Regtech · Attestation infrastructure

If an LLM wrote it, can you trace it?

Which model. Which prompt. When. And that nothing has changed since.

Every time your models generate something, Taigris signs it on the spot — model, prompt, timestamp, integrity — so you've got a record from the moment it was created, not a reconstruction after someone asks for one.

<40msBinding overhead
W3C VCManifest standard
SOC 2Type II — in progress
Specimen Sample attestation object · TAO v1.0
{
  "tao_version": "1.0.0",
  "model": "anthropic/claude-opus-4-8",
  "prompt_hash": "sha256:9f2c…e1a7",
  "output_hash": "sha256:41bd…c980",
  "issued_at": "2026-06-25T02:11:12Z",
  "issuer": "did:taigris:org/example-firm",
  "policy": "au-evidence-act-s146 · eu-ai-act-50-2",
  "drift": 0.0,
  "signature": "ed25519:MEUCIQ…"
}
What each field proves
model
The model identifier the gateway observed at generation.
prompt_hash
A SHA-256 commitment to the prompt. The prompt itself is never disclosed.
output_hash
A fingerprint of the exact output. One changed byte breaks it.
issued_at
A signed timestamp fixing when generation occurred.
signature
An Ed25519 signature binding every field above into one verifiable record.

Sample record — hashes and signature shortened for display.

Legal teams & law firms

Prove what a model produced before it reaches a court.

Insurers & claims teams

Reconstruct what an AI system did, after the incident.

Financial services compliance

Evidence for model-risk and operational-resilience reviews.

§ 01The problem

AI-generated text is showing up in regulated work, and nobody can prove where it came from.

01 / Regulatory

Disclosure has reached Australian courtrooms.

The Federal Court's GPN-AI practice note already requires you to disclose generative-AI use in prepared documents, and treats a hallucinated authority as grounds for adverse costs. From 10 December 2026, APP 1.7–1.9 bring substantially automated decisions into privacy policies too.

The EU's Article 50(2) is the global parallel — machine-readable marking of AI-generated text, in force from 2 August 2026. But disclosure without evidence is just a promise on paper.

02 / Infrastructure

Document systems were never built to attest to a model.

iManage, SharePoint, Veeva, Bloomberg — none of them record which model produced an output, under what prompt, or whether it's changed since. The metadata was never captured, so the proof never existed.

03 / Liability

The gap is between a presumption and a doubt.

Sections 146–147 of the Evidence Act 1995 (Cth) presume a properly used process produced its ordinary output — but that presumption falls the moment someone raises real doubt. And "an LLM wrote this" is exactly the kind of thing that raises doubt.

A signed attestation — model, prompt hash, timestamp, proof of integrity — is what keeps that presumption on its feet.

§ 02The platform

Attestation infrastructure. Not a tool.

Four building blocks, designed to work together. Drop them into your existing model stack and document pipeline, and Taigris produces the evidence your regulators, courts, and counterparties are about to start asking for. Model-agnostic — it fits into the workflow you already have.

Primitive

Provenance Binding

The moment your model generates something, Taigris binds the model identifier, prompt hash, output hash, timestamp, and policy reference into one signed attestation object — a TAO.

Primitive

Compliance Manifest

A machine-readable record that travels with the document. Auditors, regulators, and counterparties can read it without ever seeing the prompt or the model. Issued as a W3C Verifiable Credential.

Primitive

Drift Detection Layer

Ongoing monitoring after generation. Byte-level integrity is either intact or it isn't — no ambiguity there. Semantic and factual drift gets flagged probabilistically. Either way, you find out in real time, not months later at audit.

Primitive

Chain-of-Custody API

A lightweight SDK that wraps your existing model calls and plugs into iManage, SharePoint, Veeva, and Bloomberg. No re-platforming. No model lock-in.

What an attestation proves.

No black-box compliance theatre.

  • Integrity — the output hasn't changed a single byte since it was signed at generation.
  • Provenance — which model your gateway actually observed, under which prompt hash, at what time.
  • A portable trail — anyone can verify it independently, without ever touching your model or your prompt.

§ 03How it works

Three steps. From generation to verifiable record.

OutputLLM TAObind + sign ManifestW3C VC Ledgerappend-only Verifierauditor · court · counterparty

Step 01

Generate

Your model generates an output. Taigris catches it right at the call boundary and binds a cryptographic attestation object: model fingerprint, prompt hash, output hash, timestamp.

taigris.bind({
  model, prompt, output
}) // → TAO

Step 02

Attest

The TAO gets written to an append-only audit ledger with full provenance metadata, and a W3C Verifiable Credential — the Compliance Manifest — comes with it. Where that ledger actually lives is a deployment decision, not a headline.

ledger.append(TAO)
// → vc://taigris/manifest

Step 03

Verify

Anyone downstream — an auditor, a regulator, opposing counsel — can verify the document's integrity and origin against the manifest, without ever seeing the underlying model or prompt.

taigris.verify(doc)
// → { ok: true, drift: 0 }

§ 04Regulatory alignment

Built for the obligations that are actually in force.

Taigris is built around obligations that are actually arriving, not yesterday's checkbox audits. We track the rules ourselves and keep the citations honest.

Primary jurisdiction

Australia

The courts moved first. The Privacy Act supplies the date.

In force

Federal Court of Australia — GPN-AI

The Use of Generative Artificial Intelligence practice note requires you to disclose generative-AI use in prepared documents, bans false or hallucinated citations and authorities outright, and treats non-compliance as grounds for adverse costs orders.

28 Jan 2025

Supreme Court of NSW — SC Gen 23

Practice Note SC Gen 23, Use of Generative AI, restricts using generative AI to prepare expert evidence without the court's leave.

15 Sep 2025

Queensland courts — AI guidelines

The Supreme, District, and Magistrates Courts issued Guidelines for Judicial Officers and Guidelines for Responsible Use by Non-Lawyers, both covering generative AI in proceedings.

10 Dec 2026

Privacy Act — APP 1.7–1.9

Under the Privacy and Other Legislation Amendment Act 2024, privacy policies will need to disclose — from 10 December 2026 — the personal information used in substantially automated decisions, and the nature of decisions made solely or mostly by a computer program, wherever individual rights or interests could reasonably be affected. OAIC guidance is expected by September 2026.

Note: Australia doesn't have AI-specific mandatory legislation, and nothing's imminent — the National AI Plan (December 2025) leans on existing technology-neutral law plus voluntary guidance. What actually binds today is narrower and sharper: court practice notes already in force, and a dated Privacy Act obligation. Since 2024, AI-hallucinated citations have turned up in Australian courts and tribunals more than once, and legal regulators have responded with professional discipline. The practice notes above are the institutional answer to that.

Global

EU & other regimes

The legislated baseline — retained, second position.

2 Aug 2026

EU AI Act — Article 50(2)

Machine-readable marking of AI-generated text — in force from 2 August 2026 for new systems, 2 December 2026 for systems already on the market.

SEC — no dedicated AI rule yet: antifraud enforcement against "AI-washing," plus the Investor Advisory Committee's disclosure recommendation from December 2025.
FDA — 2025 draft guidance on AI in regulatory decision-making (drugs and biologics) and the AI-enabled device lifecycle.
EBA / ECB · DORA — model-risk expectations and operational-resilience obligations across the EU and UK.

Note: Article 50(2) binds providers of generative AI and exempts content under human editorial control — so how exposed you actually are depends on your use case. We scope attestation to your workflow, not to a headline.

Comparison of audit posture without and with Taigris
DimensionWithout TaigrisWith Taigris
Audit readiness Manual reconstruction — weeks of legal work One API call exports a manifest, ready to hand to a regulator or court
Court-filing readiness AI-use disclosure rests on someone's word and memory Disclosure backed by a signed record the other side can verify
Liability exposure Unbounded — there's no record of what actually produced an output Bounded by a signed attestation at the point of generation
Discoverability Opaque — depends entirely on internal logging discipline Standard W3C VC manifests, producible on request
Document integrity Tampering goes undetected Byte-level integrity with continuous drift monitoring

§ 05Trust posture

Built with people who've sat on both sides of the record.

Founded out of a legal-practice background, and built with input from former regulators, cryptographers, and enterprise AI architects. No marketing logos here — deployment partners' names are available under MNDA on request.

Lead vertical

Legal

Filings, advice, and expert material increasingly carry AI-use disclosure. Taigris puts a signed record behind every one of those disclosures — which model, which prompt hash, when — with proof nothing changed between generation and filing. It's built against the standard courts actually apply: keeping the s 146 presumption on its feet when the other side raises doubt.

Second pillar

Insurance

Claims-layer forensic reconstruction. After an incident, the question is always what a system produced, under which prompt, and when. Taigris preserves that record for insurers and their panel firms — captured at generation, not pieced back together afterward.

Financial services

EBA/ECB model-risk expectations and DORA operational-resilience obligations increasingly assume you can evidence what a model did. Taigris supplies that evidence at the call boundary.

We're also working in life-sciences and public-sector contexts.

SOC 2 Type IIIn progress · underway
Prompt-confidentialYou get attestation without prompt disclosure — the record commits to a prompt hash, and the prompt itself never leaves your boundary.
DeploymentSaaS · VPC · on-premise
Key custodyHSM-backed · BYOK supported

§ 06Technical surface

Dense by design. Read it like a spec sheet.

Compatible models

  • OpenAI
  • Anthropic
  • Mistral
  • Llama
  • Azure OpenAI
  • Bedrock

Output formats

  • JSON-LD
  • W3C Verifiable Credential
  • PDF/A + embedded TAO
  • DOCX (XMP)

Ledger options

  • Private append-only
  • Organisational / consortium
  • Public anchoring (optional)

Binding overhead

  • <40ms at the call boundary
  • 0 added round-trips
  • Streaming-safe

Early access2026 cohort

The audit trail starts at generation. Not after.

No black-box compliance theatre. Taigris is infrastructure, plain and simple — measured in milliseconds at generation, and built to hold up as evidence for decades.

  • Enterprise pilot inquiry

    Scoped deployments for legal, insurance, and compliance teams. Start an inquiry →

  • For law firms

    A dedicated path for our lead vertical — practice-note disclosure, evidence workflows, DMS integration. Talk to us about firm use →

  • Developer API access

    SDK and call-boundary binding, ahead of general availability. Request API access →

Request access

No mailing lists. Replies come from the founding team.