Verifiable AI Decisions

Every AI decision audited, replayable, and independently verifiable.

AI systems make decisions that affect compliance exposure, regulatory review, customer rights, and litigation risk. Proving how a decision was made — and that the proof has not been altered — requires more than logs. H33 produces portable evidence bundles for every AI decision: post-quantum signed, replayable by anyone who downloads the bundle, and verifiable without contacting H33.

The problem with AI decision logs

Standard logs describe what a system claims happened. They can be edited, lost in vendor changes, or contradicted by adjacent logs. Governance requires more: was the model that produced this decision the model the policy authorized? Was the input data the input data the policy authorized? Can the decision be reproduced exactly from the evidence on file? Has the log been altered between the decision and the audit? Can a regulator verify the log without trusting the vendor that produced it?

Standard logs answer none of these. They describe; they do not prove. H33 produces a different artifact: an evidence bundle that proves what happened, that survives the vendor that produced it, and that any third party can verify without contacting the originating system.

How H33 verifies an AI decision

Every AI decision routed through H33 produces an evidence bundle containing eight cryptographically-linked evidence control objects:

1. PolicyBind — the policy the decision was made under, hashed and time-bound
2. ModelFingerprint — the exact model identity, version, and provider attestation
3. AuthorityBind — the principal authorized to make the decision and their signature window
4. CalibratedAbstention — whether the system abstained, with confidence and calibration receipt
5. PipelineDag — the execution stages and their hashed input/output digests
6. CorpusBind — the data corpus the model consulted, with epoch and engine fingerprints
7. EvidenceAttestation — the evidence rows the decision was grounded in
8. ResultCitationBind — the binding between the answer and the evidence citations

Each object is signed independently. The bundle as a whole is signed by three post-quantum algorithm families: ML-DSA-65, FALCON-512, and SLH-DSA-128f. If any one family is broken by future cryptography, the others survive. The 32-byte canonical commitment can be anchored to a public blockchain so an external party can prove the bundle existed at a specific moment in time without ever seeing what was inside it.

What goes in the bundle, technically

The bundle is a single canonical JSON document. The serialization is deterministic: the same inputs produce byte-identical bundles across rebuilds. That property is the foundation of replay verification — a third party can regenerate the bundle from the underlying evidence and confirm it matches the bundle on file, byte for byte. Sidecars carry the evidence rows referenced by citations. They travel with the bundle for offline replay. The verifier never needs to contact H33's servers or the original AI vendor. The bundle's schema is versioned. Adding fields in future versions does not break verification of older bundles.

Use cases

Healthcare triage decisions. Hospital triage AI assigns care priority. The bundle proves which patient record was consulted, which model version made the assignment, what confidence level the model reported, and whether the system abstained. An auditor or malpractice investigator verifies the bundle without contacting the hospital's AI vendor.

Credit decisions. A lending algorithm approves or denies an application. The bundle proves the policy version in effect at decision time, the model identity, the input data, and the model's confidence. A regulator verifies the bundle to confirm fair lending compliance without trusting the lender's internal logs.

Insurance underwriting. An AI underwriter assesses a cyber insurance application. The bundle proves the data the underwriter consulted, the model that produced the assessment, and the bound policy. A reinsurer downstream verifies the bundle to confirm the underwriting basis without re-running the model.

Government benefit eligibility. An AI system determines benefits eligibility. The bundle proves the regulations applied, the eligibility model used, the applicant data consulted, and the abstention behavior if any. An applicant or their advocate verifies the bundle to challenge or confirm a determination without trusting the government's internal records.

Common questions

How is this different from an AI audit log?
Logs describe events. Evidence bundles prove them. Logs can be edited, lost in version migrations, or contradicted by adjacent logs. Bundles are cryptographically signed, schema-versioned, and verifiable by parties who do not trust the original system.

Does this slow the AI system down?
Bundle generation runs at decision time and adds milliseconds. Verification is performed offline by third parties and does not affect AI runtime performance.

What happens if H33 disappears?
The bundle remains valid. The verifier is open source. The verification protocol is documented. The schema is published. Anyone holding the bundle can verify it indefinitely without H33 infrastructure.

Can the bundle be used in court?
The bundle is designed for legal admissibility: tamper-evident, time-bound, cryptographically signed by three independent algorithm families, and replayable. The artifact is built for the standard.

Does the bundle expose the underlying data?
No. The bundle can stay entirely under customer control. Only a 32-byte cryptographic commitment is published when anchored to a public chain. The underlying data, model weights, and evidence rows remain private.

Related: AI Audit Trails · AI Decision Provenance · H33 vs RAG · Verifiable AI Actions