Give your LLM-powered product a tamper-evident audit trail — so every prompt, decision, and output can be independently verified, without handing over raw conversations.
The problem
Most AI products have no reliable record of what was said, when, or why. That's a compliance gap, a liability risk, and an incident-response nightmare.
01
Once a response is served, there is no trustworthy record of the exact prompt, retrieved context, or output. Server logs are mutable. Screenshots prove nothing. Regulators and lawyers want evidence, not assertions.
02
EU AI Act, financial regulators, and enterprise procurement teams increasingly demand proof that your AI behaved as claimed — not just a policy document, but immutable, independently checkable evidence.
03
When a hallucination causes a real-world problem, you need to replay the exact runtime state. Without a cryptographic audit trail, you're guessing — and guessing doesn't hold up in post-incident review.
How Tracestone helps
Tracestone wraps your existing LLM calls and produces independently verifiable evidence — without any raw conversation leaving your environment.
Every LLM call is hashed and appended to a tamper-evident log. Each entry is cryptographically linked to the previous one — any modification breaks the chain and is immediately detectable.
Audit evidence is generated from cryptographic commitments of the original data. Third parties verify the proof — not the prompt. Raw conversations never leave your infrastructure.
Generate structured evidence packages for legal review, SOC 2 audits, and enterprise security questionnaires. One command, verifiable offline, no Tracestone infrastructure required at review time.
Integration
Tracestone wraps your existing LLM client. No data leaves your environment. The audit chain is written locally and sealed with a cryptographic root that can be published or kept private.
Wrap your LLM client — one import, one decorator. Works with any OpenAI-compatible endpoint.
Runtime hashing — each call is committed to the local audit chain before the response is returned to your app.
Seal and export — close an audit period, sign the root, and generate a portable evidence bundle.
Verify independently — any auditor runs the OSS verifier against the bundle. No Tracestone account required.
# Before Tracestone from openai import OpenAI client = OpenAI() response = client.chat.completions.create( model="gpt-4o", messages=messages ) # After — full audit chain, zero exposure from openai import OpenAI from tracestone import AuditChain client = OpenAI() chain = AuditChain(path=".audit/") @chain.trace def call_model(messages): return client.chat.completions.create( model="gpt-4o", messages=messages ) # Seal and export bundle = chain.seal() # → .audit/bundle_2026-06-03.tsb # Verify: tracestone verify bundle_*.tsb
Common questions
Does Tracestone see my prompts or responses?
No. The audit chain is built entirely inside your infrastructure. Tracestone's SDK hashes the data locally — the hash is recorded, not the content. Nothing is transmitted to Tracestone servers unless you explicitly opt in to cloud storage.
What does "independently verifiable" mean in practice?
It means an auditor with the evidence bundle and the open-source verifier can confirm that a specific prompt produced a specific response at a specific time — without asking Tracestone, without network access, and without trusting your word. The cryptographic proof is self-contained.
Which LLM providers are supported?
Any provider with an OpenAI-compatible API is supported out of the box, including cloud-hosted and self-hosted models. Custom HTTP adapters are also supported for proprietary endpoints.
How much latency does the audit chain add?
Typically under 1 ms per call. Hashing is performed synchronously in the request path, but the I/O write to the audit log is async and does not block your LLM response from returning to the caller.
We're working with early design partners. If your team needs audit-grade evidence for an LLM product, reach out directly.