Skip to main content
How It Works

From One URL Change to Forensic Evidence in 15 Minutes

AI Identity is a transparent gateway between your agents and LLM providers. Change one URL, and every agent action becomes a tamper-evident, cryptographically-signed audit record — replayable on demand, verifiable offline.

01

Route Through the Gateway

Point your agents at the AI Identity gateway with one URL change. Every request — auth, policy evaluation, tool call, response — now flows through an evidence-capturing layer with sub-50ms overhead.

  • Drop-in replacement — change one URL
  • Works with OpenAI, Anthropic, Gemini, and more
  • Zero agent code changes, zero SDK lock-in
02

Identify Every Agent

Each agent gets a unique aid_sk_ credential so every event in the audit trail attributes back to the responsible agent — not a shared service account. Scope what it can call, when, and how much.

  • Unique per-agent identity (no shared keys)
  • Scoped permissions: tools, models, rate limits, budgets
  • Automated key rotation, instant revocation
03

Capture Tamper-Evident Evidence

Every request is recorded in an HMAC-SHA256 hash-chained log. Each event links cryptographically to the one before it — alter one record and the entire chain breaks. Sessions are sealed with DSSE + ECDSA-P256 attestations signed by hardware-held keys.

  • HMAC-SHA256 chained audit trail (per-org isolated)
  • DSSE + ECDSA-P256 signed session attestations
  • Signing keys held in KMS — never leave the HSM
04

Replay & Prove on Demand

When something goes wrong — or an auditor asks — scrub through any session step-by-step, export a signed evidence bundle, and hand it to your auditor. They verify it offline with our open-source CLI. No vendor trust required.

  • Scrubbable incident replay across auth, policy, tool calls, blocks
  • Export signed evidence bundles with chain-of-custody
  • Offline verification via open-source `ai-identity verify` CLI

One Line to Integrate

Replace your LLM provider base URL. That's it. Your agents are now authenticated, policy-checked, and forensically logged.

pythonBefore & After
# Before — direct to provider
client = OpenAI(api_key="sk-...")

# After — through AI Identity gateway
client = OpenAI(
    base_url="https://gateway.ai-identity.co/v1",
    api_key="aid_sk_your_agent_key",
)

# Everything else stays the same
response = client.chat.completions.create(
    model="gpt-4o",
    messages=[{"role": "user", "content": "Hello!"}],
)

See the replay before you wire it up

Walk through a live incident replay on the homepage, or talk to us about joining the design partner cohort.

Request Design Partner AccessView Incident Replay Demo

Building today? Spin up a free dev sandbox →