The verifiable audit substrate beneath your AI agents.
Every Codex CLI run, every Claude Code tool call, every MCP tool invocation lands in a BLAKE3 hash chain anchored to a public timestamp authority. Compliance officers pull EU AI Act Article 12 evidence in 5 minutes through a JSON API.
The EU AI Act passed in 2024 with a phased compliance timeline. 2026-08-02 is the date Article 12 takes legal force: every operator of a "high-risk AI system" in the EU must keep "automatically generated logs … over a period appropriate to the intended purpose … at least six months." Fines for non-compliance go up to 7% of global revenue.
The 2024-2026 compliance tooling boom — Vanta, Drata, OneTrust, Sprinto — generalised on SOC 2 / ISO 27001 / GDPR. Their evidence pipelines were designed when "AI" meant a chatbot on the marketing site. They were not designed for: "show me the cryptographic chain of every tool call this agent made on behalf of this user on this case, and prove the chain has not been tampered with since." That is what Attestplane provides.
One sentence: Attestplane is the verifiable audit substrate that sits between your AI agents and your compliance tooling, producing the cryptographic evidence trail that Vanta/Drata can't generate.
Mechanically:
- Every AI-agent action passes through the Control Plane before execution.
- The Control Plane issues a short-lived cryptographic lease. No lease, no execution.
- The action's input, output, and outcome land in an append-only BLAKE3 hash chain.
- The chain head is periodically anchored to a public RFC-3161 timestamp authority.
- Replay deterministically computes a Merkle root over per-step inputs — provable distinctness.
- A
/v1/auditor/*JSON API lets your compliance officer pull evidence in 5 minutes.
- EU AI Act Articles 9-17 (substantive)
- NIST AI RMF
- ISO/IEC 42001
- SOC 2 Type II
- ISO/IEC 27001
- OMB M-25-21
- China generative AI 暂行办法
EU AI Act mapping is substantive (Article-by-Article SQL/curl verification). NIST AI RMF + ISO 42001 substantive uplift targeted 2026-Q4; OMB M-25-21 + China are customer-signal-gated.
| What Attestplane is | What it is not |
|---|---|
| The cryptographic source-of-truth feeding your compliance tools | A compliance dashboard for non-technical buyers |
| Substrate that Vanta / Drata / OneTrust call — not a competitor | A SOC 2 generalist tool |
| Open architecture: schema-validated REST, no vendor lock-in | Zero-knowledge proof tech (we're honest: "auditable, not zk-verifiable") |
| Designed for AI-agent workloads from day 1 | A SaaS hosted by us today |
2026-08-15 — 13 days after EU AI Act Article 12 takes legal force.
We are opening 5–10 design-partner slots for EU regulated firms (financial services / healthcare / legal / public sector) targeting the 2026-08-02 enforcement date.
- 50% discount on year-1 ACV ($75K–$200K effective)
- White-glove deployment from the founding team
- Bi-weekly product feedback loop
- Roadmap influence
Contact: contact@attestplane.com
This organization is the brand placeholder while the substrate prepares for M5 GA. Source code repositories will publish here as the v1.0 ship date approaches and patent / trademark filings complete.
- 🌐 Website: https://attestplane.com
- 📧 Email: contact@attestplane.com
- 🔒 Security: SECURITY.md
Attestplane, Attestplane® Certified, and the Attestplane logo are trademarks (USPTO + EUIPO application pending). Use of these marks in connection with a fork of any Attestplane open-source repository requires a separate trademark license — see project Trademark Policy when published.