Cryptographic Compliance
for AI Agents
Prove your AI agent is well-behaved — without revealing how it works. Zero-knowledge STARK proofs, behavioral injection detection, and data loss prevention in one SDK.
How It Works
From behavioral observations to a tamper-proof compliance record — six steps, fully automated.
Observe
Collect behavioral metrics from your AI agent — quality scores, latency, safety checks, or any measurable signal.
Detect
Screen inputs for prompt injection, Unicode attacks, and privilege escalation. Score behavioral deviation in real time with BID.
Prove
Generate a STARK proof in 9ms attesting behavior stays within your defined limits. Raw data never leaves the prover.
Verify
Anyone can verify the proof — clients, auditors, regulators — without seeing the raw data. Zero-trust, tamper-proof.
Chain
Link proofs into a cryptographic chain. Each proof references the previous one, creating a verifiable behavioral timeline.
Register
Publish proofs to the on-chain registry. Immutable, publicly auditable, timestamped — your compliance record of truth.
Why SENTINEL
Purpose-built for AI agent compliance. Not another generic ZK platform.
Zero-Knowledge by Design
Your raw observations never leave the proof. Auditors verify compliance without seeing proprietary operational data. Designed for GDPR, CCPA, and DORA compliance by construction.
9ms Proof Generation
Fast enough for synchronous API calls. Generate proofs in real-time as part of your agent's workflow — no batch jobs, no waiting.
Behavioral Injection Detection
BID scores behavioral deviation on a 0-100 scale with graded response — from enhanced monitoring through automatic session termination. Detects injection by its effects, not its patterns.
Taint Analysis
Track data provenance across your agent pipeline. Tag inputs with trust levels (system, user, tool, untrusted) and detect privilege escalation when untrusted input claims system authority.
Data Loss Prevention
Scan agent outputs for PII, credentials, API keys, and system prompt leakage. Canary token system detects exfiltration attempts — inject trackable synthetic data and alert on leakage.
Input Sanitization
Strip invisible Unicode characters, zero-width joiners, bidirectional overrides, reasoning tag injection, and model control tokens. Clean inputs before they reach your agent.
Proof Chaining
Link proofs into a cryptographic chain where each proof references the previous one. Build a verifiable behavioral timeline that auditors can walk from genesis to present.
Proof Registry
Publish proofs to a public, immutable registry at registry.starksentinel.com. Timestamped, queryable, and independently auditable — your compliance record of truth.
Proof Aggregation
Aggregate thousands of proofs into a single Merkle commitment. Verify an entire compliance history in one call — constant-time verification at any scale.
VBA Standard
The Verifiable Behavioral Attestation standard defines how proofs, chains, and registrations compose. An open specification with 5-language reference verifiers for interoperable AI compliance.
Client-Side Verification
Ship our WASM verifier to your clients. They verify proofs locally in 158ms — no network calls, no trust in SENTINEL required.
MCP Native
Drop SENTINEL into any MCP-compatible AI agent framework. Eight tools — prove, verify, chain, aggregate, verify-aggregate, compute BID, sanitize input, and health. Five-minute integration.
Defense in Depth
Five real-world attack vectors. Five dedicated defenses. Layered protection that catches what single-point solutions miss.
Token Flood / Siege Attack
Attack Vector
Overwhelm the agent with massive input to exhaust token budgets, bypass safety filters, or cause denial of service through resource starvation.
SENTINEL Defense
Token Budget Advisory — per-request and cumulative token counting with configurable soft/hard limits. Catches economic attacks before they drain resources.
Unicode / Invisible Character Injection
Attack Vector
Hide malicious instructions using zero-width characters, bidirectional text overrides, Unicode Tags block, or other invisible sequences that bypass text-based filters.
SENTINEL Defense
Input Sanitizer — strips Unicode Tags block, zero-width joiners/non-joiners, bidirectional control characters, and invisible formatting. BID preheat raises sensitivity when sanitization events occur.
System Command Mimicry
Attack Vector
Inject instructions that impersonate system-level commands — role reassignment, prompt boundary manipulation, instruction overrides — to escalate privileges within the agent pipeline.
SENTINEL Defense
Taint Tracker — labels all inputs with trust levels (SYSTEM > USER > TOOL > UNTRUSTED). Detects privilege escalation across 10 patterns including role prefix injection, instruction override, and prompt boundary manipulation.
Reasoning Tag Manipulation
Attack Vector
Inject <thinking>, <thought>, <antThinking>, or model control tokens (<|im_start|>system) into untrusted input to hijack the model's internal reasoning process.
SENTINEL Defense
Reasoning Tag Sanitizer — regex-based stripping of reasoning tags and model control tokens from all untrusted input. Applied before the input reaches the agent, eliminating the attack surface entirely.
Data Exfiltration (Xfill)
Attack Vector
Trick the agent into leaking sensitive data — PII, credentials, API keys, system prompts — through creative prompting, indirect exfiltration channels, or encoded output.
SENTINEL Defense
Output Scanner + Canary System — 16-pattern regex scanner detects PII, credentials, and system prompt fragments in agent responses. Canary tokens inject trackable synthetic data — if it appears in output, you know there's a leak.
SC³ Competitive Moat
Four layers of structural advantage that compound over time. Each layer makes the next harder to replicate.
Switching Costs
Proof chains create cryptographic lock-in. Every new proof references the previous one — migrating means breaking your compliance timeline. The longer you use SENTINEL, the more expensive it is to leave.
Ecosystem Lock
The VBA Standard defines how proofs compose across vendors. 5-language reference verifiers (TypeScript, Rust, Python, Go, Java) mean anyone can verify — but everyone verifies SENTINEL proofs. The standard is open; the ecosystem converges on us.
Network Effects
The Proof Registry at registry.starksentinel.com is a public good — anyone can query, anyone can verify. The more companies publish proofs, the more valuable the registry becomes as a trust signal. Each new publisher strengthens the network for everyone.
Technical Ceiling
Proof Aggregation compresses entire compliance histories into a single Merkle commitment. Constant-time verification regardless of chain length. Replicating this requires deep STARK cryptography expertise — not a weekend project.
8 MCP Tools
Drop into any MCP-compatible AI agent framework. Five-minute integration, full defense stack.
sentinel_prove_behavior
Generate a STARK proof from behavioral observations. Supports proof chaining, BID score embedding, and configurable security levels.
sentinel_verify_behavior
Cryptographically verify a single STARK proof. Confirms proof integrity and public input authenticity.
sentinel_verify_chain
Verify an ordered chain of linked proofs. Checks cryptographic validity and hash continuity across the entire timeline.
sentinel_aggregate_chain
Aggregate a proof chain into a single Merkle commitment. Supports up to 10,000 proofs with per-proof summaries.
sentinel_verify_aggregate
Verify an aggregate proof by recomputing the Merkle root. Lightweight constant-time check — no re-verification of individual STARKs.
sentinel_compute_bid
Calculate Behavioral Injection Score locally. Returns a 0-100 score, response level, and per-metric sigma distances. No API call required.
sentinel_sanitize_input
Strip invisible Unicode characters, reasoning tags, and model control tokens. Returns cleaned text with per-category strip counts.
sentinel_check_health
Verify SENTINEL Attestation Service availability. Returns service status and API version.
Try It Live
Generate a real STARK proof right here. No sign-up, no API key needed.
Sends 8 sample behavioral observations to the live API and auto-verifies the result.
Built For
AI Agent Operators
Prove to your clients that your agent stays within behavioral bounds — response quality, latency, safety scores — without exposing operational data or proprietary algorithms.
Enterprise Compliance Teams
Get verifiable evidence that third-party AI agents are behaving as contracted. File cryptographic attestation reports with auditors for SOC 2, DORA, or internal audit.
Security Teams
Detect prompt injection, block data exfiltration, track data provenance, and get real-time alerts when agent behavior deviates from baseline. Defense in depth for the AI attack surface.
Start Proving
Free tier includes 100 proofs per month. No credit card required.