Every AI agent making consequential decisions should have an auditable history.

Sigmodx is the audit and verification layer for AI agents. Every decision is cryptographically attested, independently verifiable, and stored in an append-only record no one can silently alter.

Patent Pending ยท U.S. Application No. 64/040,964
Request AccessSee how it works
How Sigmodx works: (1) Agent decision with input hash, rationale, and confidence score; (2) Sigmodx records it append-only with cryptographic hash and HMAC signature; (3) verification string such as SIGMODX-INVOICE-E54ECE50-D331D86614C1 for independent auditor verification.

A control plane for AI agents

Layer 1

Audit & Verification (Sigmodx)

Every agent has a reliability state: ALLOW, LIMIT, or BLOCK. State is determined by continuous evaluation against deterministic benchmarks. Every state change is cryptographically hashed, HMAC-signed, and written to an append-only record.

Layer 2

Policy Enforcement (cinmon-control)

Before an agent executes, it checks its current state. State maps to enforceable caps: maximum capital, maximum trade size, whether human approval is required. Any upstream failure defaults to BLOCK.

Layer 3

Economic Execution (EmbiPay)

Agents operate wallets and execute transactions under fleet-level capital caps. No agent moves money without passing through the policy layer.

The result: an end-to-end audit trail from agent decision to financial execution โ€” verifiable by anyone, alterable by no one.

AI agents are making financial decisions. Most of them have no audit trail.

Public companies are deploying AI agents to approve invoices, flag anomalies, generate forecasts, and execute transactions. SOX was written for humans. There is no established standard for how an auditor verifies that an AI agent's financial decisions were governed, logged, and controlled.

Sigmodx provides the infrastructure layer that makes AI agent decisions auditable. Every decision is recorded with a cryptographic fingerprint. Every state change has an immutable reason. Every attestation can be independently verified from a single verification string.

Built on append-only storage, deterministic scoring, and cryptographic attestation โ€” not promises.

Built for the audit, not just the product

Append-Only Audit Trail

Every agent decision, state change, and attestation is written once and cannot be modified. Enforced at the database layer, not the application layer.

Cryptographic Attestation

Each attestation carries a SHA-256 report hash and optional HMAC signature. Any third party can independently verify the record from the hash alone.

Independent Verification

Public verification endpoints allow auditors to reproduce scores, confirm hashes, and validate attestations without system access.

Enterprise and institutional access

Private organization mode with tenant isolation, role-based access controls, evaluation cutoff enforcement, SOC 2 controls mapping, and exportable compliance evidence. Built for teams that need to show their auditors something real.

Talk to us