Explanation Layer
How It WorksWatch DemoThe MapWhy It Changes EverythingPatents Portfolio
The Subsystems
H33-74 (Substrate)UpstreamH33-TRUTHReplay
Open Programs
PQ Conversion 1,000 (Free)
Core Infrastructure
H33-74UpstreamH33-TRUTHReplay EngineQ-SignFHE-IQ
AI & Governance
Agent-ZeroAI ComplianceGovernance ReplayContinuous AI GovernanceAgent AttestationAgent Replay
Data & Encryption
H33-VaultH33-ShieldH33-ShareEncrypted SearchStorage EncryptionMedVaultQuantumVaultVaultKey
Tokenization & Finance
TokenizationWire ProofDigital Asset GovernanceFraudShieldCyber Claim Verification
Post-Quantum Systems
H33-128 (BFV)H33-256 (L5)CKKSTFHETFHE BootstrapH33-CompileFHE OverviewH33-3-KeyArchiveSignH33-GatewayH33-MPCPQC ArchitectureDeviceProof
Identity & ZK
BiometricsZK-KYCZK-VerifyZK-PhishZK-TrustlessZKP-AIRZK-Attestation
Healthcare & Industry
H33-HealthOperational IntegrityContinuous AttestationContinuous Control Monitoring
Continuous Monitoring
Continuous Control MonitoringContinuous AttestationOperational Integrity
AI Governance
AI Agent GovernanceContinuous AI GovernanceAgent AttestationAgent Replay
Privacy & Chains
Privacy LayerZK-AttestationChain-Agnostic PrivacyDigital Asset Governance
Infrastructure
Governance ReplayPost-Quantum ConversionAttestation APIPost-Quantum APICyber Claim Verification
Open Standards
HATSHICSCRVOISQ-Key
Verification
Conformance SuiteVerification GuaranteesHATS SpecificationArchitectureProtocol Stability
Validation
Adversarial ValidationDeterministic ReplayConformance VectorsAgent Benchmarks
Verification
Public VerifierSession Replay ExplorerGovernance ReplayIndependent VerificationVerify The Story
Live Demos
Tokenization Identity (New)Live Systems (52)Live API TestLive AuthenticationEncrypted ComputeAI Classification
Performance
BenchmarksUse Cases (44)H33 vs SEALWhite PaperHICS Code Scoring
Cyber Insurance (HATS)BankingGovernmentHealthcareLaw FirmsPayments (WireProof)AI Companies
SDKs & Tools
SDKs HubTypeScript SDKMCP SDKVerifier CLIGitHub
References
DocumentationAPI ReferenceConformance VectorsSchemasBenchmarks
AboutPressPartnersPricingContactLegal
Explore (579)Live Systems (52)Pricing
Log InGet API Key✓ Verify It Yourself
Insurance · Claim Replay

Adjudicate Claims on Cryptographic Evidence — Not Post-Hoc Reconstruction.

Reconstruct policyholder control state at the exact moment of loss. Verify claims provenance offline. Adjudicate on independently verifiable evidence instead of operator testimony.

See H33-74 → How It Works →
The Problem

Claims Investigation Today Is Post-Hoc Reconstruction.

When a cyber claim, a fraud claim, a D&O claim, or a complex E&O claim arrives, the adjuster's first job is to reconstruct what was actually happening at the moment of loss. That reconstruction depends almost entirely on records the policyholder produces.

Logs, screenshots, IR firm narratives, configuration exports, vendor attestations — all are operator-produced after the event. None can be independently verified to have existed before the event. None can prove that the controls the policyholder declared in the application were actually in place at the moment of loss.

The carrier resolves this ambiguity manually, expensively, and often years after the event. In the worst cases, the controls the policyholder declared weren't there — sometimes by drift, sometimes by misrepresentation, sometimes by an after-the-fact insertion to make the claim payable. Without cryptographic continuity, none of those failure modes is distinguishable from honest, well-controlled operation.

The Insurance Claim Replay Solution

Cryptographic Evidence at Policy Bind. Cryptographic Verification at Claim.

Insurance Claim Replay binds the policyholder's verified control state at the exact moment of policy bind to a 74-byte H33-74 receipt signed under three independent post-quantum signature families. The receipt is the cryptographic baseline. Continuous attestation across the policy period produces additional receipts at every claim-relevant event — control changes, configuration drift, authority delegations, model deployments, deletion events.

When a claim arrives, the carrier's adjuster runs the receipt through the open H33 verifier. The verifier returns either VERIFIED — the controls were in the state attested — or FAILED, with the specific divergence cryptographically identified and the moment of divergence dated. The adjuster adjudicates on verified evidence, not on policyholder testimony.

Use Cases

Cyber · D&O · E&O · Fraud · Crime · Tech E&O · MGA · Reinsurance.

Cyber insurance — was MFA enforced, was the backup immutable, was the rate-limit policy active? Adjudicate against attested state, not post-hoc reconstruction. See the HATS for Cyber Insurance white paper.

D&O (Directors & Officers) — what authority did the board possess at the moment of the disputed decision, what policy framework was in force, what disclosures were made when?

E&O (Errors & Omissions) — was the professional advice given according to the standards represented at engagement time, what model or methodology was used?

Fraud and crime — which authorizations were valid, which were forged, who had standing to approve each transfer?

Tech E&O / AI liability — what AI model was deployed, what guardrails were active, who had authority to bypass them, was the decision authorized at the moment of execution?

MGAs and reinsurance — verified-state portfolios produce stronger ceding and treaty terms.

The Carrier Economics

Lower Adjudication Time. Lower Variance. New Addressable Market.

Across a cyber insurance book, Insurance Claim Replay materially reduces adjudication ambiguity. Verified backups eliminate 50-80% of ransomware-recovery adjudication uncertainty. Verified control state at the moment of event eliminates 60-90% of control-failure-attribution uncertainty. Verified MFA enforcement eliminates the entire class of "was it on or wasn't it" disputes.

Beyond the claims-side savings, Insurance Claim Replay enables underwriting previously declinable accounts. C/D/F-paper applicants whose questionnaire reads ambiguous can now be evaluated on attested control state. The reservoir of trapped premium in that band is substantial. The spread between assumed control state and verified control state is the product.

Broker Activation

Plugs Into Existing Workflow. No Client Friction.

Insurance Claim Replay is added at the broker level during policy issuance or renewal. The policyholder deploys the H33 attestation agent on their own infrastructure once. After that, attested control state is continuously produced as a byproduct of normal operation. No additional audits. No additional procurement. No additional operational lift for the broker or the carrier.

Brokers using Insurance Claim Replay can place business their competitors cannot. Activation is the product.

Regulatory Posture

Aligned with NAIC, NY DFS, MAS, EIOPA, DORA, NIS2.

NAIC Insurance Data Security Model Law (MDL-668), NY DFS 23 NYCRR Part 500, NAIC Principles for AI in Insurance, NAIC ORSA, MAS PSN02, EIOPA's Cyber Underwriting Risk discussion paper, and Europe's DORA + NIS2 frameworks all anticipate increasing rigor in cryptographic evidence for insurance operations. Insurance Claim Replay is the cryptographic substrate that satisfies these expectations.

For carriers operating across multiple jurisdictions, Insurance Claim Replay provides a consistent evidentiary substrate that satisfies multiple regulators simultaneously — without requiring per-jurisdiction reporting formats.

Frequently Asked Questions

How is Insurance Claim Replay different from cyber-security ratings or external attack-surface monitoring?
Ratings firms produce externally-observed signals about policyholder posture; they cannot attest internal control state. External attack-surface monitoring sees what's exposed; it cannot verify what's enforced. Insurance Claim Replay attests internal control state continuously, cryptographically, from inside the policyholder's environment.
Does the policyholder need to share raw configuration data?
No. The H33-74 attestation primitive captures a cryptographically committed summary of verified control state — sufficient for the carrier to verify, insufficient for any party to extract operational detail beyond what the policy terms permit. Privacy-preserving compute is built into the architecture.
How does Insurance Claim Replay handle social engineering or human-error losses?
It documents the control state and authority state at the moment of action. It cannot prevent the human decision. But it eliminates the secondary question of whether the controls or authority were also compromised, which substantially reduces adjudication ambiguity on these claims.
Is this compatible with my existing claims-handling workflow?
Yes. The H33 verifier is a CLI. Adjusters run it as part of standard intake. The verifier returns VERIFIED or FAILED-with-cryptographic-evidence-of-divergence. Adjudication proceeds on verified evidence; the workflow doesn't change.
Can reinsurers verify the same evidence independently?
Yes. Reinsurance treaties — quota share, excess-of-loss, aggregate stop-loss, parametric — all benefit from cedents being able to demonstrate verified control state of their underlying book. Reinsurance-grade evidence by construction.
Does this work for non-cyber insurance lines?
Yes. The H33-74 primitive is line-agnostic. D&O, E&O, fraud and crime, tech E&O, AI liability, and other complex lines all benefit from cryptographic claim adjudication — particularly where the disputed question is whether controls were actually in place at the time of loss.
Related
Consequence Replay
The category page — Insurance Claim Replay is one application →
HATS for Cyber Insurance
The full HATS cyber-insurance whitepaper →
HATS Governance Replay Demo
Live demo: $2.4M cyber claim adjudicated in 42µs →
Q-Sign · Authority Execution
Authority enforcement at claim time, not audit time →