InvoanceInvoance
Log inGet access
AI Attestation

How AI Attestation creates tamper-evident AI records

AI Attestation anchors the exact input, output, and model metadata of an AI generation event — at the moment it occurs. No changes to your AI pipeline required. The result is a permanent, cryptographically signed record proving exactly what the model received and produced.

← Back to How It Works

Key principle: nothing changes upstream

Your AI pipeline stays exactly the same. Invoance sits after the generation step — it receives a copy of what happened and anchors it. No model changes, no proxy, no middleware. One API call after generation.

Flow diagram
Your App
→
↓
AI Model
→
↓
Response
→
↓
Invoance API

What you send

Your attestation request includes the model details, the exact input prompt, the exact output response, generation parameters, and business context metadata.

{
  "model": "gpt-4-turbo",
  "model_version": "2025-02-01",
  "input": "Summarize the key risks in this merger agreement...",
  "output": "The merger agreement contains three primary risk factors...",
  "temperature": 0.3,
  "metadata": {
    "use_case": "legal_review",
    "document_id": "doc_merger_acme_2025",
    "user_id": "analyst_jane",
    "session_id": "sess_8f3k2m"
  }
}
model & model_version

Which model was used and which version. Critical for reproducibility and regulatory audit.

input

The exact prompt text sent to the model. This is what the model received — the attestation proves it unchanged.

output

The exact response from the model. Byte-for-byte identical to what was generated — no truncation, no post-processing.

temperature

The generation parameter controlling randomness. Part of the model's operating configuration at the moment of generation.

metadata

Your business context — use case, document references, user identity, session tracking. Optional but recommended for audit trails.

What happens on ingestion

When your request arrives, Invoance executes a deterministic, auditable sequence to create the proof record.

1
Input and output hashed separately

SHA-256(input) and SHA-256(output) computed independently. Separate hashes enable partial verification.

2
Combined attestation hash computed

Over: input_hash + output_hash + model + model_version + timestamp. All fields contribute to the proof.

3
Full bundle signed with Ed25519

The attestation hash and metadata are signed with your tenant's private key. Signature proves organizational origin.

4
Written to append-only storage

Record committed to immutable Postgres table. No delete, no update, no modification possible at any privilege level.

5
Verification URL generated

Public URL created so any third party can retrieve and verify the attestation without authentication.

Separate hashing matters: Input and output are hashed separately so you can prove what the model received without disclosing what it produced — or vice versa. This is critical for confidential AI workflows where input or output may contain sensitive data.

What you receive

The response contains all the cryptographic proof materials and verification information you need to audit and prove the AI interaction.

{
  "id": "att_m3n4o5p6",
  "model": "gpt-4-turbo",
  "model_version": "2025-02-01",
  "input_hash": "a1b2c3d4e5f6...",
  "output_hash": "f6e5d4c3b2a1...",
  "attestation_hash": "7890abcdef12...",
  "signature": "d4f5e6a7b8c9...",
  "timestamp": "2025-03-15T14:32:07.123456Z",
  "verification_url": "https://www.invoance.com/proof/ai/att_m3n4o5p6",
  "status": "anchored"
}
id

Globally unique attestation identifier. Use this to reference the record in your audit logs.

input_hash & output_hash

SHA-256 hashes of the input and output respectively. These are the foundation of verification.

attestation_hash

SHA-256 hash of the complete bundle (input_hash + output_hash + model + timestamp, etc.). Covers everything.

signature

Ed25519 signature over the attestation_hash. Proves the record originated from your organization and is unaltered.

timestamp

RFC 3339 timestamp of attestation creation. Recorded by Invoance at ingestion, included in the signed payload.

verification_url

Public HTTPS URL. Any third party (auditor, regulator, counterparty) can retrieve this attestation without credentials.

status

Operational status. 'anchored' means the record is immutable and verifiable.

How verification works

Verification is a deterministic, locally performed operation. No contact with Invoance required. Any third party with access to the attestation record and the original input/output can verify independently.

1
Obtain the original input and/or output

The data you want to verify. This may come from your audit log, from the model directly, or from third-party storage.

2
Recompute SHA-256 of the input

Hash the input bytes. Compare against input_hash from the attestation response.

3
Recompute SHA-256 of the output

Hash the output bytes. Compare against output_hash from the attestation response.

4
If both match: unaltered

The AI interaction has not been altered. The model received and produced exactly what the attestation claims.

5
Verify Ed25519 signature

Using the public key on the attestation record, verify the signature over attestation_hash. Proves organizational attribution.

6
Confirm timestamp authenticity

Verify that the timestamp is reasonable and that the record exists in the append-only ledger at that date.

Partial verification is valid. You can verify input without output, or output without input. This allows selective disclosure in regulated environments.

What AI Attestation proves

AI Attestation is a forensic record of what happened at a specific moment. It proves technical facts, not quality or correctness.

Attestation proves
Exact input the model received
Exact output the model produced
Which model and version was used
When the generation occurred
That the record has not been altered
Does NOT prove
—That the AI output is correct or accurate
—That the model is unbiased
—That the input was appropriate
—That the user acted on the output correctly
—Legal admissibility in any jurisdiction
AI Attestation is a forensic record, not a quality assessment. What it provides — an immutable, independently verifiable record of what happened — is exactly what is absent from most AI systems today.

Regulatory context

Several regulatory frameworks now require or strongly imply that AI systems in high-stakes domains maintain auditable records. AI Attestation provides the technical foundation for compliance.

EU AI ActArt. 12, 13

High-risk AI systems must maintain logs of inputs, outputs, and model behavior for post-market monitoring and regulatory audit.

NIST AI RMFMap, Measure, Manage

Documentation of AI system behavior, including what inputs were received and what outputs were produced. Attestation creates immutable proof.

SOC 2CC6.1, CC7.2

Monitoring and integrity controls over AI-generated outputs. Attestation satisfies monitoring and integrity verification obligations.

FDA SaMDSoftware as a Medical Device

Transparency and traceability of AI decisions in clinical workflows. Attestation documents what the model received and produced.

SEC AI disclosureFinancial decisions

Public companies must disclose AI use in material decisions. Attestation provides audit trail for post-hoc review.

HIPAAHealthcare data

AI systems operating on protected health information must support audit and accountability. Attestation creates tamper-evident records.

The regulatory landscape for AI is evolving rapidly. Invoance provides the technical foundation — immutable records of what happened — so you are prepared regardless of which requirements apply to your use cases.

AI Attestation uses the same cryptographic primitives as all Invoance records — SHA-256, Ed25519, append-only Postgres — extended with AI-specific fields for model metadata, separate input/output hashing, and verification URLs.

View AI AttestationBack to How It WorksDeveloper docsJoin the waitlist

How AI Attestation Works — Invoance

Technical walkthrough of how Invoance AI Attestation creates tamper-evident records of AI inputs, outputs, and model metadata at the moment of generation. Anchor AI payloads with SHA-256 hashing and Ed25519 signing for permanent, independently verifiable proof of what any AI model produced and when.

Invoance

Neutral digital proof infrastructure for business. Tamper-evident, independently verifiable records.

Subscribe to our newsletter

Products
Platform
How It Works
Developers
Verify
Resources
Help & Legal
Products
  • Event Ledger
  • Document Anchoring
  • AI Attestation
  • Traces
Platform
  • Why Invoance
  • For Compliance Teams
  • Pricing
  • Security
How It Works
  • Overview
  • Event Ledger
  • Document Anchoring
  • AI Attestation
Developers
  • Overview
  • Endpoints
  • Authentication
  • Concepts
Verify
  • Verify Document
  • Verify AI Attestation
  • Verify Event
  • Verify Trace
Resources
  • All Resources
  • SOC 2 Guide
  • HIPAA Guide
  • ISO 27001 Guide
Help & Legal
  • Support
  • Verification Help
  • FAQ
  • Legal Notice

Invoance provides technical verification and proof infrastructure for digital records. Invoance does not issue legal, financial, or regulatory advice.

Records anchored through Invoance are cryptographically signed and tamper-evident by design. Invoance does not verify the accuracy, legality, or authenticity of document contents — only that a record existed in a specific form at a specific time. Verification links are publicly resolvable and do not require authentication. Invoance does not act as a custodian of funds, a legal authority, or a regulated financial entity. Use of Invoance does not constitute legal compliance. Consult qualified counsel for your specific obligations.

© 2025 – 2026 Invoance. All rights reserved.•