Real Execution

This evidence pack was produced by an actual governed workflow run on ThetaZero infrastructure. All identifying information has been anonymized. Structure, hashes, and timing are authentic.

Anonymized Evidence Pack — Financial Report Review

What your auditor
actually receives.

A step-by-step walkthrough of a real evidence pack generated by ThetaZero. Every governed workflow produces this automatically — no manual write-up required.

exec_id: EXEC-7f3a9b2c | org: REDACTED_ORG | run: PASSED
1 Execution Metadata

Who ran what, when, and where.

Every ThetaZero execution begins with a cryptographically sealed metadata record. This tells auditors exactly which agent ran, which model was used, when it started, how long it took, and which compute node handled it — with no possibility of retroactive modification.

execution_record.json — metadata section
✓ Sealed
Execution ID
EXEC-7f3a9b2c
Agent
FinancialReviewAgent v2.1
Model
claude-3.5-sonnet
Started
2026-04-19T02:41:09Z
Duration
38.4 seconds
Status
PASSED
Compute Node
ec-node-[redacted] · EdgeCloud · us-west-2
TEE Mode
STRICT
Triggered By
[user_id redacted]
Policy Set
financial-review-v3
Org ID
[org_id redacted]
📋 What this proves

The metadata record is sealed at execution start using HMAC-SHA256. Any alteration — including retroactive changes to the timestamp, agent version, or model — invalidates the seal and will be detected by the Merkle root verification in Step 7.

Auditors can verify: this specific agent, running this exact model, executed at this timestamp, on this compute node — with no reliance on ThetaZero's live systems to confirm it.

SOC 2 CC6.1 — Logical Access SOC 2 CC7.2 — Monitoring GDPR Art. 5(2) — Accountability EU AI Act Art. 13 — Transparency
2 Input Summary

What the agent received.

ThetaZero records the structure and fingerprint of every input — but never retains the content. The evidence pack shows what was submitted (document type, page count, SHA-256 hash) without including the document itself. Your data never persists after execution.

execution_record.json — input section
Zero Retention
Submitted Document
doc_type Annual Financial Report
description Company name redacted — FY2025 Annual Report, 94 pages
pages 94
language English
sha256 a94c2b17…e3f1 (fingerprint only — content discarded)
content DISCARDED AT EXECUTION END
Agent Instructions
task Extract key financial metrics, flag material risks, summarize audit findings, identify regulatory disclosures
output_format structured JSON + narrative summary
max_tokens 4,096 (policy cap: 8,192)
📋 What this proves

The input SHA-256 hash lets auditors verify that this specific document was submitted without ThetaZero ever needing to store or expose the document contents. The hash is a fingerprint: it proves what was processed without revealing what was in it.

This satisfies GDPR's data minimization principle — you can prove data was processed correctly without retaining a copy of the data.

GDPR Art. 5(1)(c) — Data Minimisation GDPR Art. 35 — DPIA evidence EU AI Act Art. 18 — Data governance SOC 2 CC6.7 — Data disposal
3 Processing Trace

Every step. Exact timing.

ThetaZero captures a timestamped execution log for every step the agent performs — tool calls, model calls, data retrievals, and decision points. This is the full decision log, not a summary. Auditors can trace every action back to its exact timestamp and verify it matches the sealed record.

execution_trace.log — EXEC-7f3a9b2c 38.4s total · 12 steps
02:41:09.002INFOExecution started. Agent: FinancialReviewAgent v2.1 · Policy: financial-review-v3
02:41:09.047INFOTEE sandbox initialized · STRICT mode · env isolation confirmed
02:41:09.183TOOLdocument.ingest() → 94 pages · sha256: a94c2b17…e3f1
02:41:09.891CHECKPolicy check: document size within limit (94 ≤ 200 pages) PASS
02:41:09.892CHECKPolicy check: no PII patterns detected in task instructions PASS
02:41:10.204LLM→ claude-3.5-sonnet: extract financial metrics (pages 1–40) · tokens_in: 18,420
02:41:19.617LLM← response received · tokens_out: 2,847 · latency: 9.4s
02:41:19.618CHECKOutput policy: no prohibited content detected PASS
02:41:20.001LLM→ claude-3.5-sonnet: risk flags + audit findings (pages 41–94) · tokens_in: 22,180
02:41:33.244LLM← response received · tokens_out: 3,612 · latency: 13.2s
02:41:33.245CHECKOutput policy: no prohibited content detected PASS
02:41:34.991TOOLoutput.compile() → structured JSON + narrative summary
02:41:35.712CHECKOutput size check: 4,891 tokens ≤ 8,192 policy cap PASS
02:41:36.003TOOLevidence.compile() → 6 artifacts generated · signing...
02:41:37.402CHECKContent discard: input document purged from memory CONFIRMED
02:41:47.406DONEExecution complete · status: PASSED · duration: 38.4s · all policy checks: PASS
02:41:47.408SEALMerkle root sealed: 8e4f1a3c7d9b2e0f…a5c8 (SHA-256, RSA-4096 signed)
📋 What this proves

The processing trace is an immutable, timestamped record of every decision and action. Auditors can verify not just what the agent did, but when each step occurred. The trace is included in the Merkle hash — any alteration would break the seal.

EU AI Act Art. 13 — Transparency SOC 2 CC7.2 — System monitoring
💡 Why step timing matters

Timestamps are generated inside the TEE sandbox, not the application layer. An attacker with access to application logs cannot retroactively alter timestamps — they're sealed before the TEE exits. This makes the trace usable as legal-grade evidence in regulated industries.

GDPR Art. 30 — Records of processing SOC 2 A1.2 — Availability monitoring
4 Output Summary

What the agent produced.

The evidence pack includes a redacted output summary — structurally complete, with content removed where it contains information specific to the organization. The structure itself proves the agent performed the task as instructed: it extracted metrics, flagged risks, and produced compliance disclosures.

output_summary.json
Content Redacted
✓ Financial Metrics Extracted

Revenue: [REDACTED] · EBITDA margin: [REDACTED] · Net income: [REDACTED] · Debt/equity: [REDACTED]

YoY delta: [REDACTED] · 12 line items extracted across 5 financial statements.

⚠ Material Risk Flags

3 risk flags identified: [REDACTED — nature disclosed to requestor]. Risk severity: 1× HIGH, 2× MEDIUM. Each flag includes page reference and supporting excerpt.

✓ Audit Findings Summary

External auditor opinion: [REDACTED]. 2 findings noted. No material weaknesses identified. Going concern language: absent.

✓ Regulatory Disclosures Identified

4 regulatory disclosure sections extracted. Jurisdictions: [REDACTED]. All disclosures conform to applicable standards per agent review.

📋 What this proves

The output summary proves the agent performed its assigned task — not just that it ran. The structure of the output (4 categories, correct fields, risk severity levels) proves the agent behaved as expected under its policy constraints.

The SHA-256 hash of the full, unredacted output is included in the evidence pack. Authorized parties can verify the full output against the hash — the redaction here is for public display only.

EU AI Act Art. 13 — Output disclosure SOC 2 PI1.5 — Output accuracy GDPR Art. 22 — Automated decision basis
5 Policy Compliance Checks

Which policies ran. What they found.

ThetaZero enforces your policy set at execution time — not post-hoc. Each check runs inside the TEE sandbox and produces a verifiable result. The evidence pack shows every check, its result, and the timestamp. A policy violation stops the execution and surfaces a finding instead of silently passing.

🔒
Content Retention Policy
Confirms no document content was retained after execution end. SHA-256 fingerprint only.
PASS
📏
Document Size Limit
Input document (94 pages) is within the policy-set limit of 200 pages for this agent.
PASS
🔍
PII Detection Scan
No personally identifiable information detected in task instructions or output fields marked as PII-sensitive.
PASS
📊
Output Token Cap
Output: 4,891 tokens. Policy cap: 8,192 tokens. Within bounds. No truncation applied.
PASS
⚙️
Prohibited Content Filter
LLM output screened against prohibited content categories. No violations detected on either LLM call.
PASS
🌐
External Network Block
TEE sandbox network policy: outbound blocked except approved LLM endpoint. Zero external calls attempted.
PASS
👁️
Human Review Flag Check
1× HIGH severity risk flag triggered the HITL review queue. Review was completed prior to result delivery.
REVIEWED
🔑
Credential Isolation
Environment allowlist enforced: DATABASE_URL, REDIS_URL, and org credentials blocked from agent context.
PASS
📋 What this proves

8 of 8 policy checks passed. The Human Review check shows a HITL review was triggered (high-severity risk flag) and completed before delivery — this is expected behavior, not a failure.

Policy results are cryptographically bound to the execution record. You can't forge a "PASS" result after the fact — the policy evaluation runs inside the TEE and its output is included in the Merkle hash chain.

SOC 2 CC6.1 — Access control EU AI Act Art. 9 — Risk management GDPR Art. 25 — Privacy by design
⚡ Why TEE enforcement matters

Most AI platforms run policy checks in application code — software that can be bypassed, patched, or disabled. ThetaZero enforces policies inside the hardware TEE. The policy runtime is sealed into the compute context and verified at boot. It cannot be disabled by anyone, including ThetaZero.

6 Audit Trail

A tamper-evident record of everything that happened.

The audit trail is a series of immutable event records — each one hashed to the previous entry using a SHA-256 Merkle chain. Deleting or altering any entry breaks the chain and is immediately detectable. The audit trail covers the full lifecycle: trigger, execution, review, delivery.

02:41:08.881Z
Workflow Triggered
User [user_id redacted] initiated FinancialReviewAgent · policy set: financial-review-v3 · input document submitted via API
immutable
02:41:09.002Z
Execution Started
TEE sandbox initialized · STRICT isolation · compute node assigned · timer sealed
TEE-signed
02:41:09.183Z
Document Ingested
94-page document received · SHA-256 fingerprint computed · content loaded into isolated memory only
immutable
02:41:10.204Z
First LLM Call Dispatched
claude-3.5-sonnet · 18,420 input tokens · pages 1–40 · financial metrics extraction task
immutable
02:41:19.617Z
LLM Response Received & Policy-Checked
2,847 tokens returned · prohibited content scan: PASS · response sealed in execution context
TEE-signed
02:41:34.817Z
High-Severity Risk Flag Raised
1 risk finding classified HIGH severity · HITL review queue triggered · [reviewer_id redacted] assigned automatically per policy
immutable
02:41:39.204Z
Human Review Completed
Reviewer [reviewer_id redacted] reviewed risk finding · decision: ACKNOWLEDGED · no output modification · delivery approved
TEE-signed
02:41:37.402Z
Content Discard Confirmed
Input document purged from isolated memory · discard event logged before TEE teardown · fingerprint retained, content gone
verified
02:41:47.406Z
Evidence Pack Sealed & Delivered
6-artifact ZIP signed with RSA-4096 · Merkle root finalized · execution record delivered to API caller · audit trail closed
RSA-4096
📋 What this proves

The audit trail is a complete chain-of-custody record. Every event is hashed to the previous one. Auditors — including external auditors with no ThetaZero account — can verify the Merkle root hash independently and confirm no events were inserted, deleted, or reordered.

SOC 2 CC4.1 — Control monitoring GDPR Art. 30 — Records of processing EU AI Act Art. 17 — Quality management
👁 The HITL record

The human review event (entry 6–7) is part of the immutable audit trail. Auditors can see that a human reviewed the high-severity risk flag, who approved delivery, and when. This satisfies EU AI Act Article 14 human oversight requirements — and it's cryptographically proven, not a checkbox in a spreadsheet.

EU AI Act Art. 14 — Human oversight SOC 2 CC2.3 — Communication
7 Evidence Hash & Integrity Proof

Cryptographic proof that nothing changed.

The final artifact is the evidence package manifest — a SHA-256 Merkle root hash of all 6 artifacts, signed with ThetaZero's RSA-4096 key. Any alteration to any artifact — including a single character change in any file — produces a completely different hash. This is verifiable by external auditors with no dependency on ThetaZero's live systems.

manifest.json — integrity proof
✓ Verified
Merkle Root (SHA-256 of all 6 artifacts)
8e4f1a3c7d9b2e0fa4c5d6e7f8091a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9
a5c817b2d4e6f0123456789abcdef0123456789ab
✓ Verified against execution record
Package Signature (RSA-4096, ThetaZero signing key)
MIIEowIBAAKCAQEA2…[truncated for display]…3n9QvRz9==
✓ Signature valid — key ID: tz-sign-2026-q1
Artifact Hashes (SHA-256, per file)
execution_record.json 3a4b5c6d7e8f…c1d2
execution_trace.log 9b0c1d2e3f4a…e5f6
policy_check_results.json 2c3d4e5f6a7b…f7a8
audit_trail.json 8d9e0f1a2b3c…a9b0
output_summary.json 4e5f6a7b8c9d…b1c2
tee_attestation.json 0f1a2b3c4d5e…c3d4
Sealed At
2026-04-19T02:41:47.408Z
📋 What this proves

The Merkle root is the "fingerprint of fingerprints" — a single hash that represents all 6 artifacts. If any file is modified — even one byte — the root hash changes. Any auditor can re-run the hash calculation against the downloaded ZIP and confirm it matches.

The RSA-4096 signature ties the hash to ThetaZero's public signing key, which is published and independently verifiable. The signature proves ThetaZero produced this exact package — no forgery, no tampering, no substitution.

No live system dependency: auditors don't need to log in to ThetaZero, call an API, or trust any ThetaZero response. The math is the proof.

SOC 2 CC6.1 — Cryptographic controls GDPR Art. 32 — Security of processing EU AI Act Art. 18 — Technical documentation SOC 2 PI1.2 — Data integrity
The Gap

Without ThetaZero vs. with ThetaZero.

This is what a compliance review looks like for a team running AI workflows without governance infrastructure.

Without ThetaZero
No execution record. You ran the AI workflow. You have the output. You have no way to prove what model ran, what it saw, or what it decided.
No input audit trail. The document was uploaded, processed, and… gone. No fingerprint, no record of what was submitted, no proof of data minimization.
No decision trace. The AI produced an output. You don't know what steps it took, what tools it called, or what intermediate conclusions it drew.
No policy enforcement. You assume the AI didn't retain data, didn't call external APIs, didn't exceed scope. You have no evidence it didn't.
No human oversight record. A human reviewed the output. That review happened in Slack, or via email, or verbally. It's gone.
No tamper-evident record. Your audit log is a database that you or your vendor can edit. Regulators know this. "Our logs show PASS" isn't sufficient.
Manual write-up required. When the auditor asks for evidence, your team reconstructs it from memory, Slack history, and whatever screenshots were saved. Takes days.
With ThetaZero
Sealed execution metadata. Agent identity, model version, timestamp, compute node, and TEE mode — cryptographically sealed at execution start. Unforgeable.
SHA-256 input fingerprint. Proves what document was processed without retaining the document. Satisfies data minimization. Independently verifiable.
Step-by-step decision trace. Every tool call, LLM call, and policy check timestamped inside the TEE. Auditors can follow every decision from trigger to output.
8 policy checks, all verified. Content retention, PII, output scope, network isolation — each check runs inside the TEE and produces a verifiable result in the evidence pack.
HITL review in the audit trail. Human reviewer identity (anonymized), decision, and timestamp are cryptographically included in the Merkle chain. EU AI Act Art. 14 satisfied.
Merkle-chained audit trail. 9 immutable events. Any alteration breaks the chain. External auditors can verify with no live system dependency.
One-click evidence export. Auditor asks for evidence. You click Export. They receive a signed ZIP with all 6 artifacts, a manifest, and verification instructions. Five minutes.
Compliance Mapping

Which controls this satisfies.

Every field in the evidence pack maps to specific compliance framework controls. These aren't general claims — each field in the evidence pack above satisfies the specific control listed here.

🔐 SOC 2 Type II

Trust Services Criteria Coverage

The evidence pack above satisfies these SOC 2 controls directly — no supplemental documentation required.

CC6.1 Logical access controls — sealed execution metadata, user ID in audit trail, TEE isolation confirmation
CC6.7 Encryption of data at rest/transit — AES-256-GCM storage, SHA-256 at-rest, content discard confirmation
CC7.2 System monitoring — real-time execution trace, anomaly detection logs, 8 policy check results
CC4.1 Control monitoring — audit trail verifies controls ran on every execution, not just sampled
PI1.2 Data integrity — Merkle root + RSA-4096 signature proves no artifact was modified post-execution
A1.2 Availability monitoring — execution start/end timestamps, compute node health status logged
🇪🇺 GDPR (EU 2016/679)

Data Processing Documentation

GDPR Article 35 (DPIA) requires organizations to document how personal data is processed by AI systems. This evidence pack is that documentation.

Art. 5(1)(c) Data minimisation — SHA-256 input fingerprint only, content discarded at execution end (confirmed in audit trail)
Art. 5(2) Accountability — sealed execution record proves who processed what, when, under which policies, with what outcome
Art. 22 Automated decision basis — output summary documents the AI's decision logic; human review documented for high-risk flags
Art. 30 Records of processing activities — full execution trace with timestamps constitutes the processing record
Art. 32 Security of processing — TEE isolation, cryptographic controls, tamper-evident audit log documented in evidence pack
Art. 35 DPIA — evidence pack provides the data processing documentation DPIA assessments require for AI systems
⚡ EU AI Act

High-Risk AI System Requirements

Financial review workflows may qualify as high-risk AI under EU AI Act Annex III. This evidence pack satisfies the documentation requirements for high-risk systems.

Art. 9 Risk management — 8 policy checks documented, 1 HIGH flag raised and reviewed, risk results in evidence pack
Art. 13 Transparency — agent identity, model, capabilities, and limitations documented; output basis disclosed
Art. 14 Human oversight — HITL review event in immutable audit trail; reviewer identity and decision documented
Art. 17 Quality management — policy check results, model version, execution trace constitute the QMS record
Art. 18 Technical documentation — 6-artifact evidence pack is the technical documentation required per Annex IV
📋 ISO 42001 & NIST AI RMF

AI Management System Evidence

ISO/IEC 42001 (AI Management Systems) and NIST AI RMF both require documented evidence of AI governance practices. This pack satisfies both.

ISO 42001 §8.4 Documentation of AI system processes — execution trace and policy checks constitute process documentation
ISO 42001 §9.1 Monitoring and measurement — execution metadata, timing, and policy results are the monitoring record
NIST GOVERN AI governance policies — policy set name and all 8 check results documented in evidence pack
NIST MANAGE AI risk management — HIGH flag detection, HITL escalation, reviewer decision all documented and verifiable
NIST MEASURE Measurement of AI impacts — output policy checks, token counts, timing metrics provide measurable execution data
Generate your first evidence pack

Every workflow. Every run. Every proof.

Start free. Run your first governed workflow in under 5 minutes. The evidence pack above is generated automatically — no setup, no configuration, no manual write-up.

Start free — generate your first evidence pack → Talk to enterprise team
No credit card required Evidence on every run SOC 2 + GDPR ready 5-minute integration
→ Generic evidence pack → SOC 2 evidence template → HIPAA evidence template → Interactive workflow demo → Trust pack → Enterprise overview