For Chief Compliance Officers
Turn model risk into evidence, not policy.
CCOs use Prova as the AI control plane: a tamper-evident audit trail for every AI decision your enterprise makes, gateway-mode policy enforcement, and a board-ready AI Risk Score on a single slide.
The wedge is the regulated mid-market: insurance carriers, regional banks, healthcare SaaS, and broker-dealers now inside FINRA's 2026 Regulatory Oversight Report scope, the teams that have to prove AI governance to a regulator without a large GRC department.
Signed receipts for every decision
Every model call, agent step, and tool call lands in the Audit Vault as an Ed25519-signed receipt. Cost in USD is signed into the integrity block too. Attach the receipt to the audit file, the regulator submission, or the internal review packet.
Per-agent cost + hard budget caps
Cost attributed per app and per agent, not per API key. The monthly_budget_cap policy blocks at the gateway when an org would cross its declared cap. Finance gets the same number Compliance audits gets.
Runtime autonomy boundaries
Declare what an agent run is allowed to do (tools, steps, budget, data scopes). The SDK breaks on violation, the boundary_violation policy signs the audit trail. Article 14 oversight has a verifiable record.
Five inline detectors
Coordination loops, prompt injection, PII leak, bias drift, groundedness. Each finding writes its own signed receipt and feeds the AI Risk Score.
AI Risk Score for the board
One 0-100 number across five components: audit coverage, detector breadth, policy coverage, enforcement rate, compliance readiness. Signed quarterly export for regulators.
What CCOs ask first
How is this different from model observability?
Observability tools produce metrics and alerts across a population of calls. Prova produces a tamper-evident signed receipt for the specific AI decision in front of you. The receipt is independently verifiable without trusting Prova.
What do we show a regulator?
A signed Audit Vault export for the window in question, plus the AI Risk Score quarterly artifact. The export is machine-readable, the signature is verifiable offline against our published public key, and the Risk Score breaks down into a remediation list.
Does this require changing how we call our models?
No. Two paths. Either drop the SDK in and emit receipts from your existing agent code, or route model traffic through the Prova gateway and get policy enforcement plus receipts at the network layer. Both paths produce the same audit trail.
What about EU AI Act, FDA, SEC, HIPAA?
The signed-receipt format covers Article 12 automatic record-keeping under the EU AI Act, whose high-risk obligations are enforceable from August 2, 2026, which is the readiness clock most regulated buyers are working against. The Risk Score per-org weighting profiles include EU AI Act, fintech, and healthcare. Self-hosted deployment keeps all data inside your perimeter for HIPAA / FedRAMP boundary requirements.
See your first signed receipt in under two minutes.
No credit card. First 100,000 events free per month.
START FREE