [0, 100] | deterministic: true
Control Weighting
ControlWeightCriticalityStaleness Threshold
MFA Enforcement0.25CRITICAL15 min
EDR / Endpoint0.20CRITICAL5 min
Encrypted Backups0.20CRITICAL24 hr
Patch Cadence0.10REQUIRED24 hr
Network Segmentation0.10REQUIRED1 hr
Data Protection (FHE)0.15ADVISORY5 min
Total1.00
Tier Classification Thresholds
TierCRV RangeCompliance ReqUpgrade Qualification
VERIFIED A90 – 100COMPLIANT30 consecutive days
VERIFIED B70 – 89COMPLIANT30 consecutive days
STANDARD50 – 69AnyImmediate
UNVERIFIED0 – 49AnyImmediate (downgrade)
Upgrades require sustained qualification. Downgrades are immediate.
Tier classification is deterministic at any point in time T.
State Artifact Architecture (H33-74) POST-QUANTUM
58
bytes — signed substrate
VER + TYPE + SHA3-256 commitment + timestamp + nonce
32
bytes — on-chain hash
SHA3-256 of substrate, anchorable to Bitcoin/Ethereum/Solana
3
PQ signature families
ML-DSA-65 (lattice) + FALCON-512 (NTRU) + SLH-DSA (hash)
Every state artifact is cryptographically bound to its inputs. Tamper-evident. Externally verifiable. Court-admissible.
Input set hash = SHA3-256(control_states || timestamp || model_version) → commitment → 3 independent PQ signatures.
"We don't score risk. We compute and attest to system state.
The insurer decides what that means."
HATS is a computation and attestation layer. Not a decision engine. Not a black box.
Deterministic. Replayable. Verifiable. Post-quantum signed.

Governance Proof

Powered by Q-Sign. Not just who approved — why it was allowed, how it was approved, proven forever.

Governance State
VERIFIED
All policies enforced. All authority valid.
Active Policies
12
Versioned, hash-bound, immutable
Governance Receipts
847
Last 90 days, all independently verifiable
Authority Lineage — Active Governance CONTINUOUSLY ATTESTED

Q-Sign proves who possesses authority, how it was delegated, whether delegation is valid, and whether execution exceeds granted scope.

AuthorityHolderScopeDelegationStatusLast Attested
Wire Approval (>$1M) Treasury + Compliance International wires Dual approval required ENFORCED 2m ago
Infrastructure Change Security + Engineering Production systems Role-bound quorum ENFORCED 14m ago
AI Agent Authority Trading System v4.2 ≤$5M, US/EU only Bounded, auto-escalate BOUNDED 47s ago
Vendor Payment Finance + Dept Head ≤$500K per vendor Amount-limited ENFORCED 1h ago
Governance Event Stream Last 24h
APPROVED Wire transfer $2.4M to Deutsche Bank — Treasury (J. Wright) + Compliance (S. Chen) 14:23 UTC
BLOCKED Wire $8.2M — missing compliance approval (policy: WIRE-GOV-v3.2) 13:41 UTC
ESCALATED AI agent exceeded $5M authority — escalated to human treasury + compliance 12:07 UTC
APPROVED Production deploy v4.7.2 — Security (M. Park) + Engineering (R. Santos) 11:30 UTC
REFRESHED Key refresh cycle #47 — all participant shares rotated, group identity preserved 09:00 UTC
APPROVED Vendor payment $340K to AWS — Finance (L. Kim) + Dept Head (A. Patel) 08:15 UTC
Why This Matters for Underwriting
Without Governance Proof
• "Someone approved it" — who?
• "The policy required dual approval" — was it followed?
• "The AI stayed within limits" — prove it
• "We can reconstruct the chain" — from logs that may have been altered
• Claims investigation: weeks of forensics
With Q-Sign Governance Proof
• Treasury + Compliance approved — cryptographic proof
• Policy v3.2 was active and hash-committed before approval
• AI operated within $5M / US+EU scope — attested
• Full lineage reconstructable from immutable DAG
• Claims investigation: verify the receipt
HATS turns governance from narrative evidence into mathematical evidence.