Every AI decision produces a signed, tamper-evident receipt. Auditors, regulators, and insurers verify it independently — with only the public key, and no dependency on the AI vendor.
$ npm install @askledger/receipts-sdkIndia's RBI has closed consultation on its Model Risk Management guidance; the EU AI Act and UAE CBUAE deadlines follow within weeks. Each requires evidence of what an AI system did — the record most institutions cannot yet produce.
Most AI risk today is invisible — running outside your controls, inside your vendors, or acting on its own. You can't govern what you can't prove.
Staff paste customer data, code, and financials into consumer AI with no oversight. One in five organisations has already been breached through shadow AI — at roughly $670K more per incident (IBM, 2025).
A supplier quietly adds an AI sub-processor in a routine update, and it now touches your customer data. You stay accountable — but you cannot see what their model actually did.
Autonomous agents move money, change records, and call tools. When every individual action looks legitimate, misuse stays invisible until after the damage is done.
Hallucinations slip into real decisions, and ordinary logs can be edited after the fact — so they don't survive an audit, a regulator, or a court.
Not only regulated industries. Any team shipping AI into real decisions gains the same advantages — from day one.
Pass security reviews and RFPs with cryptographic proof, not promises. Trust becomes your differentiator.
Accountability becomes one line of code, not a six-month compliance project. Stop stalling in pilots.
Verifiable evidence lets you file a claim, price a policy, or hold a vendor liable when AI gets it wrong.
When a vendor's model touches your data, prove exactly what it did — accountability stays with you.
As agents act on their own, get a tamper-proof record of every action — for forensics, drift, and control.
One evidence layer satisfies every framework coming — EU AI Act, RBI, NIST AI RMF, ISO 42001.
The full path from an AI request to independently verifiable evidence — automatically, in under two milliseconds.
Wire-format compatible across five languages, with an independent verifier shipped in every SDK.
RFC 8785 gives every receipt one deterministic byte representation. The SHA-256 of those bytes is the receipt_hash — any SDK produces an identical hash for identical input, proven by shared conformance vectors.
Each receipt's previous_receipt_hash binds it to the one before. Alter any historical receipt and every later verification fails. Periodic Merkle commitments make truncation detectable.
Ed25519 over the canonical bytes. The private key never leaves the HSM — AWS KMS, Azure Key Vault, GCP KMS, or PKCS#11. Optional RFC 3161 timestamps anchor each signature to absolute time.
A thin library inside your own environment. Wrap the client once; every call is captured, signed, and written where you choose.
Each call also emits a signed receipt to your own store — verifiable by any auditor, regulator, or insurer with only the public key. The signing key never leaves your HSM.
Most teams believe their logs will hold up. They won't — not when an outsider has to trust them. Here is the line that matters.
One import, no application rewrite. Every call becomes a signed receipt — in the language your stack already uses.
import OpenAI from "openai"; import { wrapOpenAI, generateKeyPair } from "@askledger/receipts-sdk"; // Wrap the client once — your application code is unchanged const client = wrapOpenAI(new OpenAI({ apiKey }), { tenantId: "acme", keypair: generateKeyPair(), // production: HSM-backed onReceipt: async (r) => store.append(r), }); const res = await client.chat.completions.create({ model, messages }); console.log(res.x_ledger_receipt_id); // cryptographic evidence id
from askledger_receipts import wrap_openai, generate_keypair from openai import OpenAI # Wrap the client once — your application code is unchanged client = wrap_openai(OpenAI(api_key=api_key), tenant_id="acme", keypair=generate_keypair(), # production: HSM-backed on_receipt=lambda r: store.append(r)) res = client.chat.completions.create(model=model, messages=messages) print(res.x_ledger_receipt_id) # cryptographic evidence id
import receipts "github.com/askledger/receipts-sdk-go" // Wrap the client once — your application code is unchanged client := receipts.WrapOpenAI(openaiClient, receipts.Config{ TenantID: "acme", Keypair: receipts.GenerateKeyPair(), // production: HSM-backed OnReceipt: func(r receipts.Receipt) { store.Append(r) }, }) res, _ := client.Chat.Completions.Create(ctx, req) fmt.Println(res.LedgerReceiptID) // cryptographic evidence id
use askledger_receipts::{wrap_openai, generate_keypair, Config}; // Wrap the client once — your application code is unchanged let client = wrap_openai(openai_client, Config { tenant_id: "acme".into(), keypair: generate_keypair(), // production: HSM-backed on_receipt: |r| store.append(r), }); let res = client.chat().completions().create(req).await?; println!("{}", res.ledger_receipt_id); // evidence id
import io.askledger.receipts.*; // Wrap the client once — your application code is unchanged var client = Receipts.wrapOpenAI(openAiClient, Config.builder() .tenantId("acme") .keypair(Receipts.generateKeyPair()) // production: HSM-backed .onReceipt(store::append) .build()); var res = client.chat().completions().create(req); System.out.println(res.ledgerReceiptId()); // evidence id
Real scenarios, end to end — the decision, the moment it is challenged, and the evidence a receipt gives you. Select your industry.
Counsel asks the bank to show exactly what the model produced on that date.
Logs have rotated and the model retrained twice; nothing ties that decision to that version.
The precise input, output, and model — signed and timestamped — defensible before a court or the RBI.
A valued customer is blocked and escalates; the team must explain the decision fast.
The model's reasoning is opaque and the record is disputable — a compliance headache.
Exactly which signals and score triggered the block — a defensible, explainable record on demand.
A denied policyholder disputes the outcome and a regulator asks how the decision was made.
The triage path can't be reconstructed precisely; the insurer is exposed to bad-faith claims.
Exactly what the model saw and decided — turning "the system denied it" into defensible evidence.
A fairness audit requires showing inputs and outputs across many decisions, not a summary.
Sampling self-reported logs invites dispute over whether the records were altered.
An unedited, verifiable record of each decision — the actuarial input to price and insure AI risk itself.
A safety review must establish precisely what the model recommended, on what data, at what time.
Reconstructing the moment from mutable records is slow and legally weak.
An immutable record of the recommendation and its inputs — with confidential data hashed, never exposed.
An auditor asks the provider to prove that patient data stayed within approved boundaries.
"We configured it correctly" is an assertion an auditor cannot independently confirm.
A verifiable record of every AI call and its data classification — evidence, not assurance.
An appeal requires an explainable, auditable account of an automated decision affecting a citizen.
Public trust erodes when agencies cannot independently show what an automated system did.
Evidence an oversight body can verify itself — no privileged access to internal systems required.
A transparency law requires accounting for automated decisions without exposing sensitive systems.
Agencies face a choice between opacity and exposing internal infrastructure.
Independently verifiable evidence of each decision — provable with only a public key.
A court sanctions AI-fabricated citations; the firm must show exactly what was AI and what was reviewed.
"A human checked it" is a claim — indistinguishable from the failures making headlines.
A signed record of the AI output and the human review — the line between documentation and evidence.
A client's engagement terms require disclosure of when and how AI was used on their matter.
The firm relies on memory and unverifiable notes to answer a trust-critical question.
A precise, signed account of AI involvement per matter — turning a risk into a trust advantage.
Open-core, vendor-neutral, and wire-format conformant across five reference implementations.
Native receipt capture for OpenAI, Anthropic, Gemini, Bedrock, Cohere, Mistral and five more vendors — plus LangChain, Cursor, and gateway integrations. No application rewrite required.
Receipts supply the runtime evidence these regimes demand — what an AI system did, when, and under which policy — pre-mapped across the major global frameworks.
No vendor lock-in and no proprietary cryptography. Every claim is verifiable against published RFCs and the public specification.
Enterprise-grade from the substrate up — and open, so your security team can verify every claim for themselves.
"The next five years of AI are not about better models — they are about the infrastructure that makes them defensible."
Built in the open, because trust infrastructure should be inspectable. Open-source core under Apache-2.0; a commercial layer — hosted verification, a regulator portal, and evidence packs — is in design-partner preview.
No. Receipts record a hash of the input and output — not the raw content. The private signing key stays inside your HSM, and verification needs only the public key. Nothing confidential is exposed to produce or verify a receipt.
Signing and verification complete in under two milliseconds end to end. Receipt generation never blocks or breaks the AI call it instruments — errors from the wrapped client always propagate normally.
No. AskLedger is open source under Apache-2.0, the wire format is an open specification, and any third party can verify a receipt with published RFCs and a public key. The protocol is a public good — adoption is the moat, not lock-in.
OpenAI, Anthropic, Gemini, Bedrock, Cohere, Mistral and more via drop-in adapters, plus LangChain, Cursor, and gateway integrations — across five language SDKs. A generic adapter covers any HTTP-based provider.
As a library inside your own environment — no data routed to a third party. Signing uses your existing AWS KMS, Azure Key Vault, GCP KMS, or PKCS#11 HSM. Chain state runs on your Postgres for multi-tenant scale.
AskLedger is at the design-partner stage, working with a small group of banks, insurers, and AI teams preparing for the regulatory shift. If that is you, let's talk.