AI that satisfies model-risk review.
Banks, asset managers, and insurers use Prova as the control plane for AI in credit decisions, compliance memos, and investor-facing work. For EU-facing systems, Article 12 automatic record-keeping is enforceable from August 2, 2026, and a signed receipt per decision is the record it asks for. Tamper-evident receipts, gateway-mode enforcement, AI Risk Score for the board.
The problem with unverified AI reasoning
SR 11-7 and SS1/23 demand evidence, not assertions
Model-risk frameworks increasingly require proof that AI was governed at the instance level. Aggregate logs are not enough. Signed receipts are.
AI decisions that loop or leak
Multi-agent research and credit workflows can loop silently between retrieval, analysis, and drafting agents. PII can leak through chained prompts. Inline detectors catch both.
Regulatory and internal audit friction
Every AI-assisted decision eventually becomes an audit exhibit. A signed Audit Vault export plus an AI Risk Score is the cleanest possible exhibit.
How Prova solves it
Signed receipt per AI decision
Each model call, agent step, and tool call produces a tamper-evident Ed25519-signed receipt. Attach it to the credit file, the compliance memo, or the research deliverable.
Gateway-mode enforcement
Run policies and detectors before the model call. Secrets, budget overruns, out-of-bounds tool calls, and unauthorized agent capabilities are blocked before they execute. Raise PII or your own off-policy credit checks to block when you want them enforced the same way. Both attempt and outcome land in the audit trail.
AI Risk Score for the board
A 0-100 score across five components. Per-org weighting profiles for fintech, healthcare, and EU AI Act. Signed quarterly export with the weighting stamped in so re-weighting is auditable.
Per-agent cost attribution + hard caps
Cost in USD signed into every receipt. Per-app and per-agent attribution in multi-agent research and credit workflows. The monthly_budget_cap policy blocks at the gateway when an app crosses its declared cap, so a runaway agent never produces a surprise AI bill.
Bring regulated AI under one control plane.
Self-hosted deployment available for bank-grade data policies.