Build on
Rubric Protocol.
Integrate post-quantum AI attestation into any system in minutes. Every AI decision your system makes becomes cryptographically signed, Merkle-batched, and permanently anchored to Hedera Consensus Service.
Rubric Protocol is live on Hedera Mainnet. HCS topic 0.0.10416909. Cross-chain anchoring active on Base mainnet.
Installation
Install the TypeScript SDK via npm, or the Python SDK via pip.
First Attestation
The following example attests an AI agent output to Hedera in under 5 minutes.
Initialize the client
Instantiate RubricClient with your API key and target network.
Attest a decision
Submit any AI decision event. Rubric constructs a Merkle leaf, signs with ML-DSA-65, and batches for HCS anchoring.
Verify anytime
Any attestation is verifiable in O(1) via local index, or independently via HCS mirror node — no trust required.
Attestation at the
decision point.
Drop Rubric into Claude Desktop, Claude Code, Cursor, Windsurf, Continue, or Zed — every agent tool call becomes a post-quantum signed, Merkle-rooted, Hedera-anchored audit record.
Both ports live: @rubric-protocol/mcp-server on npm, rubric_mcp_server on PyPI. Identical 8-tool surface. Free local tier in both.
Installation
Choose the port that matches your runtime. Both expose identical tools and return the same attestation IDs.
8 Tools
The full surface exposed by the MCP server. register_agent, status, framework_detect, and cost_estimate work without an API key.
- attest — Attest an AI decision. HCS-anchored with an API key; PQ-signed local Merkle leaf without.
- verify — Verify an attestation by ID. Checks local store first, then the federation.
- get_proof — Generate ZK Merkle inclusion proof (Noir / Barretenberg).
- register_agent — Request a free developer API key via email.
- status — Federation health across US, SG, JP, CA, EU nodes + ZK node.
- framework_detect — Auto-detect applicable regulatory frameworks (EU AI Act, SR 11-7, HIPAA, NIST AI RMF, etc.). Offline.
- cost_estimate — Estimate monthly Rubric cost from expected decision volume. Offline.
- bundle_query — Query attestation bundles by leaf type, agent, or time range. Standard+ tier.
Claude Desktop
Edit ~/Library/Application Support/Claude/claude_desktop_config.json (Mac) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
Claude Code
Cursor
Add to ~/.cursor/mcp.json or project-local .cursor/mcp.json:
REST API
All endpoints are available at https://rubric-protocol.com/verify/. Authentication via x-api-key header.
Base URL
https://rubric-protocol.com/verify/
Authentication
x-api-key: YOUR_API_KEY
Attestation Endpoints
| Field | Type | Description |
|---|---|---|
| agentId | string | Unique identifier for the AI agent or system |
| leafType | enum | AGENT_OUTPUT · HUMAN_REVIEW · RULE_APPLIED · DOCUMENT_HASH · MODEL_VERSION · DATA_RECORD · EXTERNAL_ORACLE |
| data | object | Arbitrary decision payload — serialized, hashed, included in Merkle leaf. Encrypted at rest with customer-held key. |
| attestationId | string | Optional. Provide your own ID for correlation |
| pipelineId | string | Optional. Link attestations across a workflow pipeline |
| Field | Type | Description |
|---|---|---|
| items | array | Array of attestation objects. Same schema as /v1/attest |
Enterprise Endpoints
| Field | Type | Description |
|---|---|---|
| data | object | Decision payload. Encrypted at submission — Rubric never stores plaintext. |
| sourceId | string | Identifier for the submitting system |
| pipelineId | string | Optional. Link attestations across a workflow |
| attestationId | string | Optional. Provide your own UUID for correlation |
| Response | Type | Description |
|---|---|---|
| attestationId | string | Permanent record ID — use to retrieve ZK proof |
| payloadKey | string | 64-char hex AES-256 key. Returned once. Not stored by Rubric. |
| payloadCommitment | string | SHA3-256(payloadKey + attestationId) — verifiable binding |
| status | string | buffered — queued for Merkle aggregation |
| Response | Type | Description |
|---|---|---|
| status | string | ready or pending |
| proof.zkLeaf | string | BN254 field element — your record's leaf hash |
| proof.zkRoot | string | cryptographic Merkle root — matches HCS anchor |
| proof.zkPath | array | 20-element sibling path for independent verification |
| hcsSeqNum | string | HCS sequence number — populated ~60s after submission |
| hcsExplorerUrl | string | Hashscan link for on-chain verification |
| Field | Type | Description |
|---|---|---|
| attestationId | string | The attestation to decrypt |
| payloadKey | string | 64-char hex key returned at submission time |
| Response | Type | Description |
|---|---|---|
| payload | object | Original decision data |
| payloadCommitment | string | Commitment for ZK witness binding |
| flushedAt | string | ISO timestamp of Merkle flush |
Verification Endpoints
Batch & Status
Agent Management
Post-Quantum
Security Model
Rubric Protocol is built on NIST-standardized post-quantum cryptography. Every attestation is resistant to both classical and quantum adversaries — permanently.
ML-DSA-65 provides NIST Category 3 security — equivalent to AES-192. A quantum computer running Shor's algorithm cannot forge or retroactively invalidate any Rubric attestation.
ML-DSA-65 Digital Signatures
ML-DSA-65 (Module-Lattice Digital Signature Algorithm, formerly CRYSTALS-Dilithium) is the NIST post-quantum digital signature standard finalized in FIPS 204. Rubric uses it as the sole signing algorithm for all attestations.
Algorithm
CRYSTALS-Dilithium · Module lattice-based · FIPS 204
Security Level
NIST Category 3 · ~AES-192 equivalent
Public Key Size
1,952 bytes
Signature Size
3,293 bytes
Keypairs are generated once per node, encrypted at rest with AES-256-CBC using a passphrase, and never transmitted. The public key is published to HCS on initialization. All attestation batches are signed before HCS submission.
Rubric deploys ML-DSA-65 across two paths. The standard attestation path uses @noble/post-quantum — a formally verified, pure TypeScript implementation with no native dependencies, optimized for auditability and cross-platform correctness. The enterprise tiered path uses a liboqs C++ N-API addon — a native Node.js binding to the Open Quantum Safe library — delivering 52× faster signing for high-throughput bulk attestation. Deployed across all 5 federation nodes.
Merkle Forest Architecture
Individual attestations are not written to HCS one-by-one — that would be prohibitively expensive at scale. Instead, Rubric constructs a Merkle forest: a set of individual Merkle trees, one per pipeline or batch group, whose roots are then combined into a single forest root.
This means a batch of 100,000 attestations produces exactly one HCS write. The forest root represents the entire batch cryptographically — any individual leaf can be proven against it.
Each leaf includes a nullifier — a unique value that prevents duplicate attestation attacks. Direction bits on proof paths ensure every leaf position is unique and tamper-evident.
Hedera Consensus Service Anchoring
The forest root and signature hash are submitted to HCS topic 0.0.10416909. Hedera's hashgraph consensus provides an immutable, globally-ordered timestamp — the attestation exists permanently in the public record.
Verification requires only the attestationId. Rubric maintains a local O(1) index for instant lookups. For fully independent verification, any party can query the HCS mirror node directly — no reliance on Rubric infrastructure required.
Zero-Knowledge
Proof Layer
Rubric Protocol includes a production-deployed ZK layer for cryptographic Merkle inclusion proofs. Every attestation batch can be proven with cryptographic Merkle inclusion proofs. Full payload privacy proofs are live. Every attestation is encrypted with a customer-held AES-256-GCM key — Rubric stores only ciphertext. Customers retrieve plaintext using their key via /v1/payload-decrypt. ZK proofs over committed payload values (proving compliance without revealing decision data) are in active development.
ZK proofs are live at zk.rubric-protocol.com. A Noir circuit generates depth-20 cryptographic Merkle inclusion proofs — 122 ACIR opcodes — verified on every tier-1 flush across all federation nodes.
Circuit
Noir beta.19 · Depth-20 cryptographic Merkle inclusion · 122 ACIR opcodes
Endpoints
/v1/zk-prove · /v1/zk-verify · Proxied through all 5 federation nodes
Hash Function
Poseidon2 — ZK-native, algebraically efficient over prime fields
Overhead
~15% throughput cost at tier-1 flush · Recoverable via request queue parallelization
How It Works
At every tier-1 flush, the attestation batch is forwarded to the dedicated ZK node. The Noir circuit computes a cryptographic Merkle inclusion proof over the batch. The proof is attached to the HCS submission alongside the ML-DSA-65 signature.
Any third party can verify that a specific attestation is included in a batch without seeing any other attestation in that batch. The proof is self-contained — no Rubric infrastructure required for verification.
ZK Roadmap
| Phase | Status | Description |
|---|---|---|
| Merkle Inclusion Proofs | Live | Depth-20 Poseidon2 circuit on dedicated ZK node |
| Payload Privacy (Level 2) | Live | AES-256-GCM encryption at submission. Customer holds key — Rubric stores ciphertext only. Decrypt via /v1/payload-decrypt with payloadKey. |
| ZK Federation Rounds | Month 3–6 | Prove threshold consensus without revealing individual node votes |
| Cross-Customer Privacy | Month 9–18 | Prove compliance aggregates without revealing individual records |
| ZK Compliance Reports | Year 2 | Regulator-ready ZK proofs for EU AI Act, SR 11-7, and NIST RMF audits |
Your AI Knows What
It Decided. Can It Prove It?
Existing AI systems are optimized to make decisions — not to prove them. Rubric closes that gap.
A model saying it logged a decision is like a defendant keeping their own records. It means nothing to a regulator. Rubric creates an external, cryptographically signed record the AI system cannot alter after the fact.
Standard observability and logging platforms produce mutable logs. An administrator with the right access can edit them. Article 12 requires tamper-evident, independently verifiable records. Rubric anchors to Hedera Consensus Service, a public ledger no one controls.
At scale, AI systems make millions of consequential decisions per day. Logging, signing, and archiving each one individually would require a compliance team larger than engineering. Rubric's Merkle forest compresses any batch — 1 decision or 150 million — into a single cryptographic commitment. One record proves all of them.
Your current systems know what decisions were made. Rubric proves it — to a regulator, in court, without trusting anyone's word.
Every major framework.
One integration.
Rubric is post-quantum AI compliance infrastructure. Declare your system's intended use and jurisdiction — Rubric computes your full regulatory obligation set automatically and generates cryptographically verifiable evidence packages for every applicable framework.
| Regulation | Scope | Rubric Coverage |
|---|---|---|
| EU AI Act Art. 9–15, 17, 26, 49, 72, 73 Annex IV, XI, XII | High-risk AI + GPAI — technical documentation, record-keeping, human oversight, post-market monitoring | Declaration-driven compliance engine + Annex IV Evidence Package generator + continuous attestation stream |
| SR 11-7 / OCC / FDIC Fed Reserve · OCC · FDIC | Model risk management for US financial institutions — inventory, validation, outcome analysis, exceptions | modelTier + validationStatus + outcome fields → SR 11-7 evidence report |
| NIST AI RMF 1.0 GOVERN · MAP · MEASURE · MANAGE | Voluntary framework — mandatory safe harbor in TX, CO, and federal procurement | Four-function attestation mapping → NIST RMF safe harbor certificate |
| TX TRAIGA In effect Jan 1, 2026 | Impact assessment + algorithmic discrimination prevention | riskLevel + populationGroup → safe harbor via NIST RMF alignment |
| CO AI Act Effective Jun 30, 2026 | Pre-deployment risk assessment + discrimination prevention | Pre-deployment attestation + NIST RMF safe harbor certificate |
| HIPAA · EU DSA · NIS2 | PHI protection · content moderation · critical infrastructure | AES-256-GCM payload encryption · moderation event attestation · infrastructure schema |
The section below provides a technical deep-dive on EU AI Act Article 12 — the record-keeping obligation that underpins Rubric's core attestation architecture. All other frameworks build on this foundation.
Article 12
Compliance Guide
Official text: EU AI Act — Regulation (EU) 2024/1689, Article 12 ↗
The EU AI Act requires providers and deployers of high-risk AI systems to maintain detailed records of system operation. Article 12 mandates automatic logging sufficient to enable post-hoc accountability. [EUR-Lex ↗] Rubric Protocol is designed to satisfy these requirements by default.
Article 12 record-keeping requirements apply from August 2026 for high-risk AI systems. Systems processing personal data, making consequential decisions (credit, employment, healthcare, law enforcement), or operating in critical infrastructure are subject to these requirements.
What Article 12 Requires
Article 12 of the EU AI Act mandates that high-risk AI systems automatically generate logs that enable monitoring for the duration of operation. Specifically:
| Requirement | Rubric Implementation |
|---|---|
| Automatic logging of operation | Every decision submitted via /v1/attest is automatically recorded with timestamp, agent identity, and decision payload |
| Recording period and content | Attestations are permanently anchored to HCS — immutable, with Hedera consensus timestamp as authoritative record |
| Traceability of decisions | Each attestation includes agentId, leafType, pipelineId, and full data payload — complete decision lineage |
| Integrity of records | ML-DSA-65 signatures prevent tampering. Merkle proofs enable independent verification of any individual record |
| Access for competent authorities | Regulator portal provides read-only access to attestation records with cryptographic proof of authenticity |
Audit Trail Architecture
A complete audit trail for an AI decision looks like this in Rubric Protocol:
Decision event captured
Your AI system submits the decision to Rubric PROOF with full context — model version, input hash, output, confidence score, and any rule applied.
Cryptographic commitment
Rubric constructs a SHA3-256 Merkle leaf with nullifier. The leaf is signed with ML-DSA-65. This creates a tamper-evident, quantum-resistant record of the exact decision state.
On-chain permanence
The Merkle forest root is submitted to Hedera Consensus Service. The HCS timestamp becomes the authoritative, globally-ordered record of when the decision occurred.
Regulator access
Competent authorities can query any attestation by ID and receive a cryptographic proof of authenticity — verifiable independently without Rubric's involvement.
Rubric Protocol provides post-quantum AI compliance infrastructure covering EU AI Act (Articles 9–15, 17, 26, 49, 72, 73, Annexes IV, XI, XII), SR 11-7, NIST AI RMF 1.0, TX TRAIGA, CO AI Act, and more. Organizations remain responsible for determining their regulatory obligations under their specific use case and for implementing appropriate governance processes. Consult legal counsel for compliance advice.
Multi-Node
Architecture
Rubric Protocol operates as a federated network of independent nodes. Each node maintains its own ML-DSA-65 keypair and participates in threshold consensus before HCS anchoring.
Current Network
5 nodes — US East · Canada · Singapore · EU · Japan
V3 Target
5 nodes upgraded to 8 vCPU / 32GB · ~1.05B attestations/day pre-ZK · ~885M/day with ZK
Consensus
ML-DSA-65 threshold signatures · 3-of-5
Throughput
327M+ attestations/day · 3,789 RPS peak · H41 validated: 0.00% error rate
Node Requirements
Each federation node requires:
| Resource | Minimum | Recommended |
|---|---|---|
| vCPU | 2 cores | 8 dedicated cores |
| RAM | 4 GB | 32 GB |
| Storage | 100 GB SSD | 500 GB NVMe |
| Network | 100 Mbps | 1 Gbps |
| OS | Ubuntu 22.04+ | Ubuntu 24.04 |
Threshold Consensus
Before any Merkle forest root is submitted to HCS, participating nodes must reach threshold consensus. Each node independently signs the forest root with its ML-DSA-65 key. Once the threshold is met (currently 3-of-5), the combined signature is anchored.
This means no single node can submit fraudulent attestations — consensus is required. Geographic distribution across jurisdictions also ensures no single regulatory action can take down the network.
Threshold Key Ceremony
Federation signing keys are protected by a Shamir Secret Sharing scheme. Each master signing key is split into 5 shares using pure GF(256) arithmetic — any 3 shares reconstruct the key. No single node ever holds the complete key.
Scheme
Shamir Secret Sharing · Pure GF(256) · 3-of-5 threshold
Key Storage
Encrypted share keystore per node · AES-256-CBC · Passphrase-protected at rest
Inter-Node Auth
HMAC-authenticated share requests · No unauthenticated share exposure
Ceremony
One-time key ceremony · Setup files deleted post-deployment · Key never reconstructed outside signing
Threshold signing is exposed via /v1/threshold-attest. The coordinating node requests partial signatures from peers via HMAC-authenticated inter-node calls. The combined signature is assembled at submission time and never persisted.
Any Enterprise.
Any Volume.
One HCS write per batch — 1 decision or 150 million. The architecture doesn't change. The cost barely does.
Reliable Queue Architecture
The attestation pipeline is backed by a Redis reliable queue using the BRPOPLPUSH pattern. Every incoming attestation is atomically moved from an intake queue to a processing queue before any work begins. If a node restarts mid-batch, in-flight attestations are recovered automatically on startup — zero attestation loss by design.
The queue drives an 8-worker cluster per node, sustaining the throughput behind 327M+ attestations/day across the 5-node federation.
@rubric-protocol/sdk
TypeScript SDK for direct integration. Full type definitions, AttestationsService, StorageService, and federation-aware routing built in.
autogen-rubric Python
One-line auto-instrumentation for 13 AI frameworks. Every LLM call, agent decision, and tool use is attested automatically — no per-decision code required.
Auto-Instrumentation — Recommended
Add one line at app startup. Rubric detects installed frameworks and patches them at the class level. Complete attestation coverage by construction — no codebase audit required.
Client Reference
AttestationsService
| Method | Description |
|---|---|
| attest(params) | Submit single attestation. Returns attestationId, sigValid, onChain |
| batchAttest(items) | Submit array of attestations. One HCS write regardless of size |
| verify(id) | Verify attestation by ID. Returns verified, sigValid, securityLevel |
| get(id) | Retrieve full attestation record with Merkle proof |
| list(filters) | Paginated list with agentId, leafType, date range filters |
Examples
Real-world integration patterns across regulated industries.
Logistics — Route optimization audit trail
A logistics operator runs 150M AI routing decisions per day. Every decision attested in a single HCS write per batch. Regulators get a cryptographic receipt for every reroute, delay override, or priority escalation — provable in court.
150M/day
Forest
Sign
Write
Receipt
Financial Services — Full loan decision lineage
EU AI Act Article 12 requires lenders using AI to maintain complete, tamper-evident records of every automated credit decision. Rubric creates an immutable chain: model output → compliance check → human review → final approval.
Model
Check
Review
ID
Anchor
Record
Healthcare — AI diagnostic audit trail
A hospital deploys AI for radiology triage. Every recommendation must be auditable for liability, HIPAA, and EU MDR compliance. Rubric attests the model version and output — without storing protected patient data on-chain.
Scan
Hash
Triage
Sign
(no PHI)
Proof
Algorithmic Trading — MiFID II decision records
MiFID II and SEC Rule 17a-4 require broker-dealers to retain records of every algorithmic trading decision. Rubric provides a quantum-resistant audit trail verifiable by regulators — without exposing proprietary model internals.
Signal
Model
Decision
Sign
Anchor
Verifiable
LangChain — Automatic agent attestation
Drop one callback handler into any LangChain agent or chain. Every LLM call, tool use, and agent decision is automatically attested to HCS — zero changes to your existing logic. EU AI Act Article 12 compliant out of the box.
LangGraph — Node-level decision attestation
Pass one callback handler in config. Every graph node execution, LLM call, and tool use is attested — ideal for compliance-requiring enterprise deployments where audit trails and human-in-the-loop oversight are requirements.
OpenAI — Wrap once, attest everything
Wrap your existing OpenAI client with one line. Every chat.completions.create() call — streaming or not — is automatically signed and anchored to HCS. No changes to the rest of your codebase.
AutoGen — Attest every agent message
Attach one hook to any AutoGen agent. Every message sent and received is automatically attested to HCS — full multi-agent conversation trails with zero changes to your agent logic.
LlamaIndex — Query and retrieval attestation
Add one callback handler to LlamaIndex. Every LLM call and query result is attested to HCS — ideal for RAG pipelines where source fidelity and model output must be provable for compliance.
CrewAI — Attest every agent, task, and tool
One listener attests every agent execution, task completion, tool invocation, and crew kickoff — full multi-agent audit trail with zero changes to your crew logic.
Haystack — RAG pipeline attestation
Drop RubricHaystackComponent into any Haystack pipeline as a pass-through. Every LLM reply is attested before it reaches your application.
Semantic Kernel — Enterprise AI attestation
Register one filter on the kernel. Every function invocation — across all plugins and agents — is attested automatically. Ideal for Microsoft Azure enterprise deployments.
Pydantic AI — Type-safe agent attestation
Wrap any Pydantic AI agent. Every run — sync or async — is attested immediately on completion. Full proxy: all agent methods remain accessible.
OpenAI Agents SDK — Full lifecycle attestation
Pass one hooks object to Runner.run(). Agent starts, LLM completions, tool calls, and handoffs between agents are all attested — complete chain of custody for multi-agent workflows.
Google ADK — Vertex AI Agent Builder attestation
Register one plugin on the Runner — every agent, model call, and tool invocation across your entire ADK application is attested automatically. Works with any ADK agent on any model.
Strands Agents / Amazon Bedrock AgentCore — Full lifecycle attestation
Pass one hook to any Strands agent. Agent invocations, model calls, and tool results are all attested — works with Amazon Bedrock AgentCore Runtime.
DSPy — Declarative AI pipeline attestation
Register one callback globally. Every DSPy module execution and LM call is attested — zero changes to your existing program logic.
Coming integrations: Agno and Smolagents. All follow the same zero-dependency pattern — drop-in attestation with no changes to existing pipeline logic. Contact us to request priority support for a specific framework.
Webhooks —
Real-Time Event Push
Push every attestation to your SIEM, GRC platform, or custom endpoint in real time. HMAC-SHA256 signed. Auto-retry with failure tracking. Enterprise+ feature.
Register a Webhook
Available Events
| Event | Trigger |
|---|---|
attestation.created | Every attestation accepted by the node. Fires in real time, non-blocking. |
batch.anchored | Tier-2 Merkle forest anchored to HCS. Contains forest root and sequence number. |
* | All events. |
Payload Format
Signature Verification
Manage Webhooks
Webhooks track delivery status per endpoint. Failed deliveries increment a failure counter — after 10 consecutive failures the webhook is automatically disabled to prevent noise. Re-enable by deleting and re-registering. Each delivery includes X-Rubric-Delivery (unique ID), X-Rubric-Event, and X-Rubric-Signature headers.
GRC & SIEM
Export API
Every attestation is exportable in three formats — JSON, CSV, and SIEM-compatible NDJSON. Pipe directly into ServiceNow, Archer, OneTrust, Splunk, Elastic, or QRadar. No custom integration work required.
Endpoints
| Endpoint | Description | Tier |
|---|---|---|
GET /v1/export/attestations | Full attestation export. Supports JSON, CSV, SIEM formats. | Standard+ |
GET /v1/export/summary | Aggregated summary by agent, leaf type, and day. Includes EU AI Act status. | Standard+ |
POST /v1/export/report | Generate court-admissible PDF compliance report. Returns download URL + SHA3-256 hash. | Standard+ |
Query Parameters
| Parameter | Type | Description |
|---|---|---|
from | ISO 8601 | Start of export window. Default: 30 days ago. |
to | ISO 8601 | End of export window. Default: now. |
format | string | json (default), csv, or siem (NDJSON/ECS). |
agentId | string | Filter by agent identifier. |
limit | integer | Max records returned. Default: 10,000. Max: 100,000. |
JSON Export
CSV Export — ServiceNow / Archer / OneTrust
SIEM Export — Splunk / Elastic / QRadar
PDF Compliance Report
The CSV export maps directly to ServiceNow GRC, Archer, and OneTrust record schemas. The SIEM NDJSON format follows Elastic Common Schema (ECS) and can be ingested directly into Splunk, Elastic SIEM, or IBM QRadar without transformation. Each record includes a rubric.verify_url linking to the public audit portal for regulator access.
SR 11-7 — Model Risk Management
The Federal Reserve's SR 11-7 guidance requires banks to maintain a model inventory with risk classification, validation status, and outcomes monitoring. Rubric builds this automatically from attestation data.
Every AI agent attested through Rubric is automatically registered in the model inventory — capturing agent ID, model version, decision volume, and timestamp. Assign SR 11-7 risk tiers (Tier 1 High / Tier 2 Moderate / Tier 3 Low) via the Enterprise dashboard. Validation status and outcomes monitoring surface in the examination package.
Examination Package
Enterprise tier generates a complete SR 11-7 examination package in a single API call — model inventory, risk tier assignments, validation gap analysis, and outcomes monitoring summary. Export as PDF or structured JSON for GRC platform ingestion (ServiceNow, Archer, OneTrust).
FINRA 3110 / 3120 — Supervision Records
FINRA Rules 3110 and 3120 require broker-dealers to establish and maintain supervisory systems for AI-assisted workflows. Rubric provides cryptographically anchored supervision records that satisfy examination requirements.
Every AI decision attested through Rubric generates a supervision record — timestamped, ML-DSA-65 signed, and anchored to HCS. Records are retained for the FINRA-required minimum period. The Enterprise examination package includes a FINRA-style attestation summary: total decisions, supervision coverage, exception reports, and reviewer sign-off chain.
Human Oversight Attestation
When a compliance officer or supervisor reviews, approves, or overrides an AI decision, that action is attested alongside the original AI decision — creating a complete chain of custody from AI output to human sign-off. Required under FINRA 3110 and EU AI Act Article 14.
FFIEC IT Examination
FFIEC IT examiners now include AI governance in examination scope. Rubric generates the third-party AI vendor audit evidence, access log completeness metrics, and policy enforcement summaries examiners ask for.
FFIEC examination package includes: third-party AI provider inventory auto-built from attestation data, access control evidence via API key audit trail, log completeness metrics showing attestation coverage vs. total AI decisions, and policy enforcement summary. Export as structured JSON for direct GRC ingestion.
Rubric attestations are anchored to an independent public ledger — outside your stack entirely. This satisfies FFIEC requirements for third-party verification that internal logging systems cannot provide.