Agent Compliance Evidence
A standing evidence program that keeps your agent audit-ready year-round — signed, offline-verifiable, and refreshed every quarter.
A one-time evidence pack clears one review. But every new enterprise customer runs its own — and evidence goes stale. This keeps a current, signed attestation, a filled-in questionnaire, an evidence locker, and a tamper-evident ledger ready to forward the moment a review lands.
More than a per-review pack, less than the full Business platform — a standing evidence program for the startup whose agents are winning real enterprise deals.
Standing program · billed annually
A standing signed attestation, a security-questionnaire autofill, an evidence locker, and a Merkle-anchored audit ledger — kept current by the team and re-checkable by your customer without trusting us.
The same evidence family as the one-time Evidence Pack, refreshed on a quarterly cadence. Each one is built to be checked, not taken on faith — your customer verifies it themselves, offline.
Every quarter we re-run the ~50-case agentic red-team battery against your real agent and cryptographically sign the result — the same evidence artifact as the $499 attestation, but on a standing cadence so it never goes stale. Every finding maps to OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act Art. 15.
The CAIQ / SIG rows that stall agent startups — about audit logging, signed records, and independent verifiability — kept filled in and refreshed each quarter, grounded in your current artifacts, with the exact verification path your reviewer can follow.
A durable, versioned home for every quarter's signed attestation, questionnaire, and verification runbook — so when the next security review lands you forward a current bundle instead of scrambling to reproduce one.
@omegaengine/audit wired into your agent so every decision is written to a hash-chained, Merkle-anchored, tamper-evident ledger. This is the standing record-keeping enterprise security teams — and, on their timeline, the EU AI Act — expect you to already have.
Each quarterly attestation runs the ~50-case agentic battery drawn from our 5,023-vector red-team library — the battery and the full library are different things, and we say so. Findings map to 17 frameworks. It is point-in-time evidence for your governance process, not a certification or an audit.
The one-time Evidence Pack clears a single review. This program is for the startup selling into enterprise repeatedly — where evidence has to be current the day a questionnaire lands.
Every new enterprise customer runs its own security review, and evidence goes stale between them. A one-time pack clears one deal; this keeps you ready for the next one — and the renewal.
When a CAIQ or SIG lands, you forward this quarter's filled-in answers and a signed attestation dated weeks ago — not a scramble to reproduce evidence under a deal deadline.
It sits between Pro and Business: more than a per-review pack, less than the full Business platform. As your agent takes on more real work, the standing evidence grows with it.
Only need to clear one review right now? The one-time Procurement Evidence Pack is $3,500.
See the Evidence PackOne scoping call, then we stand up the evidence and keep it current. Artifacts are automated; the quarterly packaging is done by the team.
A short call to see your agent, the customers you sell into, and which questionnaires (CAIQ, SIG, or custom) you have to answer. We confirm the program fits before you subscribe.
We wire in the Merkle-anchored audit ledger, run the first signed attestation on your real agent, draft the questionnaire rows, and open your evidence locker. Artifacts are automated; the quarterly packaging is done by the team.
Each quarter the attestation re-runs, the questionnaire refreshes, and a new signed bundle lands in your locker. When a review comes, you forward the current one — and your counterparty verifies it themselves, offline.
Every quarter's evidence is checkable against public anchors — our JWKS and an RFC-6962 transparency log — using the open-source @omegaengine/verify CLI. The security reviewer runs the commands on their own machine; the signatures and the Merkle-anchored ledger either hold or they don't. That's the whole design: an operated, transparency-logged trust root, so a stranger can confirm the evidence without taking anyone's word for it.
Prefer to talk first? Book a scoping call.
The EU AI Act's high-risk record-keeping duties (Art. 12) were delayed, not repealed — they now apply 2 Dec 2027 for Annex III systems and 2 Aug 2028for Annex I. That's roughly 18 months to be audit-ready. But the security reviews gating your deals aren't waiting for a regulation — they ask for signed, verifiable audit records right now, and again at the next renewal. A standing program answers the question in front of you every quarter and puts you ahead of the one coming.
Keep a current, signed attestation, a filled-in questionnaire, and a tamper-evident ledger ready to forward — so the next security review clears without a scramble.
Need it just once? See the one-time Evidence Pack · or email hello@omegaengine.ai