A legally defensible audit trail
for every AI request your company sends.
AGCMS sits in front of your LLM traffic, redacts PII, blocks prompt injection, and writes a cryptographically signed audit log that an external auditor can verify offline — no AGCMS credentials required.
Verify a real audit bundle, right here.
Drop a bundle exported from any AGCMS tenant. Verification runs in your browser — nothing is uploaded.
Or run pip install agcms && agcms verify bundle.zip locally.
Cryptographic chain of custody
Every audit row is HMAC-signed and chained to the previous row. Daily Merkle roots are anchored to S3 Object Lock — tampering is mathematically detectable.
Multi-tenant enforcement plane
Postgres row-level security from day one. SSO via WorkOS, MFA, scoped API keys, session revocation, GDPR Art. 17 purge with dual approval.
Compliance maps to your framework
Out-of-the-box policy packs for HIPAA, GDPR, EU AI Act high-risk, NIST AI RMF, SOC 2 CC, and PCI-DSS — every finding cites the article it satisfies.