SAMPLE

Demonstration Only — All data is fictional and pre-populated for enterprise evaluation. Not real audit evidence.

Evidence Package Preview

What ThetaZero Produces
for Every Governed Run

A CCO can review this in 10 minutes. Every agent execution generates this package automatically — signed, hashed, and ready for audit.

⬇ Download Sample ZIP View Trust Pack →

No login required · ~28 KB · Contains 5 signed files

📋
Section 1 — Agent Execution Report
SAMPLE
Agent Name
KYC Exception Review
Agent Purpose
Reviews flagged KYC submissions and issues a compliance determination
Execution ID
TZ-EXEC-20260411-004821
Timestamp (UTC)
2026-04-11T14:23:07.412Z
Status
COMPLETED
Duration / Tokens
4,312 ms · 2,847 tokens
Model Version
claude-3-7-sonnet-20250219
Compute Source
TZ-EC-7a3f9b · us-east-1
TEE Attestation
HMAC-SHA256 Signed
🔐 The HMAC-SHA256 TEE attestation, SHA-256 record hashes, and RSA-4096 package signature in this evidence pack are complementary layers — see Cryptographic Controls for what each algorithm protects and how to independently verify them.
Input Task / Prompt

Review KYC submission KYC-2026-047821 for customer Finova Capital LLC. The submission has been flagged for an income discrepancy exception (declared annual revenue: $4.2M, bank statement average: $3.1M). Determine whether to approve, conditionally approve, or reject. Apply EU AI Act Article 14 human-oversight requirements and log the full audit trail.

Execution Log
Execution Trace · 8 actions · 0 policy violations
TZ-EXEC-20260411-004821
14:23:07.412 INFO Execution initialized · agent=kyc-exception-review · model=claude-3-7-sonnet-20250219
14:23:07.581 ACTION READ identity_db · resource=customers/KYC-2026-047821 · input_hash=a3f8c2d9…
14:23:07.794 CHECK Permission granted: identity_db.read · scope=kyc_records · credential=svc-kyc-agent
14:23:08.102 ACTION READ document_verification · resource=docs/KYC-2026-047821/report · output_hash=7e91b4fa…
14:23:08.341 ACTION READ sanctions_db · resource=entities/finova-capital-llc · result=NO_MATCH
14:23:08.619 CHECK Sanctions screen passed · 0 matches across OFAC, EU, UN lists
14:23:09.083 ACTION READ risk_scoring · resource=scores/KYC-2026-047821 · score=42/100 (LOW-MEDIUM)
14:23:09.471 ACTION REASON income_discrepancy · declared=$4.2M · verified=$3.1M · delta=26% (within 30% threshold)
14:23:10.844 CHECK EU AI Act Art.14 flag set · human_oversight_required=true · [email protected]
14:23:11.201 ACTION WRITE decisions_log · resource=decisions/KYC-2026-047821 · determination=APPROVED_WITH_CONDITIONS
14:23:11.724 CHECK Permission granted: decisions_log.write · scope=kyc_decisions · audit_entry_id=AUD-88412
14:23:11.924 DONE Execution completed · duration_ms=4312 · tokens=2847 · violations=0
✓ Agent Output / Determination

APPROVED WITH CONDITIONS — Customer identity verified against submitted documentation. Sanctions screening cleared (0 matches across OFAC, EU consolidated list, and UN Security Council sanctions). Risk score 42/100 classified as LOW-MEDIUM.

Income discrepancy of 26% (declared $4.2M vs. verified $3.1M average) falls within the 30% acceptable threshold under Section 4.3 of the KYC Policy Framework. Discrepancy attributable to seasonal revenue concentration (Q4 billing cycle documented in supporting attachment).

Conditions applied: (1) Enhanced transaction monitoring for 90 days, (2) Human compliance officer review required before account activation (Art. 14 flag), (3) Repeat verification at 12-month interval.

Permission Boundary
✓ Allowed Access
identity_db — READ (kyc_records scope)
document_verification — READ
sanctions_db — READ (query only)
risk_scoring — READ
decisions_log — WRITE (kyc_decisions scope)
✗ Denied / Out of Scope
Raw customer documents (PII boundary)
External network calls (egress blocked)
customer_accounts — any access
email_send (notification via queue only)
identity_db — WRITE (read-only binding)
🗺️
Section 2 — Control Mapping Summary
SAMPLE

The following compliance controls are satisfied by this execution. ThetaZero maps each run to the relevant framework articles automatically.

Framework Control Reference Description Status
EU AI Act Art. 9 Risk management system — risks identified, evaluated, and mitigated before deployment ✓ MAPPED
EU AI Act Art. 10 Data governance — training/validation data quality measures documented ✓ DOCUMENTED
EU AI Act Art. 13 Transparency — system capabilities, limitations, and logic accessible to deployers ✓ EVIDENCE
EU AI Act Art. 14 Human oversight — mechanisms for humans to monitor, understand, and intervene ✓ EVIDENCE
EU AI Act Art. 17 Quality management — processes for ongoing monitoring and incident management ✓ MAPPED
EU AI Act Art. 26(1) Deployer obligations — verification that system is used as intended by provider ✓ DOCUMENTED
SOC 2 CC6.6 Logical access security measures — controls to restrict access to information assets ✓ EVIDENCE
SOC 2 CC7.1 System monitoring — detection of threats, anomalies, and policy violations ✓ EVIDENCE
SOC 2 CC7.2 Security event monitoring — logging, alerting, and incident response ✓ EVIDENCE
GDPR Art. 22 Automated decision-making — human review available; decision explained and challengeable ✓ EVIDENCE
GDPR Art. 5(1)(f) Integrity & confidentiality — appropriate security of personal data ✓ MAPPED
🔗
Section 3 — Audit Trail Export
SAMPLE
SHA-256 integrity hashes on all entries
·
TEE-attested at time of recording
·
Merkle root anchored (Theta blockchain, Q3 2026)
14:23:07.581
READ · identity_db/customers/KYC-2026-047821
Credential: svc-kyc-agent · Permission: granted · Scope: kyc_records · No PII stored in log
input_hash: a3f8c2d9e1047b6f2c58a0d3f7e91cc4b2a8e5d7f3041c8b9d2e6a0f1b4c7e3
TEE ✓ AUD-88401
14:23:08.102
READ · document_verification/docs/KYC-2026-047821/report
Credential: svc-kyc-agent · Permission: granted · Scope: doc_reports
output_hash: 7e91b4fa3c620d8e1f4a9b5c2d7e0f3a8b1c6d2e9f4a7b0c3d8e1f6a2b5c8d1
TEE ✓ AUD-88402
14:23:08.341
READ · sanctions_db/entities/finova-capital-llc
Credential: svc-kyc-agent · Permission: granted · Scope: sanctions_query · Result: NO_MATCH (0 hits)
output_hash: 2b4d8f0e6c1a9b3d7e5f2a0c4b8d6e1f3a7b9c0d2e4f6a8b0c2d4e6f8a0b2c4
TEE ✓ AUD-88403
14:23:09.083
READ · risk_scoring/scores/KYC-2026-047821
Credential: svc-kyc-agent · Permission: granted · Scope: risk_read · Score: 42/100 LOW-MEDIUM
output_hash: f1e3b5d7a9c0e2f4b6d8a0c2e4f6b8d0a2c4e6f8a0b2c4e6f8a0b2c4e6f8a011
TEE ✓ AUD-88404
14:23:10.844
FLAG · EU AI Act Art.14 human oversight notification enqueued
Recipient: [email protected] · Method: notification_queue (no direct email send) · Queue ID: NQ-29847
entry_hash: c8d0e2f4a6b8c0d2e4f6a8b0c2d4e6f8a0b2c4e6f8a0b2c4e6f8a0b2c4e6f8a0
TEE ✓ AUD-88408
14:23:11.201
WRITE · decisions_log/decisions/KYC-2026-047821
Credential: svc-kyc-agent · Permission: granted · Scope: kyc_decisions · Determination: APPROVED_WITH_CONDITIONS
output_hash: e7f9a1b3c5d7e9f1a3b5c7d9e1f3a5b7c9d1e3f5a7b9c1d3e5f7a9b1c3d5e7f9
TEE ✓ AUD-88409
manifest.json — Integrity Checksums
execution_logs.json · sha256: 9e4f2a8b1c6d3e0f7a5b9c2d8e1f4a7b... · 8,241 bytes
control_mapping.json · sha256: 3b7d1f5a9c4e2b8f6d0a3e7b5c9d1f4a... · 3,118 bytes
audit_trail.json · sha256: f2e8a4c6b0d9e3f7a1b5c9d2e6f0a4b8... · 11,652 bytes
tee_attestation.json · sha256: a5c7e9b1d3f5a7c9e1b3d5f7a9c1e3b5... · 4,087 bytes
README.txt · sha256: b8d0f2a4c6e8b0d2f4a6c8e0b2d4f6a8... · 1,024 bytes

Download the Full Evidence ZIP

All 5 files in one package. Open it, read through the JSON, and share with your auditors. This is what every governed run produces.

📄execution_logs.json
🗺️control_mapping.json
🔗audit_trail.json
🔐tee_attestation.json
manifest.json
⬇ Download Sample Evidence ZIP

~28 KB · No login required · Labeled SAMPLE throughout · Safe to share with auditors

Ready to generate real evidence?

Every agent execution on ThetaZero produces this package automatically. No extra work required.

Start Free Trial → Take the AI Act Assessment