Skip to content
BLACKLAKE
Sign up free

BlackLake for Security & Compliance

Prove every AI decision was allowed.

AI Actors can hallucinate compliance. They can claim they asked for permission and were denied, without ever calling the governance API. BlackLake fixes this with cryptography — every decision returns an HMAC-signed receipt that survives an auditor’s review, independently.

Start in the cloudSee how verification works →

The problem

Audit trails that trust the AI Actor are not audit trails.

Generic logs record what the application reports. Cloud audit logs record what reached production. Neither records whether the AI was actually governed before it acted. An autonomous agent can claim compliance and the transcript alone cannot contradict it.

BlackLake sits between the AI and the action. Every governed call returns a receipt the server generated — not the AI Actor. The signature can be checked against the server without trusting the caller. A fabricated receipt fails; a tampered decision fails; a real one verifies cleanly.

Capabilities

Built for security and compliance from day one

Signed receipts, not just logs

Every governed AI action returns an HMAC-signed receipt binding the evaluation, the policy snapshot at decision time, the approvers, the outcome, and the cost. Logs can be tampered. Receipts verify independently.

Cryptographic decision tokens

v2 decision tokens bind cost to the receipt cryptographically. An auditor can paste a receipt into /verify and confirm the outcome without access to the workspace.

Policy simulation before you ship

Simulate a draft policy against weeks of historical AI traffic before enabling it. See which actions it would deny, what that denial costs, and whether the policy is too broad.

Two-person approval for high-risk actions

Require a second approver for any action above your risk threshold. Break-glass paths exist for emergency access with full audit trail.

Signed exports for your SIEM

Export the full AI ledger as NDJSON signed with the workspace HMAC chain. Plug it into Splunk, Datadog, or any SIEM that ingests structured events.

The verify endpoint is public

Anyone — including external auditors — can paste a decision token into /verify and confirm whether the outcome is authentic. No workspace access required for verification.

Start your AI audit trail today.

Free while in beta. Every governed call ships with a receipt you can verify cryptographically — and hand to an external auditor.

Sign up freeRead the docs →