Govern every AI action.
Before, during, and after.

One platform for policy enforcement, content scanning, LLM gateway, human approval, and cryptographic receipts.

4 policy modes

Rules, AI, consensus, content scan

NER + regex scanner

Names, SSNs, credentials, injection

LLM Gateway

Any provider, zero code change

Human approval

Signed decisions in the receipt chain

Ed25519 receipts

Every state signed, RFC 3161 timestamps

W3C DID

Verifiable agent identity

Start free →See how it works
BeforeBlock sensitive data

NER + regex scanner catches SSNs, names, credentials. Gateway blocks before any LLM sees it. Policy engine enforces rules, AI policies, consensus.

DuringHuman in the loop

High-risk actions held for approval. Signed decision embedded in the receipt chain. No action runs without authorization.

AfterCryptographic proof

Ed25519 receipt + RFC 3161 timestamp on every outcome. Denied, failed, approved — all signed. Verify with OpenSSL, no account.

Policy engineContent scannerLLM GatewayHuman approvalEd25519 receiptsW3C DIDEU AI ActDORASR 11-7ISO 42001GDPR

Hosted or self-hosted · Works for AI agents, agentic and non-agentic, API calls, webhooks, batch jobs, RPA

The platform

Seven steps. One platform.

From agent registration to compliance evidence. Each step has a concrete example of what Aira does — not what it could do.

01Register agents

Who is acting?

Every agent gets a W3C DID — a verifiable identity that follows it across deployments. Key rotation built in. Receipts are tied to a real identity, not just an API key.

Agent identity

agent_idpayments-agent
diddid:web:airaproof.com:agents:payments-agent
keyEd25519VerificationKey2020
statusactive
02Set policies

What are the rules?

Four policy modes, stackable per action type. Deterministic rules for speed. Plain-English AI policies for nuance. Multi-model consensus for high-stakes. Content scanning for sensitive data.

Four modes

Rules<1μs

action_type == "wire" AND amount > 50K

AI policy~2s

Block actions involving personal data

Consensus~5s

3 models vote — 2 REVIEW, 1 APPROVE

Content scan<5ms

NER + 27 regex: SSN, names, credentials

03Route traffic

How does it flow?

The gateway sits between your agents and any LLM provider — OpenAI, Anthropic, Google, Ollama, or any OpenAI-compatible endpoint. Two lines of config. Every call policy-checked, scanned, and receipted. Zero code change.

Gateway setup

# any OpenAI-compatible provider
client = openai.OpenAI(
    **gateway_openai_kwargs(aira_api_key="aira_live_...")
)
04Scan content

What's sensitive?

NER (Microsoft Presidio) catches person names, addresses, dates of birth, medical data. Regex catches SSNs, credit cards, API keys, IBANs. Runs on inputs before the LLM and on outputs after. In-process, <5ms.

Content scan result

us_ssncritical
ner_personwarning
ner_locationwarning
intl_phonewarning
05Approve actions

Who decides?

High-risk actions are held for human review. Approvers get a secure single-use link. The approval decision is Ed25519-signed and embedded in the receipt chain. No action runs without explicit authorization.

Approval flow

actionwire_transfer · €75,000
policyWire transfers > €10K require approval
statuspending_approval
approvercompliance@acme.com
decisionapproved · Ed25519-signed
06Sign outcomes

What happened?

Every action — authorized, denied, or failed — gets an Ed25519 receipt with an RFC 3161 timestamp. The receipt commits the policy decision, scan results, approval chain, and outcome. Universal receipts mean zero audit gaps.

Ed25519 receipt

action_uuidfa81dff6-0d20-47a9-...
statusnotarized
signatureed25519:IRJK2NDu8mXA...
timestampRFC 3161 · freetsa.org
verifyopenssl — no account needed
07Prove compliance

Show the regulator.

Compliance bundles map article-by-article to EU AI Act, DORA, ISO 42001, SR 11-7. Merkle-rooted, signed, sealed. Anyone can verify any receipt at the public endpoint with OpenSSL — no Aira account needed.

Compliance coverage

EU AI ActArticle 12 record-keeping
DORAArticles 17-19 incidents
SR 11-7Model inventory
ISO 42001Control evidence
GDPRHash-only by default
How it works

Gate. Sign. Prove.

Three steps around any action: scan and enforce policies before execution, sign the outcome after, prove it to anyone later. Two SDK calls, or route LLM traffic through the gateway with zero code change.

01

Gate

Before execution

Policy-check and scan before anything runs.

Content scanner (NER + 27 regex patterns) catches SSNs, names, addresses, API keys, prompt injection. Policy engine evaluates rules, AI policies, or multi-model consensus. Human approval holds high-risk actions. The gateway blocks sensitive data before it reaches any LLM.

NER + regex · 4 policy modes · human approval · gateway
# policy + scan before execution
auth = aira.authorize(
    action_type="wire_transfer",
    details="Send 75K to vendor-x",
    agent_id="payments-agent",
)
02

Sign

After execution

Seal every outcome cryptographically.

After the action runs, mint an Ed25519 receipt with an RFC 3161 timestamp. The receipt commits the policy decision, scan results, approval chain, and outcome. Denied actions get a denial receipt — zero audit gaps. Output scanning catches sensitive data in LLM responses too.

Ed25519 + RFC 3161 · universal receipts · output scanning
# sign the outcome after execution
receipt = aira.notarize(
    action_id=auth.action_id,
    outcome="completed",
    outcome_details="Wire ref: TXN-9482",
)
03

Prove

Verify

Cryptographic proof that nothing leaked.

Every action — authorized, denied, or failed — gets an Ed25519-signed receipt with an RFC 3161 timestamp. The receipt proves what was scanned, what was blocked, and what was allowed. Verify with OpenSSL alone — no Aira account needed.

Ed25519 + RFC 3161 · universal receipts · public verification
# anyone can verify — no account needed
$ curl api.airaproof.com/api/v1/
  verify/action/<uuid>

{ "valid": true,
  "algorithm": "Ed25519",
  "signer": "did:web:airaproof.com" }
Try it live

See what your agents are leaking.

Paste any text and see what our NER + regex content scanner catches. In production, this is one layer of seven — actions also pass through policy rules, AI evaluation, consensus voting, and human approval before touching any LLM. Try the full interactive demo to test all seven steps.

Results

Click Scan to see what the content scanner finds.

Live demo

Mint a receipt.
Right now.

An AI agent wants to wire €75,000 to a vendor. Watch Aira authorize the action, sign the outcome, and produce a receipt anyone can verify.

Action under reviewidle
action_typewire_transfer
agent_idpayments-agent
amountEUR 75,000.00
recipientvendor_x · DE89 …4321
requested_byclaude-sonnet-4.5
1Evaluate rules + AI policies
2Mint Ed25519 receipt
3Anchor RFC 3161 timestamp
// receipt — ed25519 + rfc3161 { "action_uuid": "····························", "action_type": "wire_transfer", "agent_id": "payments-agent", "decision": "allow", "outcome": "completed", "outcome_details": "Wire ref: TXN-9482", "timestamp_rfc3161": "2026-04-17T14:22:08Z", "payload_sha256": "································································", "signature_ed25519": "································································································································" }
The full stack

Seven chapters.
Read the ones you need.

Most layers work for any code path.

AImarks features that use the model or agent layer.

Chapter I

Policy engine

The rules, AI policies, consensus voting, and content scans that decide what an action can do — before it runs.

1 / 7
01

Rules

Deterministic. Instant. No LLM. Wire transfers over €50K require approval. Data deletion is blocked.

02

AI policiesAI

Plain English policy, evaluated per action by an LLM. Flexible enough for nuanced business logic.

03

ConsensusAI

Multiple models vote. Disagreement holds the action. No single model has the final word.

04

Content scan

PII, leaked credentials, prompt injection — caught on inputs and outputs. Flag, deny, or redact.

Integrations

Any model.
Any agent.

Aira intercepts at the action layer — which LLM your agent runs on, which framework you wrap it in, is up to you.

Models

Anthropic
OpenAIOpenAI
GoogleGoogle
Meta
MistralMistral
DeepSeek
AWS BedrockAWS Bedrock

Agent frameworks

LangChainLangChain
Vercel AIVercel AI
OpenAI AgentsOpenAI Agents
Google ADKGoogle ADK
AWS BedrockAWS Bedrock
CrewAICrewAI
MCPMCP

Cloud or fully self-hosted.

Run Aira on your own Kubernetes cluster with your own signing keys. Nothing leaves your network. Same SDK, same verify URL scheme.

Self-host guide
Side effect

Compliance comes automatically.

The same audit trail that proves an action was authorized is what regulators ask for. Govern the agent, get the paperwork.

EU AI Act

Article 12 record-keeping is the default, not a bolt-on.

Up to €35M or 7%
DORA

Article 17–19 incident lifecycle + signed major-incident PDFs for ESA submission.

Up to €10M or 2%
SR 11-7

Model inventory, validation, and monitoring come with every receipt.

US banks
GDPR

Hash-only by default. Raw details never stored unless opted in.

Up to €20M or 4%
ISO 42001

Compliance bundles map one-to-one to the required control evidence.

Global
Common questions

Answers,
before you ask.

If something here isn't right for your shape — DM us. We answer.

Yes. authorize() and notarize() are action-level primitives — they don't care if the caller is an AI agent, a webhook handler, an RPA bot, or a deterministic micro-service. The cryptographic receipt is the same. AI agents are our wedge because of EU AI Act and DORA urgency, but the API is general-purpose.

Yes. The entire stack runs on your own Kubernetes cluster — API, policy engine, signing keys, Postgres, everything. Nothing leaves your network. You get the same SDK, the same dashboard, and the same public verify URL scheme. Regulated industries and data-sovereignty use cases run self-hosted by default.

No. Rules and content scans run in-process via the SDK — your sensitive data never leaves your network for the deterministic checks. Only AI policies and consensus voting round-trip to Aira (the LLM has to live somewhere). Self-hosted deployments keep everything on your infrastructure, including the LLM calls.

The SDK supports offline mode — receipts queue locally and sync when the API is back. Your action doesn't block on Aira availability. The cryptographic signature is still valid offline because the keys are in your local SDK process.

Pricing

Simple pricing.
Every feature on every plan.

You pay for volume, not features. One op is an authorize, a case run, a chat message, a compliance bundle, a settlement, or a drift check. Notarizing is free.

Free
€0/mo

Your first agent, free.

Start free
  • +100 ops / month
  • +3 seats
  • +Community support
Most popular
Pro
€299/mo

Agents in production.

Start free
  • +10,000 ops / month
  • +Unlimited seats
  • +Email support
Business
€699/mo

When decisions have consequences.

Start free
  • +100,000 ops / month
  • +Unlimited seats
  • +Priority support
  • +99.5% SLA
Enterprise
Custom

Regulated industries, self-hosted.

Contact sales
  • +Unlimited ops
  • +Dedicated support
  • +99.9% SLA
  • +Self-hosted
  • +SSO / SAML

Pay-as-you-go overage · Pro €0.05 / op · Business €0.03 / op (€0.015 per case) · Free hard-walls at 100 · Self-hosted has no cap

Your agents are running.
Start proving it.

One API call sits between your agents and production.

Start free, 100 ops a month →See it live

No credit card · Self-hostable · Open-source SDKs