For regulated teams

Prove what, exactly?

Audit logs prove an agent did something. That is not enough when a single misstep costs $10M and a regulator is asking for evidence. Mnemom binds what the agent was allowed to do, to what it actually did — cryptographically, across every model, on every call.

Read the card spec See what we screen for

Intent specification

Alignment Cards

An Alignment Card is a signed contract: the scope an agent is authorized to operate within, expressed structurally enough for a machine to enforce and plainly enough for a CISO to sign.

Declared intent
What this agent is authorized to do, in plain language and in signed structured form.
Permitted tools + scopes
Exact callable surface. Nothing outside the card is reachable at runtime.
Data boundaries
What the agent may read, what it must never write, and which zones are off-limits.
Escalation contract
When the agent must hand to a human — and what evidence it must bring.
Compliance obligations
EU AI Act article bindings, HIPAA roles, sector-specific retention clauses.
Drift budget
How much the agent is allowed to deviate from baseline behavior before AIP fires.

Execution binding

The proof chain

Every run produces a signed chain of evidence. Each link attests to a distinct part of the agent's execution, bound back to the card hash and provided with Merkle inclusion proofs for third-party verification.

1
Card hash
The declared intent, fingerprinted and signed.
2
Input attestation
Every message, tool result, and retrieved document that reached the agent.
3
Decision trace
Reasoning checkpoints, policy evaluations, and front-door verdicts — sequenced and signed.
4
Tool-call ledger
Each tool invocation, arguments, and response — bound back to the card's permitted scope.
5
Output certificate
The final agent response, back-door-screened, Ed25519-signed, bound to the Merkle tree of the run.

Card in. Proof out.

The card is the question the regulator asks. The proof is the answer your agent already produced — signed, timestamped, independently verifiable.

Step 1

Card hash

Step 2

Input attestation

Step 3

Decision trace

Step 4

Tool-call ledger

Step 5

Output certificate

Each link Ed25519-signed · bound to the Merkle tree with inclusion proofs · exportable as evidence for regulators and auditors.

Four proofs regulators actually ask for.

"We logged it" is not a proof. These are.

Prove the agent did what the card declared.

Every response is cryptographically bound to the card hash. If execution diverged from intent, the proof fails to verify.

Prove no unauthorized tool was called.

Every tool call the agent attempts is recorded against the Alignment Card's declared scope. Calls outside scope produce a boundary violation in the signed trace.

Prove no regulated data leaked.

Back-door screening evaluates every output against PII/PHI/secrets patterns; the verdict is signed alongside the output. An unredacted leak cannot produce a valid certificate.

Prove the agent was not prompt-injected into compliance.

Front-door verdicts on every inbound message are part of the decision trace. An injection that the agent followed is visible in the chain; an injection that the agent blocked is visible too.

Zone-neutral stance

Why the model providers can't prove this for you.

Agent trust is a cross-provider problem. A trust plane built inside a frontier lab is structurally conflicted — and structurally incomplete.

Trust has to span providers.

A Fortune 500 does not run on one model. Claude, GPT, Gemini, open-weights Llama — all in production, often on the same workflow. A trust plane built by any one model vendor is structurally unable to attest to the others.

Incumbents cannot be the referee.

Model providers have skin in every verdict. Zone-neutral verification — the same evidence standard applied to every model, by a party with no model of its own — is the only stance a regulator will credit.

Cards are portable; models are not.

An Alignment Card travels with the agent across provider, version, and runtime. The proof chain is valid whether the underlying model is swapped tomorrow, six months from now, or never.

Runtime enforcement

Mnemom AEGIS is the runtime that turns these cryptographic proofs into enforcement decisions.

The proof chain produces signed evidence. AEGIS is the protection layer that acts on it — at four checkpoints, across every gateway in the network, with signed Managed Rules that carry a sub-30s P95 cross-tenant propagation SLO target.

AAP — Alignment Card

Declares the agent's identity, autonomy bounds, and audit commitments. Public at /.well-known/alignment-card.json.

AIP — Integrity checkpoint

Verifies the agent's reasoning in flight. Verdict: clear, review-needed, or boundary-violation, with SHA-256 hashed thinking-block evidence.

CLPI — Governance + receipt

Governs the card lifecycle across five phases and anchors Trust Ratings on Base L2 for independent verification.

Mnemom AEGIS — Evaluation chain

Screens every transaction at four checkpoints × four modes; signs the cross-tenant Managed Rules that act on the integrated picture. The runtime, the network, and the receipt.

Honest construction: AAP declares it. AIP verifies it in flight. CLPI governs its lifecycle and anchors evidence on-chain. AEGIS signs the cross-tenant defenses that act on it.

See the learning network

The card is the contract. The chain is the receipt.

Wire your agents to Mnemom. Pass a signed card. Get back a verifiable answer every time they act.

Start on the floor tier Quickstart See the flywheel