Tamper-Evident LLM Audit Trail

Every request gets evidence

SAIG writes a structured audit record for every governed AI request. Each record captures the policy decision, risk signals, provider routing, PII findings, and governance metadata — not just a log line.

SHA-256 hash chain

Every audit record includes a SHA-256 hash referencing the previous record. This forms a tamper-evident chain — if any record is modified, reordered, or deleted, the chain integrity breaks and tampering is detectable.

Ed25519 cryptographic signatures

Each governance receipt is signed with Ed25519. The signature proves the record was created by the SAIG instance and has not been altered. This provides non-repudiation for compliance reviews.

Governance receipt example

Example shape — not a real customer record:

{
  "request_id": "req_7h2k9...",
  "action": "ANONYMIZE",
  "risk": "MEDIUM",
  "rule": "THIRD_PARTY_PII_TO_EXTERNAL_PROVIDER",
  "provider": "azure-openai-eu",
  "sovereignty_mode": "EU_ONLY",
  "pii_detected": ["PERSON", "EMAIL"],
  "audit_hash": "sha256:...",
  "signature": "ed25519:..."
}

Decision traces

Each record includes a deterministic decision trace — the ordered list of pipeline steps that produced the governance decision. This enables compliance teams to understand and reproduce exactly why a request was allowed, anonymized, or denied.

SAIG provides runtime controls, policy enforcement, audit evidence, and compliance-supporting workflows. It does not constitute legal advice, certification, or a guarantee of regulatory compliance.

Frequently Asked Questions

Learn more

• SAIG Product Overview
• Documentation
• API Integration Guide
• Governance Pipeline
• Audit Evidence
• Deployment Options
• Security Controls