Launched this week
Project AIR by Vindicara
Open source SDK for AI agent governance and audit
9 followers
Open source SDK for AI agent governance and audit
9 followers
Cryptographic chain-of-custody. Court-supportable records. Rekor-anchored proof. Every action your agents take, bound to a workload identity, anchored on a public transparency log, independently verifiable by anyone. AIR isn't a guardrail, a governance dashboard, or a compliance checklist. It's the forensic substrate underneath β producing signed evidence the rest of the stack can consume. Built for EU AI Act Article 72 (Aug 2, 2026). Four shipping layers, pip install ready.
Hi β Kev here, the maker.
When an AI agent does something it shouldn't β wrong tool call, prompt injection, data going somewhere it shouldn't β most teams reach for logs.
Logs aren't evidence. Evidence has to be tamper-evident, independently verifiable, and survive without you. That gap is what Project AIR fills.
The credibility hook: the OWASP Top 10 for Agentic Applications (v12.6) names the "Signed Intent Capsule" as the canonical mitigation for ASI01. We didn't invent the pattern β we shipped a production implementation of it.
How it works: every agent decision is content-hashed (BLAKE3), signed (Ed25519), chained to the previous step, and anchored on Sigstore Rekor. Anyone can verify the chain offline, years later, even without us. The capsule format is AgDR-compatible.
Four layers in v0.7:
β Trust Anchor β Cryptographic signing + public transparency log. β Investigation β air explain walks the causal graph. "Why did the agent do that?" is one command, not a four-hour log dive. β Containment β air approve puts a verified human in the loop. The approval itself is signed evidence. β AgDR Handoff β When agents hand work to other agents, the chain of custody survives the handoff.
Why now: EU AI Act Article 72 (post-market monitoring) takes effect August 2, 2026. Most teams have a guardrail story. Few have an evidence story.
If you work on agent reliability, compliance, or AI safety β I'd love to hear what's missing.
I've been following the AI agent space closely and the accountability
gap is so real. Every time something goes wrong with an agent everyone
is just screenshots and vibes. The fact that this produces actual
verifiable records that don't depend on trusting the company behind
it is genuinely exciting. Rooting for this one.
@nyein_soneΒ Nyein β "screenshots and vibes" is exactly it. That's the entire incident response experience for most teams right now. The independence from vendor trust is the part I'm most proud of architecturally. Sigstore Rekor is run by the Linux Foundation β we couldn't tamper with your records even if we wanted to. That's the guarantee that actually holds up in a legal or regulatory context. Really appreciate you taking the time. What space are you building in?
π We're live today β excited to finally have this in front of the PH community.
I'm here all day. If you're building with AI agents and have questions about the signing architecture, OWASP ASI coverage, or the EU AI Act Article 72 implications β ask anything. Nothing is off limits.