No slides. Real binaries, real signed decisions, real offline verification. By the end of the fourth minute you can download the audit package and re-verify it on a machine with no Agent-008 service running.
An organization is brought into existence. A first AI agent is registered. Default governance policies are seeded. One signed decision is generated and verified offline. The home dashboard reads green — no architecture diagrams, no cryptographic vocabulary, just confidence.
✓ Agent-008 installed. State directory /tmp/killer-demo-publish/agent-008-state Signer keys generated (every decision is signed and offline-verifiable) Default policies 4 seeded Next: agent-008 setup Organization : Acme Corp Admin : you@acme.example Identity provider : Okta AI runtime : OpenAI Cloud : AWS (us-east-1) Policy source : local (./policies/) ✓ Agent-008 is configured. You are 25% complete. Next steps to your first governed agent (est. 4 minutes): 1. Connect your first AI runtime 2. Register an agent 3. Create a governance policy 4. Run a validation test Run: agent-008 quickstart Starting guided onboarding… ✓ Acknowledged OpenAI as your AI runtime ✓ Registered first agent: sales-agent-01 ✓ 4 governance policies available ✓ Generated test decision (dec_06f43184) ✓ Evidence verified offline ✓ First audit package written (/tmp/killer-demo-publish/agent-008-state/evidence/first-run.tar) Congratulations — Acme Corp is governing its first AI agent. Next: agent-008 status Agent-008 • Acme Corp Protected Agents 1 (1 running) Governed Decisions 1 (today) Approved 1 Denied 0 Escalated 0 Pending Review 0 Evidence Coverage 100% Replay Coverage 100% Risk Level LOW Recommendations → Run a full system health check agent-008 doctor Next: agent-008 doctor
An AI finance agent attempts to wire $50,000 to an unverified vendor — a realistic moment that would otherwise sit in a log file no one reads. The home dashboard changes live. Risk Low becomes Risk Medium. Escalations becomes one. Attention names the decision id. No explanation yet — just the visible change.
Triggering: AI finance agent attempts to wire $50,000 to vendor v_42… Decision recorded as dec_demo_wire_50k Agent-008 • Acme Corp Protected Agents 2 (2 running) Governed Decisions 2 (today) Approved 1 Denied 0 Escalated 1 Pending Review 1 Evidence Coverage 100% Replay Coverage 100% Risk Level MEDIUM Attention • dec_demo_wire_50k (escalation): wire $50,000 to vendor v_42 Recommendations → Review dec_demo_wire_50k agent-008 investigate dec_demo_wire_50k → Run a full system health check agent-008 doctor Next: agent-008 investigate dec_demo_wire_50k
Two views of the same decision. Investigate is forensic — the timeline, the policy that fired, the reason code, the control purpose, and the offline evidence check. Explain is for the executive or the auditor — what happened, why it was paused, what that means in the real world, and how to prove it.
Investigation • dec_demo_wire_50k
Agent finance-agent-01
Action wire $50,000 to vendor v_42
Verdict ESCALATED
Policy pol_001
Reason code above_threshold_no_approval
Control purpose Wire is above the daily limit and lacks a current vendor approval.
Timeline (oldest → newest)
2026-06-27T02:41:36.591Z decision recorded escalated — wire $50,000 to vendor v_42
Evidence verified offline ✓
Referenced policy still present ✓
Next: agent-008 explain dec_demo_wire_50k
Decision • dec_demo_wire_50k
What happened
On 2026-06-27T02:41:36.591Z, agent finance-agent-01 attempted: wire $50,000 to vendor v_42.
How Agent-008 responded
The action was paused for human review, because Wire is above the daily limit and lacks a current vendor approval.
What this means in the real world
no action was taken; a person was asked to decide.
Can we prove this happened?
✓ Evidence verified offline (no Agent-008 service required).
Next: agent-008 prove decision:dec_demo_wire_50k
The audit package is built. The tar is copied to a fresh directory with no Agent-008 service running. The executive summary and the verification report are read on the bare filesystem — the evidence chain survives the product. This is the minute enterprise buyers remember.
Building auditor-ready package for Acme Corp… ✓ Evidence bundle (2 decisions) ✓ Verification report ✓ Executive summary ✓ 4 policy files Written to /tmp/killer-demo-publish/agent-008-state/evidence/killer-demo.tar. Share this file with your auditor. It verifies offline, on any machine, with no Agent-008 services running. Audit package: /tmp/killer-demo-publish/agent-008-state/evidence/killer-demo.tar --- executive_summary.md (the auditor view) --- # Executive Summary — Acme Corp Built : 2026-06-27T02:41:38.585Z Source : Agent-008 governance log ## What this proves Every AI agent action recorded by Agent-008 is captured as a signed, offline-verifiable decision. The signatures cover Who, What, When, Under-which-policy, and Why — and they survive the loss of every Agent-008 service. ## At a glance - Decisions in this package: 2 - Approved : 1 - Denied : 0 - Escalated: 1 - Signatures verified offline: 2 of 2 ## How to verify independently Extract this archive on any machine. Each `signed_decisions/<id>.json` carries the signer's public-key envelope and a triple-PQ signature (ML-DSA-87 + SLH-DSA-256s + FALCON-512, 2-of-3 threshold). Recompute the canonical bytes of the body and verify with the public key contained in `signer_pub.bin`. No server required. --- verification_report.md (one row per signed decision) --- # Verification Report One row per signed decision. SIG = signature verified offline; POL = referenced policy still exists. | Decision | Agent | Verdict | Policy | SIG | POL | |---|---|---|---|---|---| | `dec_06f43184` | sales-agent-01 | approved | pol_001 | ✓ | ✓ | | `dec_demo_wire_50k` | finance-agent-01 | escalated | pol_001 | ✓ | ✓ | Everything you just saw can be independently verified without trusting Agent-008.
Download the actual audit package from this demo run. Extract it on a machine with no Agent-008 service installed. Read verification_report.md — every signed decision verifies offline. Replay the bundle with the embedded public key. This is the substitution survival test in product form.
The same property holds in reverse: if every Agent-008 service disappeared tomorrow, every decision ever signed remains independently verifiable from the bundle alone.
↓ Download the audit package agent-008-killer-demo.tar · 175 KB