Features Sandbox Pricing Docs Security For Managed AI Healthcare Log in Start free

The user signs. The operator cannot widen scope after.

Most agent authorization protocols enforce against a policy the operator defines. AuthProof is different: your users sign the authorization object with their own private key, and that signature gates execution. Before any action runs, the live model state is measured and compared to what was measured at authorization time. Drift blocks execution. The user's intent is the constraint, not an operator-managed policy that can be rewritten after the fact.

Start free

Something could be chipping away right now and you would not know it.

Most AI agent deployments use a trust score. Good action, score goes up. Bad action, score goes down. Sounds reasonable. But a patient attacker does one bad thing, one good thing, one bad thing, one good thing. The score never hits zero. The damage accumulates. Your account drains. Your data leaks. Slowly. Quietly. Until it is too late.

What most teams have
  • Logs that record what happened
  • Trust scores that recover
  • Policies the agent can reason around
  • Post-hoc evidence after something goes wrong
What Authproof gives you
  • Cryptographic proof before the agent acts
  • A session budget that only goes down
  • Constraints the agent cannot reason around
  • Pre-hoc authorization that predates execution

If your AI agent did something unauthorized today could you prove what it was authorized to do before it acted?

Start free -- no card required See how it works →
How it works

Three steps to cryptographic accountability

01

Sign a receipt before the session starts

The user signs a receipt that specifies exactly what the agent can and cannot do. This happens before the agent acts -- not after. The receipt is the constraint, not a log.

02

Every action is checked before it executes

Every agent action is verified against the signed receipt before execution. Anything outside scope is blocked automatically. No exceptions. No bypasses. The receipt is not advisory -- it is enforced.

03

Every action is logged with cryptographic proof

Every action is logged with a tamper-evident chain. Export a signed audit package for any compliance review in seconds. Your auditor gets proof that predates execution -- not a log reconstructed after the fact.

Interactive demo

Try it yourself

Create a receipt and test an action -- no account required.

Step 1 -- Create a Receipt
Comma-separated -- actions this agent may take
Comma-separated -- actions that are always blocked
Step 2 -- Receipt JSON
Fill in the form and click "Create Receipt" to generate a receipt.
Step 3 -- Test an Action
Sandbox uses keyword matching against your allowed/denied lists. Denied takes precedence.
Real SDK receipts are ECDSA P-256 signed -- see the SDK docs for full cryptographic verification. Want the full experience? Open the standalone sandbox →
Step 4 -- Watch the Agent Work

Uses the allowed/denied lists from Step 1. Generates 6 - 8 realistic actions and shows live PERMIT / DENY decisions.

Live receipt -- signed before execution
AUTHPROOF · LIVE RECEIPT
Receipt Hash
sha256:a3f9c2e8b1d047f6
8e2a1c5d9b3f7042...
Scope
[read:records, write:scheduling]
Denied
delete:*, send:external
Signed
2 minutes ago · expires 2h
VERIFIED
Published before execution
Pricing

Simple, transparent pricing

Free
$0
per month, forever
  • 1,000 receipts per month
  • Full verification API
  • 7-check pre-execution gate
  • Dashboard and audit export
  • Community support
Start for free
Most popular
Pro
$49
per month, billed monthly
  • 10,000 receipts/month
  • Everything in Free
  • Priority support
  • 99.5% uptime SLA
  • Signed audit exports
  • BAA available ($99 add-on)
Start Pro trial
Enterprise
Custom pricing
tailored to your organization
  • Everything in Pro, plus:
  • Legal Hold & append-only custody log
  • White Label Compliance Reports
  • Team Management & Role-Based Access Controls
  • BAA included and pre-executed
  • 4-hour priority SLA with named contact
  • Custom retention up to 6 years
  • Dedicated onboarding session
  • Custom HIPAA, SOC2, EU AI Act reports
  • SIEM export via webhook
  • Volume receipt pricing
  • Annual contract available
  • Custom scope schema design
Talk to us →

All plans include MIT-licensed open source SDK access. No vendor lock-in ever.

Why pay instead of self-hosting?

Compliance-grade exports
The hosted log produces RFC 3161 timestamped exports that satisfy HIPAA audit requirements out of the box. Self-hosted requires you to configure and maintain your own timestamping authority.
Managed retention and legal hold
Pro includes 90-day retention. Enterprise includes up to 6-year retention and legal hold for litigation. Running this yourself means managing backup, redundancy, and legal hold infrastructure.
Instant BAA
A Business Associate Agreement is available immediately on paid plans. Self-hosted means you are your own BAA counterparty -- which means nothing to an auditor.
Alerting on unauthorized attempts
Webhook notifications fire the moment an action is blocked or a session degrades. Your security team knows instantly without building a monitoring stack.
Feature Free Pro Enterprise
Receipts per month 1,000 10,000 Unlimited
Verification API
7-check pre-execution gate
Dashboard and audit export
Session state and trust scoring
Multi-tenant org management --
Webhook notifications --
Compliance reports --
Custom retention periods -- --
BAA included -- --
Priority SLA -- --
Dedicated onboarding -- --
SIEM integration -- --
Annual contract -- --
Support Community Email 24hr Named contact 4hr
Professional Add-ons

Available on any plan

One-time or recurring services to accelerate your compliance and integration work.

Implementation Support
$499
one-time
Two hours of hands-on integration help with an Authproof engineer -- SDK setup, scope design, and first-receipt validation.
Custom Compliance Report
$99
per report
Signed, auditor-ready HIPAA, SOC 2, or EU AI Act compliance report generated from your live receipt data.
Business Associate Agreement
Included Free
Pro & Enterprise plans
Included free on Pro and Enterprise plans. Available on request.
Dedicated Onboarding Session
$499
one-time
60-minute onboarding call with screen share -- scope design review, team walkthrough, and integration Q&A.

Questions about add-ons? Email us →

Ryan Nelson

Built by one person

Ryan Nelson. HVAC technician at Arctic Air. Accounting student at Oklahoma State University. Father of a daughter turning three in June. IETF Internet-Draft filed April 2026. 1,229 tests. MIT licensed. Full time job. Full time school. Built it anyway.

LinkedIn → ryan@authproof.dev