The PocketOS incident showed what happens when AI agents act without cryptographic authorization constraints.  Read the technical analysis →
Features Pricing Docs Security For Managed AI Healthcare Log in Start free
Cryptographic AI Agent Authorization

If your AI made a critical action today, could you prove the user explicitly approved it?

Prove every AI action was authorized before it happened.

If your AI can take actions on behalf of users, you need this. Signed proof of authorization before every execution — not reconstructed from logs after something goes wrong.

Start free — no card required View documentation

Free tier includes 1,000 receipts per month

AUTHPROOF · LIVE RECEIPT
Receipt Hash
sha256:a3f9c2e8b1d047f6
8e2a1c5d9b3f7042…
Scope
[read:records, write:scheduling]
Denied
delete:*, send:external
Signed
2 minutes ago · expires 2h
VERIFIED
Published before execution

Built on open standards. Deployed on proven infrastructure.

⚖️
MIT Licensed
🔐
ECDSA P-256 Signed
🕐
RFC 3161 Timestamps
🏥
HIPAA Ready
📄
IETF Internet-Draft

Built for teams where AI authorization is not optional

Healthcare AI

HIPAA requires proof of what your AI agent was authorized to do before it accessed patient data. System prompts are not access controls. Cryptographic receipts are.

See healthcare compliance →

Managed AI Companies

You deploy agents on behalf of clients in regulated industries. When something goes wrong your client asks for the authorization trail. Give them one they can verify independently.

See managed AI pricing →

Enterprise Internal AI

Your internal AI tools touch sensitive data, financial records, and customer information. Your compliance team needs proof of authorization that does not live on your own servers.

Talk to us →

What happens without Authproof

Without Authproof
AI agent executes an action
Server log records that it happened
Incident occurs. Company claims user authorized it.
No independent proof exists. Your word against theirs.
With Authproof
User signs exactly what the agent can do
Cryptographic receipt is published before execution
Incident occurs. Receipt proves what was actually authorized.
Proof is cryptographic, timestamped, and independently verifiable.

The difference is not the log. The difference is when the proof was created.

Features

Everything you need to authorize AI agents at scale

From pre-execution gates to tamper-evident audit trails — the compliance infrastructure your team needs, ready to ship today.

🔏

Pre-execution authorization proof

The receipt is signed and published before the agent acts. Not reconstructed from logs after the fact. Not the operator's word. Cryptographic proof that predates execution.

🔒

Tamper-evident audit trail

Every action chains to the previous entry with RFC 3161 timestamps. Modify any record and the chain breaks. Independently verifiable by any auditor without trusting your infrastructure.

📋

One-click compliance exports

Generate a signed audit package for any compliance review — HIPAA, SOC2, EU AI Act, PCI-DSS. The export hash can be independently verified. Ready for your auditor in seconds.

How it works

Three steps to cryptographic accountability

01

Authorize before execution — not after

Most AI systems log what happened. Authproof proves what was authorized before it happened. The receipt exists before the agent acts. That is not the same thing as a log.

02

Agent acts within bounds

Every tool call is verified against the signed receipt. Anything outside scope is blocked before execution. No exceptions, no bypasses.

03

Audit trail is ready

Every action is logged with cryptographic proof. Export a signed audit package for any compliance review — HIPAA, SOC2, or internal governance.

What your auditor actually receives

This is a real Authproof audit export. Every field is cryptographically signed and independently verifiable.

AUTHPROOF AUDIT EXPORT
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Account:Madewell AI
Client Org:St. Mary's Health System
Period:January 1 2026 — March 31 2026
Framework:HIPAA
Generated:2026-04-20T14:32:00Z
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
AUTHORIZATION SUMMARY
Total receipts:2,847
Authorized actions:2,831
Blocked actions:16
Sensitive data events:3
Sessions suspended:1
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SAMPLE RECEIPT
Receipt ID:rec_8f4d2a1b3c9e7f2a
Authorized by:clinician_key_0x4a2f...
Scope:[read:patient_records, write:scheduling]
Denied:[delete:*, send:external]
Issued:2026-01-14T09:31:00Z
Expires:2026-01-14T11:31:00Z
Signature:ECDSA_P256:9a3f2c1d...
Status:VERIFIED
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
EXPORT VERIFICATION
Export hash:sha256:8f4d2a1b9c3e...
Signed:2026-04-20T14:32:00Z
Verify at:cloud.authproof.dev/verify
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
This export is cryptographically signed.
Any modification invalidates the hash.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🔐
Signed with ECDSA P-256 Same algorithm used in banking
🕐
RFC 3161 timestamps Legally verifiable time ordering
Independent verification No need to trust our servers
Live demos

See it in action

Real outputs from the Authproof verification pipeline. This is what your compliance team sees.

receipt_verify.js
✓ Receipt verified hash: sha256:a3f9c2e8... issued: 2 min ago scope: [read, summarize] expires: 1h 58m status: VALID
Verify a delegation receipt in milliseconds. Returns structured proof your compliance team can audit and export.
pre_execution_gate.js
→ Tool call: send_email Checking receipt... Scope match: Trust score: 94.1 Risk score: 8.3 Decision: ALLOW
The 7-check pre-execution gate runs before every tool call. Out-of-scope actions are blocked before they execute.
anomaly_detection.js
⚠ Behavioral drift detected session: sess_8f2a3c... expected: [read] attempted: delete_record trust: 31.2 ↓ action: BLOCKED + FLAGGED
Session state tracking catches behavioral anomalies in real time. Out-of-scope actions are blocked and flagged instantly.
Integrations

Works with the tools you already use

Drop Authproof into your existing agent stack. One SDK, any framework.

🤖 Claude / Anthropic
Native MCP compatibility for Claude agents and tool use workflows.
⚡ OpenAI Agents
Drop-in SDK for GPT-based agent workflows and function calling.
🔗 LangChain
Middleware integration for chain-based agents and tool registries.
🤝 AutoGen
Multi-agent coordination with full receipt chaining across agent boundaries.
☁️ AWS Bedrock
Enterprise agent authorization for Bedrock-hosted models and workflows.
🛠 Custom SDK
MIT-licensed open source SDK — integrate any agent system in under an hour.

Don't see your stack? The SDK is open source and MIT licensed. View on GitHub →

Ecosystem

Extend with plugins

Connect Authproof to the rest of your security and compliance stack.

🔌

MCP Server Plugin

Expose Authproof verification as an MCP tool for Claude and any MCP-compatible agent. Receipts become first-class tools in your agent's capability set.

💬

Slack Audit Alerts

Get real-time Slack notifications when an agent action is blocked or a trust score drops below threshold. Your security team knows instantly.

📡

Export to SIEM

Push structured audit logs to Splunk, Datadog, or any SIEM via webhook. Every receipt and verification event in the format your SOC already uses.

Plugin SDK docs available on GitHub.

Compliance

Built for regulated environments

🏥HIPAA Audit Controls
SOC2 Ready
🇪🇺EU AI Act Aligned
💳PCI-DSS Logging

Logs tell you what happened. Receipts prove what was authorized.

"Audit logs are post-hoc evidence. Receipts are pre-hoc constraints."

Pricing

Simple, transparent pricing

Free
$0
per month, forever
  • 1,000 receipts per month
  • Full verification API
  • 7-check pre-execution gate
  • Dashboard and audit export
  • Community support
Start for free
Most popular
Pro
$49
per month, billed monthly
  • 10,000 receipts/month
  • Everything in Free
  • Priority support
  • 99.5% uptime SLA
  • Signed audit exports
  • BAA available ($99 add-on)
Start Pro trial
Enterprise
Custom pricing
tailored to your organization
  • Everything in Pro, plus:
  • Legal Hold & append-only custody log
  • White Label Compliance Reports
  • Team Management & Role-Based Access Controls
  • BAA included and pre-executed
  • 4-hour priority SLA with named contact
  • Custom retention up to 6 years
  • Dedicated onboarding session
  • Custom HIPAA, SOC2, EU AI Act reports
  • SIEM export via webhook
  • Volume receipt pricing
  • Annual contract available
  • Custom scope schema design
Talk to us →

All plans include MIT-licensed open source SDK access. No vendor lock-in ever.

Why pay instead of self-hosting?

Compliance-grade exports
The hosted log produces RFC 3161 timestamped exports that satisfy HIPAA audit requirements out of the box. Self-hosted requires you to configure and maintain your own timestamping authority.
Managed retention and legal hold
Pro includes 90-day retention. Enterprise includes up to 6-year retention and legal hold for litigation. Running this yourself means managing backup, redundancy, and legal hold infrastructure.
Instant BAA
A Business Associate Agreement is available immediately on paid plans. Self-hosted means you are your own BAA counterparty — which means nothing to an auditor.
Alerting on unauthorized attempts
Webhook notifications fire the moment an action is blocked or a session degrades. Your security team knows instantly without building a monitoring stack.
Feature Free Pro Enterprise
Receipts per month 1,000 10,000 Unlimited
Verification API
7-check pre-execution gate
Dashboard and audit export
Session state and trust scoring
Multi-tenant org management
Webhook notifications
Compliance reports
Custom retention periods
BAA included
Priority SLA
Dedicated onboarding
SIEM integration
Annual contract
Support Community Email 24hr Named contact 4hr
Professional Add-ons

Available on any plan

One-time or recurring services to accelerate your compliance and integration work.

Implementation Support
$499
one-time
Two hours of hands-on integration help with an Authproof engineer — SDK setup, scope design, and first-receipt validation.
Custom Compliance Report
$99
per report
Signed, auditor-ready HIPAA, SOC 2, or EU AI Act compliance report generated from your live receipt data.
Business Associate Agreement
Included Free
Pro & Enterprise plans
Included free on Pro and Enterprise plans. Available on request.
Dedicated Onboarding Session
$499
one-time
60-minute onboarding call with screen share — scope design review, team walkthrough, and integration Q&A.

Questions about add-ons? Email us →

Quick start

Up and running in minutes

  • 1

    Install the SDK

    Add authproof to your project with npm or yarn. MIT licensed, zero proprietary lock-in.

  • 2

    Configure your endpoint

    Point the SDK at Authproof Cloud with your API key. One config object, everything else is automatic.

  • 3

    Delegate and verify

    Issue signed receipts before each agent action. Stored, chained, and verifiable by any third party immediately.