Procurement Evidence Pack
A founder-delivered bundle that clears it — signed audit evidence your enterprise counterparty can verify themselves.
You ship an AI agent. A larger customer wants to buy. Their security team asked for signed audit records and a verification path — and the deal is frozen until you have them. This is that, run on your real agent and delivered by our team.
They check the math · not our word
A signed attestation on your agent, a tamper-evident audit ledger, a pre-filled vendor questionnaire, and an offline verification runbook — hand-built by the team and re-checkable by your customer without trusting us.
Each one is built to be checked, not taken on faith. The last column is the point of the whole pack: your enterprise customer verifies it themselves, offline.
We run the ~50-case agentic red-team battery against your real agent — the same evidence artifact as the $499 attestation, run and reviewed by the team. Every finding maps to OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act Art. 15.
We integrate @omegaengine/audit into your agent so every decision is written to a hash-chained, tamper-evident ledger. This is the record-keeping enterprise security teams — and, on their timeline, the EU AI Act — expect you to already have.
The CAIQ / SIG rows that stall agent startups — about audit logging, signed records, and independent verifiability — filled in for you, grounded in the artifacts above, with the exact verification path your reviewer can follow.
A short, written runbook your enterprise counterparty follows to verify the signed attestation and the ledger themselves — using the open-source @omegaengine/verify CLI, our published transparency log, and nothing that requires trusting OmegaEngine.
The attestation runs the ~50-case agentic battery drawn from our 5,023-vector red-team library — the battery and the full library are different things, and we say so. Findings map to 17 frameworks. It is point-in-time evidence for your governance process, not a certification or an audit.
We sell to the agent company stuck in someone else's procurement — not the counterparty running the review. If all three of these are true, this pack is for you.
A larger customer wants to buy, but their security team sent a questionnaire and the deal is frozen until you can show signed audit records and a verification path.
Your agent takes real actions in a regulated or high-trust workflow. Screenshots and a SOC 2 you don't have yet won't move the review forward.
You don't have time to stand up an audit program from scratch. You need the artifacts a reviewer will accept, delivered by people who've done it.
Concierge and honest — no auto-shipped PDF. We confirm it fits before you pay, run the pack on your real agent, and hand you one bundle you can forward.
A short call to see your agent, the customer you're blocked on, and which questionnaire (CAIQ, SIG, or a custom security review) you have to answer. We confirm the pack fits before you pay.
The team runs the attestation on your real agent, wires in the audit ledger, drafts the questionnaire rows, and writes the offline verification runbook. Delivered by us — honest, hand-built, not an auto-generated PDF.
You forward one bundle. Their security team verifies the signatures and the ledger themselves, offline. The blocker clears — and you keep the artifacts for the next review.
Every deliverable is checkable against public anchors — our JWKS and an RFC-6962 transparency log — using the open-source @omegaengine/verify CLI. The security reviewer runs the commands on their own machine; the signatures and the hash-chained ledger either hold or they don't. That's the whole design: an operated, transparency-logged trust root, so a stranger can confirm the evidence without taking anyone's word for it.
We confirm scope before any charge. No subscription — buy it once to clear the review.
The EU AI Act's high-risk record-keeping duties (Art. 12) were delayed, not repealed — they now apply 2 Dec 2027 for Annex III systems and 2 Aug 2028for Annex I. That's roughly 18 months to be audit-ready. But the security review blocking your deal isn't waiting for a regulation — it's asking for signed, verifiable audit records right now. This pack answers the question in front of you and puts you ahead of the one coming.
Tell us the customer you're stuck with and the agent you ship. We'll confirm the pack fits on a short call, then hand you evidence your reviewer can verify themselves.
Or email us directly: hello@omegaengine.ai