Decision Evidence Infrastructure

Block the AI decision
you can't defend to a regulator.

CoreGuard evaluates every AI decision and model update against your regulatory policies — ECOA, Reg B, SR 11-7, HIPAA — deterministically, before it executes, and signs a record your compliance team can replay years later. Evidence, not claims.

Policy decision in <1ms  ·  HMAC-SHA256 signed record  ·  Offline-replayable for examiners
Built by a lending-technology founder. 90 U.S. patent applications filed.
Book a 30-Minute Review See It Block a Violation
AI Request
EVE Trust Runtime
BLOCK
<1ms
Authority Resolution Latency
Signed
Every Decision Record
100%
Pre-Execution Coverage
HMAC
Cryptographic Authority Chain
EVE CoreGuard — Trust Runtime Status ALL SYSTEMS OPERATIONAL
Pre-Execution Gate ACTIVE 14 rules loaded  ·  5 red lines sealed
Policy Pack ENFORCING lending_v1 · healthcare_v1 · enterprise_v1
Authority Chain SIGNING HMAC-SHA256 · chain pos #4,291
Authority Resolution NOMINAL p50: 0.41ms  ·  p99: 0.87ms
Trust Runtime — Live

Watch Authority Resolution in Real Time

Every AI request passes through deterministic authority resolution. Trust is computed, not assumed, before any token is generated.

EVE CoreGuard — Governance Intercept LIVE
CoreGuard verdict
Trust Gap

AI systems commit before
authority is resolved

Post-hoc filtering cannot undo a committed action. By the time an LLM outputs a decision, trust has already been assumed — not verified. EVE resolves authority before the model touches a token.

01
No Cryptographic Authority
Existing guardrails are semantic filters — probabilistic, prompt-influenced, and producing no verifiable record. When a regulator asks for proof of governance, “we had a system prompt” is not an answer.
02
No Verifiable Audit Trail
Log files are mutable. Screenshots lie. When a regulator asks "prove your AI didn't approve that loan without proper checks," you have nothing cryptographically tamper-evident to show.
03
Governance Lives in Semantics
Policy buried in system prompts is text the model can reason around, hallucinate past, or outright contradict. Deterministic governance requires structural enforcement — not linguistic convention.
Trust Architecture

Three-Layer Trust Infrastructure

Patent-pending applications cover the complete stack: a cryptographically authoritative trust runtime that resolves authority, routes intelligently, and attests every decision before execution — independent of model behavior.

Layer 1 — Authority
Pre-Execution Authority Resolution
64/022,677 — Anchor Patent
Every AI action is intercepted and evaluated before the model runs. The charter engine applies 14 deterministic rules against 5 immutable red lines in under 1ms. Hard blocks are structurally immutable — no prompt, runtime instruction, or model output can override them. Authority is resolved, not inferred.
  • 14 charter rules — deterministic, not probabilistic
  • 5 immutable ethical red lines
  • FPGA-ready hardware enforcement interface
  • Zero LLM involvement in veto decisions
Layer 2 — Routing
Governed Inference Routing
64/022,671 — Routing Patent
Multi-axis routing selects model, provider, and context budget per request class. Cost governance enforces quotas at runtime. Trust budget allocation ensures no request class can consume authority beyond its provisioned tier.
  • Per-tier provider + model configuration
  • Context budget allocation by provider class
  • Runtime cost governance with quota enforcement
  • Automatic fallback on provider failure
Layer 3 — Lineage
Cryptographic Authority Chain
64/022,682 — Compliance Patent
Every governance decision generates an HMAC-SHA256 signed certificate with hash-chained provenance. The chain is tamper-evident and independently replayable. Regulators verify offline — tamper-evident records designed for offline verification.
  • HMAC-SHA256 Decision Certificates
  • Hash-chained audit trail
  • Brier score calibration records
  • Offline verification — no callback needed
Runtime Authority Engine

Authority Resolution
in 7 Stages

The CoreGuard trust runtime intercepts every AI action, resolves authority against your governance corpus, and returns a signed ALLOW / BLOCK / MODIFY verdict with cryptographic provenance — before the model produces a single token.

Stage 1
Intercept
Request received before LLM call
0.05ms
Stage 2
Normalize
NFKC normalization + stakes classification
0.12ms
Stage 3
Enforce
Governance corpus evaluated deterministically
0.28ms
Stage 4
CRD Score
Confidence-Reality Divergence
0.08ms
Stage 5
Resolve
Canonical verdict — ALLOW / BLOCK / MODIFY
0.04ms
Stage 6
Execute
Approved action dispatched
0.03ms
Stage 7
Attest
HMAC-SHA256 certificate — chain advanced
0.06ms
Sub-Millisecond
Pre-Execution Authority Resolution
The trust runtime sits in the hot path before the LLM provider. Full authority resolution — charter evaluation, CRD scoring, verdict binding — completes in under 1ms. Zero measurable latency impact on production traffic.
Governance Corpus
Domain-Specific Governance Primitives
Governance corpora encode regulatory requirements as deterministic rules — not prompts, not heuristics. Lending, healthcare, trading, and enterprise security corpora ship out of the box. Enterprise corpora available on contract.
Authority Lineage
Independently Replayable Audit Chain
Every verdict is hash-chained and HMAC-signed. Chain integrity is computable by any party without contacting EVE. Regulators replay the full authority chain offline — tamper-evident records built for independent audit.
Governed Domains

Regulated industries.
Structural enforcement.

EVE CoreGuard deploys in lending, healthcare, and enterprise AI where governance must be deterministic, not probabilistic — and where post-hoc filtering is not a defensible compliance posture.

Lending & Credit
AI loan approval systems intercepted before adverse action. ECOA, FCRA, and Reg B — deterministic enforcement with evidence records. Every decision attested for fair-lending audit.
Enforcement Event action: loan_approval  |  amount: $50,000
policy: lending_v1  |  decision: ALLOW
cert: hmac-sha256:a4f2c3...  |  0.71ms
View use case →
Healthcare & HIPAA
AI clinical decision support gated before patient data is accessed or recommendations are generated. PHI handling rules enforced per HIPAA Security Rule requirements.
Enforcement Event action: phi_access  |  patient: de-identified
policy: healthcare_v1  |  decision: ALLOW
cert: hmac-sha256:b9e1a7...  |  0.63ms
View use case →
🔒
Enterprise AI Safety
Multi-agent systems and agentic workflows governed at the action level. Every tool call, memory write, and external API request passes through the governance gate before execution.
Enforcement Event action: external_api_call  |  risk: HIGH
policy: enterprise_v1  |  decision: BLOCK
rule: cop.external.unapproved_endpoint
View use case →
<1ms
Governance overhead per decision
100%
Pre-execution coverage — nothing bypasses the gate
90
USPTO provisional patents covering the full stack
3
Coordinated patent families — unified IP moat
Authority Lineage

Every decision is a
signed authority record

Governance decisions are cryptographically bound at issuance. The authority chain is independently replayable — years after the decision, by any verifying party, without EVE involvement. Trust is in the chain, not the system.

EVE CoreGuard — Decision Certificate Verification
$ eve-proof verify --cert cert_20260331_a4f2c3.json Loading certificate chain...   Certificate cert_20260331_a4f2c3 Decision ALLOW Action loan_approval :: amount=$50,000 :: policy=lending_v1 Timestamp 2026-03-31T14:22:17.841Z Latency 0.71ms Rules lending.credit_score_check=PASS  lending.dti_ratio_check=PASS CRD Score 0.08 (within threshold)   Signature hmac-sha256:a4f2c3e9b1d8f076a2c5e4b3d9f1a8c2e7b4d6f0a3c8e5b2 Chain pos #4,291  (prev: b9e1a7f3...) Chain INTACT  (4,291 entries verified)   ✓ Certificate VALID — signature matches, chain intact, decision unaltered Verification completed offline — no EVE connectivity required
Technical Reference

Infrastructure deep dives

Architecture specifications, compliance integration guides, and enforcement pattern documentation for regulated AI infrastructure teams.

Engineering

How We Built a Deterministic Governance Runtime with Sub-1ms Enforcement

Engineering a governance gate that runs before every LLM call, adds under 1ms of latency, and produces the same verdict for the same input every time.

Read article →
Compliance

EU AI Act Compliance Guide for High-Risk AI Systems

A practitioner's guide to Article 9 risk management and enforcement requirements under the EU AI Act.

Read guide →
Tutorial

CoreGuard API Tutorial: Integrate in Under 10 Lines

Step-by-step integration guide — REST API, Python SDK, and sidecar proxy deployment patterns.

Read tutorial →
Banking

SR 11-7 and AI Model Risk: The Enforcement Layer Banks Are Missing

Federal Reserve model risk requirements and why financial institutions need deterministic enforcement for LLM deployments.

Read article →
View all articles →    Browse documentation →
Trust Substrate

The substrate regulated AI
runs on top of

A trust substrate is the infrastructure layer that makes governance guarantees structurally true — not policy-dependent, not configuration-dependent, not semantically dependent. EVE is that layer for AI systems.

01 — Deterministic
Governance by Construction

Charter rules produce identical outputs for identical inputs — every time, regardless of model behavior, prompt content, or runtime state. Contradictions are structurally impossible, not prevented by configuration.

02 — Cryptographic
Not Semantic

Trust in EVE's governance decisions does not require trusting EVE. Every decision is signed. Every chain is hash-chained. Any verifying party replays the authority chain independently. Semantic trust is eliminated.

03 — Survivable
Under Adversarial Conditions

Hard governance invariants survive prompt injection, model hallucination, jailbreak attempts, and infrastructure failure. The enforcement layer operates below the semantic surface — invariant to model output.

The Substrate Argument

Trust in distributed systems has always required infrastructure. TLS doesn't ask you to trust that the server is who it says it is — it provides a cryptographic mechanism that makes the answer computable. PKI provides a chain of evidence that any verifier can traverse.

AI governance has not had an equivalent. Today it relies on semantic trust: you trust the model will follow its prompt. You trust the guardrail will catch edge cases. None of these are structural guarantees.

EVE changes the question from “do you trust this system?” to “can you verify this decision?” The answer is in the chain, not the system.

Infrastructure Grade

Trust infrastructure that resolves
authority before the model runs

CoreGuard deploys as a sidecar proxy, REST API, or SDK integration. Deterministic governance corpus, cryptographic authority chain, and independently replayable audit lineage. Contact us for an enterprise architecture review against your regulated AI deployment.

Book a 30-Minute Review See It Block a Violation