Live audit-ready evidence · methodology v0.1.0

Estoppl Demo Deployer

A demo deployer simulating support + treasury agents at a hypothetical consumer lending fintech.

What an examiner sees when they ask: “show me the AI agent's audit trail.”

Continuous audit-ready evidence for AI agent decisions — hash-chained, signed, examiner-verifiable in the browser in under a minute. No Estoppl account, no CLI install.

Maps to your control framework
NYDFS Part 500FINRA 4511AIUC-1AARM v1.0FINRA 3110

Each pillar below maps to specific controls inside these frameworks. The hash-chained event record feeds into SEC 17a-4, SR 11-7, and NIST AI 600-1 audit programs as continuous evidence — Estoppl is infrastructure for your existing compliance arrangement, not a replacement for it.

Overall score
917
/1000
Low risk
Reissued hourly · valid until Jun 3, 2026, 7:07 AM UTC

22 actions in the last 30 days — 18 auto-allowed, 3 routed to human review, 1 blocked at the policy boundary.

Audit trail: recent intercepted actions

Continuous evidence collection. Each row is an audit-trail event with policy decision, agent identity, rule that fired, and hash chain reference — tampering with any one row breaks the chain. Mappable to the control frameworks above.

WhenAgentToolDecisionRule
just nowtreasury-agent-v2transfer_fundsHuman reviewmoney_movement
2h agosupport-agent-v1issue_refundHuman reviewamount_above_threshold
10h agotreasury-agent-v2transfer_fundsHuman reviewmoney_movement
16h agosupport-agent-v1issue_refundBlockedamount_above_threshold
Showing 4 of 4 intercepted actions in the last 30 days. The other 18 actions were auto-allowed by policy.

Three pillars

Each subscore is computed live from the event chain. See the formulas →

Governance discipline

95/100

Are high-risk actions being routed to humans at the right rate — neither rubber-stamped nor over-escalated?

events total
22
hitl rate
13.6%
Framework references
  • NYDFS 23 NYCRR 500.13 (audit trail of cybersecurity events)
  • FINRA 4511 (books and records)
  • AIUC-1 §3 Accountability
  • AARM v1.0 §2.3 (HITL governance)

Scope adherence

90/100

How often does the agent try things outside its approved scope of authority?

block rate
4.5%
blocked count
1
Framework references
  • NYDFS 23 NYCRR 500.11 (third-party service provider security policy)
  • FINRA 3110 (supervision of automated systems)
  • AIUC-1 §2 Safety (scope-of-authority controls)
  • AARM v1.0 §3.1 (policy enforcement at the agent boundary)

Anomaly load

90/100

Rate of unusual or out-of-pattern tool calls relative to this agent's baseline.

events total
22
unique agents
4
unique tools
8
Framework references
  • NYDFS 23 NYCRR 500.14 (monitoring and detection)
  • AIUC-1 §5 Reliability (anomaly detection)
  • AARM v1.0 §4 (runtime telemetry)

Tool surface

Every tool this agent has called in the last 30 days and how each call was decided. Useful for scope review.

search_kb
6 calls
6 allowed
lookup_customer
3 calls
3 allowed
send_email
3 calls
3 allowed
issue_refund
3 calls
1 allowed 1 reviewed 1 blocked
transfer_funds
3 calls
1 allowed 2 reviewed
test_tool
2 calls
2 allowed

Verify this certificate yourself

Don't trust the page — verify the signature. The cert is signed with Estoppl's Ed25519 key, published at /.well-known/jwks.json. Click the button below to verify locally in your browser (no install, no Estoppl server in the loop), or download the signed JSON and use the CLI verifier offline:

estoppl verify-certificate cert.json
Hash chain: 22 events · sequence 11 · last event hash b3ae66d505d2db95
Score methodology·Full evidence pack (JSON)
Deployer ID
1c6a30f5-586b-4b67-96a1-a71728243f7e
Certificate ID
estoppl_cert_v1_1c6a30f5-586b-4b67-96a1-a71728243f7e_20260603060713
Public Key ID
estoppl_signing_2026q2_v1
Issued
Jun 3, 2026, 6:07 AM UTC
Methodology
v0.1.0
AARM Version
v1.0
AARM Conformance
aligned_extended_review_pending
Signature
Jt6k1JtO8otXT1MS…6YtmDg==
Authorization scope
Policy ID
policy_v3_support_agent
Max Action Value
$5,000
Policy Hash
sha256:8f4a2b7c91e3d40fc4ee9e8d3b2c1a5e6f7012a3b4c5d6e7f8091a2b3c4d5e6f
Policy URL
https://api.estoppl.ai/v1/policy/sha256:8f4a2b7c91e3d40fc4ee9e8d3b2c1a5e6f7012a3b4c5d6e7f8091a2b3c4d5e6f
Scope Summary
Customer support · payments ≤ $5,000 · refunds ≤ $500 · no PII export
Allowed Tool Namespaces (3)
stripe.charges.* · stripe.refunds.create · internal.crm.read.*
Denied Tool Namespaces (2)
stripe.transfers.* · internal.crm.write.*
Valid Until
2026-06-03T07:07:13Z
Chain integrity
Event Count
22
Sequence Range
11
First Event Hash
b2c3ac1216cc0f471ee86f2f1133366cc845c2021b5be18e3fcdf2411d8ff5c4
Last Event Hash
b3ae66d505d2db953d1216adf4a617db62c3ebd24722658163404ad55071cd48

Want audit-ready evidence like this for your own AI agents?

Limited to a few fintech design partners this quarter. Founder-direct, roadmap influence, evidence formats tailored to your auditor — no CSMs, no SDR funnels.

Become a design partner — 15 min with the founderView on GitHub →

— Tina Ho, founder · ex-Netflix, ex-Amazon · LinkedIn ↗

Different perspective on the same data

Same certificate and evidence chain — three lenses on the same substrate.

Runtime control plane

For CISOs / Heads of Security focused on prevention

Kill switch + guardrails + HITL routing for security operators preventing irreversible actions.

Cross-company trust substrate

For Heads of AI / security architects thinking at infrastructure layer

Cryptographic primitives for the agentic commerce protocol — signed chains, JWKS verification, cross-boundary trust.

Issued and signed by Estoppl. Each certificate is valid for one hour and continuously reissued.