Vouch — Trust & Security

Deterministic by Design

Vouch contains zero AI inference. No LLM in the loop. No probabilistic models. No randomness. The same plan always produces the same verdict. This is a design choice, not a limitation.

Deterministic

Same Input = Same Output

Every evaluation is reproducible. Run it today, run it next year — identical result. No model drift, no temperature variance, no stochastic behavior.

Fast

<3ms Evaluation

Your agents don't slow down. Vouch evaluates plans faster than a network round-trip. Zero tokens consumed. Zero inference cost.

Auditable

Every Verdict Signed

Ed25519 cryptographic signatures on every verdict. An independent auditor can verify no record was modified after issuance.

Why Not Just Model Guardrails?

Frontier agents like Claude and GPT-4 already have safety guardrails. Those guardrails protect what the model says — they prevent it from generating harmful text.

Vouch protects what the agent does. A model will happily generate a plan to rotate your API key and send it to an external address. That's a structurally valid request. The model has no reason to refuse it.

Model guardrails are probabilistic, provider-controlled, and can be jailbroken. Vouch is deterministic, runs in your stack, and evaluates plan structure — not prompts. It can't be talked out of a verdict.

Tested in the Open

Every number below was produced by sending plans through POST /api/v1/vouch. No tailored benchmarks. No proprietary datasets.

Catch Rate

90.2%

Adversarial plans caught across credential harvesting, privilege escalation, data exfiltration, prompt injection, and supply chain attacks.

False Positive Rate

<3%

Hard false positive rate across mixed corpora. Your legitimate operations flow without friction.

Plans Evaluated

342k+

Through the production API. Benign DevOps, hostile exfiltration, prompt injection, and everything in between.

Head-to-Head

2.4x

Vouch vs the leading semantic policy engine. Same 100k corpus, same conditions. 90.2% vs 37.9% catch at lower false positive rate.

Latency

~2ms

Full pipeline evaluation. No tokens. No inference. Your agent barely notices.

Fail-Closed

Always

If Vouch encounters an internal error, it blocks. Plans are never silently approved. Your safety floor never drops.

Why Guidance?

When Vouch returns RESTRICTED, it doesn't just say no. It tells the agent what to fix — specific, actionable feedback the agent can use to replan.

Without guidance, agents retry the same plan, loop through random variations, or drift into unrelated actions. Each retry burns tokens, consumes downstream calls, and wastes time.

Up to 3x

Reduction in agentic retry loops*

Agents that receive guidance resolve on the first resubmission instead of looping blind. Fewer wasted tokens, fewer downstream calls, and if you're running out of pocket — money you feel.

*Based on internal testing with live agent sessions.

{

  "verdict": "RESTRICTED",

  "request_id": "v-9f8e7d6c5b4a3021",

  "guidance": "This plan modifies a security control.

              Add a change ticket or scope to a specific environment."

}

The agent reads the guidance, adjusts the plan, and resubmits. One round-trip instead of three.

OWASP Agentic Top 10 Coverage

The OWASP Top 10 for Agentic Applications (2026) is the industry standard for agentic AI security. Vouch covers all 10 categories with enforced patterns on every evaluation.

ASI	Risk	Vouch
ASI-01	Agent Goal Hijack	Covered
ASI-02	Tool Misuse	Covered
ASI-03	Identity & Privilege Abuse	Covered
ASI-04	Supply Chain	Covered
ASI-05	Code Execution	Covered
ASI-06	Memory & Context Poisoning	Covered
ASI-07	Inter-Agent Communication	Covered
ASI-08	Cascading Failures	Covered
ASI-09	Trust Exploitation	Covered
ASI-10	Rogue Agents	Covered

Not opt-in components. Enforced patterns that produce verdicts on every plan through the production API.

Cryptographic Verdict Signing

Every verdict Vouch issues is cryptographically signed using Ed25519 elliptic curve signatures at the moment of issuance.

How It Works

Each verdict receives an Ed25519 signature before being written to the audit log
Signatures are computed from the full verdict payload — verdict, timestamp, request ID
88 bytes per signature. Microseconds per sign. Zero performance impact.

What This Means for You

Tamper-proof audit trail — any modification to a verdict record invalidates its signature
Independent verification — your compliance team can verify signatures without access to Vouch internals
Chain of custody — every verdict has a cryptographic receipt proving when it was issued and what it said

{

  "verdict": "BLOCKED",

  "public_verdict": "RESTRICTED",

  "zone": "restricted",

  "guidance": "Add a change ticket or scope to a specific environment.",

  "request_id": "v-9ab002d1d1279636",

  "ts": "2026-04-06T14:23:01.442Z",

  "_signature": "a7f2e8c1...64-byte-ed25519-signature"

}

This is the audit record your customer dashboard shows — full decision trail, cryptographically signed, without exposing plan content.

Your Data Never Stays

Vouch evaluates plan structure, not plan content. We designed the system so your sensitive information is never stored.

What We Store

Verdict (ACCEPTED / RESTRICTED / BLOCKED)
Decision reason and guidance (pre-defined templates, not generated from your plan)
Structural metadata — step count, action classification, description length
Plan hash (16-char SHA-256 — enables deduplication, no content recovery)
Timestamps, request IDs, tenant identifier
Ed25519 cryptographic signature

What We Never Store

Plan text — your agent's description, instructions, and steps are evaluated and discarded
Target names — specific systems, databases, services mentioned in the plan
Destination details — where your agent intended to send data
Credentials or secrets — if a plan mentions them, we classify the structure, not the content

The verdict log contains the scorecard, not the exam paper. Your compliance team can audit what Vouch decided without ever seeing what your agents were planning.

Tenant Isolation

Every customer gets their own API key, their own tenant namespace, and their own verdict history. There is no shared state between tenants.

Per-Tenant API Keys

Each tenant receives a unique API key generated with 192 bits of randomness
Keys are stored as salted SHA-256 hashes — never in plaintext
Tenant identity is resolved from the key automatically — no self-declaration
Keys can be revoked instantly without affecting other tenants

Authentication Hardening

Timing-safe comparison on all key checks (prevents length-leak attacks)
Auth failure rate limiting — lockout after repeated failures
Dashboard sessions use HMAC-SHA256 signed cookies
Login rate limiting per email and per IP

Tamper-Evident Architecture

Every time Vouch starts, the core evaluation engine is cryptographically verified against known-good reference values. If anything has been modified, the system flags it before a single request is processed.

Integrity status is exposed through the monitoring endpoint. Your observability stack can alert on any drift.

EU AI Act Readiness

The EU AI Act high-risk provisions become fully enforceable in August 2026. Vouch is designed to help you meet them.

Article 12

Logging & Traceability

Every verdict is logged with timestamp, decision basis, and cryptographic signature. Full traceability from plan submission to verdict issuance.

Article 14

Human Oversight

RESTRICTED verdicts carry guidance for resubmission. Agents can self-correct with specifics. Humans can review with full context.

Article 15

Accuracy & Robustness

Deterministic evaluation means no model drift, no hallucination, no probabilistic variance. The same plan always gets the same verdict.

Article 17

Quality Management

Tamper-evident boot verification. Signed verdicts create an immutable audit trail. Your QMS can reference Vouch as a governed component.

EU AI Act high-risk provisions — August 2026. Vouch is ready.

What Vouch Is Not

Transparency means being clear about boundaries.

Vouch is not an LLM. There is no AI model making verdict decisions. The pipeline is deterministic structural analysis.
Vouch does not replace your downstream safety stack. It sits upstream and handles structural evaluation so your safety tools only process what actually needs them.
Vouch does not store your plan content. It evaluates structure and discards text.
Vouch does not make business judgment calls. It determines whether a plan is structurally safe, ambiguous, or dangerous. Whether a safe plan is wise is your decision.