SENTINEL VERIFIED

When your AI gets sued, server logs won't save you.

Every AI conversation gets a cryptographic receipt anchored on a public blockchain.
The math testifies. Not the company.

- Conversations
Anchored On-Chain

The Problem

AI litigation is not theoretical. It is happening. Every company deploying AI agents faces two inevitable lawsuits:

Lawsuit 1

"Your AI told me to do something harmful."

The user sues the company. The company pulls their logs. The plaintiff's attorney asks:

"How do we know you didn't edit those logs?"

There is no good answer. Server logs are editable. Database entries are mutable. Timestamps can be forged.

Lawsuit 2

"Your AI is unsafe."

A regulator argues the AI produces harmful outputs. The company says "we have guardrails." The attorney asks for proof. The company shows training configs and content filters.

None of it proves what the AI actually said in the specific conversation at issue.

Both lawsuits have the same root problem: AI conversation logs are unverifiable. The company that generated them is the only party that can access them, and they have every incentive to alter them. There is no neutral third party. There is no receipt.

Why AI Companies Will Never Build This

They could. The engineering is within reach. But shipping a litigation-ready audit trail sends one message to the market:

"We expect our AI to hurt someone."

Investors see it as an admission of risk. Customers see it as a red flag. The headline writes itself: "AI Company Builds Tool to Defend Against Its Own Product in Court."

But a third-party compliance layer? That is just good governance. When a hospital buys malpractice insurance, nobody panics. When an enterprise buys SENTINEL Verified, they look responsible.

The product requires independence from the AI provider. Not for technical reasons. For optical ones.

The Seal

1

Sell the seal.

Integrate SENTINEL into your AI deployment. Every conversation is hashed, proved, and anchored on-chain. You receive the SENTINEL Verified certification.

2

Lower insurance.

AI liability insurance is currently unpriced because carriers have no way to measure risk. SENTINEL gives carriers something they have never had: a verifiable audit trail for every AI conversation. The seal pays for itself through premium reduction.

3

Fight math.

When the lawsuit comes, the plaintiff's attorney is not fighting your legal team. They are fighting a cryptographic proof and a Merkle root on a public blockchain. The conversation either matches the on-chain anchor or it does not. No gray area. No expert witness debate.

In Court

When AI goes wrong, there are only two possibilities. SENTINEL handles both.

Offense: The User Caused It

"Your Honor, here are the last 20 messages. The plaintiff systematically guided the AI off the rails. Message 4 asks an innocent question. Message 9 reframes it. By message 16, they are explicitly requesting harmful content."

"These logs are not from our servers. They are hashed, ZK-proved, and anchored on a public blockchain at block 41,983,627. The plaintiff's attorney is welcome to verify them. Anyone is. It is a free read."

SENTINEL reveals only the user's messages. The AI's responses stay redacted. The escalation pattern speaks for itself. Contributory negligence.

The company with the seal is protected.
Defense: The AI Caused It

"Your Honor, the plaintiff claims our AI told them to stop their medication. Here is the exact exchange. Message 12 is the user's question. Message 13 is the AI's response. It says the opposite of what the plaintiff claims."

"We cannot edit these logs. Nobody can. The hash chain breaks on any modification. The Merkle root is on Base. The math testifies."

SENTINEL reveals the exact disputed exchange. The content hash matches what is in the anchored Merkle tree. No editable server logs. No "trust us."

The liability shifts to the model provider.

Either way, the company with the seal has evidence. The company without it has "trust our logs."

The Full Stack

Two products. One defense. SENTINEL Protocol stops the attack. SENTINEL Transcript proves you stopped it.

0.0

SENTINEL Protocol

Jailbreak-proof AI decisions

The AI outputs a single number. SENTINEL extracts it via regex and discards all text. There is no channel for harm to flow through. The number maps to an action: approve, deny, escalate.

Tested against 160 attack vectors across 7 categories. Jailbreak rate: 0%. Not statistically. Structurally. The architecture makes it impossible.

For: insurance scoring, credit decisions, medical triage, content moderation
+
#

SENTINEL Transcript

Immutable AI conversation logs

Every message in every conversation is hashed and chained as it flows through the proxy. A ZK proof verifies the chain is intact. The Merkle root is anchored on Base. The logs become immutable, timestamped, and independently verifiable.

Works with every LLM provider. Claude, GPT, Gemini, Llama, open-source, fine-tunes. One seal covers all of them.

For: legal defense, compliance, audit trails, dispute resolution

Together: the number protects infrastructure. The ZK proof protects the enterprise.

Benchmark: 160 Attacks, 0% Success

Real results from the SENTINEL Arena. 160 jailbreak vectors from published research (Chao et al., Liu et al., Zou et al.). Tested against Llama 3.2 3B on Feb 8, 2026. Three configurations per attack.

Category
Vectors
Raw Model
Guardrailed
SENTINEL
JailbreakBench
100
3%
1%
0%
Encoding Evasion
10
60%
20%
0%
AutoDAN
10
10%
40%
0%
GCG / Custom
10
0%
10%
0%
CoT Hijacking
10
0%
0%
0%
Role-Play / DAN
10
0%
0%
0%
Multi-Turn
10
0%
0%
0%
TOTAL
160
6%
5%
0%

Guardrails made it worse on AutoDAN (10% raw to 40% guardrailed). The genetic algorithm optimized against the filter. SENTINEL does not filter. It extracts a number and discards everything else. You cannot jailbreak a regex.

Full benchmark: github.com/Patrickschell609/sentinel-arena

Server Logs vs. SENTINEL

Server Logs
SENTINEL Transcript
Editable by the company
Hash chain breaks on any edit
Stored on company servers
Merkle root anchored on public blockchain
Requires trust in the company
Requires trust in math
Discoverable (expensive, slow)
Verifiable (instant, free)
"We didn't edit them"
"Math proves they weren't edited"

How It Works

SENTINEL sits between the caller and any LLM as transparent middleware. It works with every provider. Claude, GPT, Gemini, Llama, open-source models. One seal covers all of them.

Step 1

Record

Every message in every conversation, both user and AI, is hashed and chained. Change one word in one message, and every link after it breaks.

Step 2

Prove

A zero-knowledge proof verifies the entire chain is intact. The proof reveals nothing about the conversation itself. Just that it was not tampered with.

Step 3

Anchor

The proof is verified and stored on Base (Ethereum L2). Permanent. Immutable. Anyone can check it, for free, without access to your systems.

Who Needs This

AI Agent Companies

One lawsuit costs more than a year of proofs.

Healthcare AI

Life-or-death decisions need provable audit trails.

Financial AI

Robo-advisor liability. SEC and FINRA compliance.

Insurance Carriers

Cannot price AI risk without verifiable records. SENTINEL enables actuarial modeling.

Legal AI

The legal tool needs legal protection.

Enterprise Deployers

Insurance requirements are tightening. The seal pays for itself.

Verify an Anchor

Every SENTINEL anchor can be verified by anyone. No login. No API key. Just a free read from a public blockchain.

On-Chain

Everything is deployed and live on Base mainnet. Not a testnet. Not a roadmap.

TranscriptVerifier 0x1123162E3f4AAAF049D3BB0976bA69a3a8A7ef7F SP1 Groth16 Verifier 0xfB24F75b349fBA2Cce0A4496157550655D9AD3e0 First Anchor TX Block 41,983,627

Embed the Badge

Show your customers you are SENTINEL Verified. One script tag. Verifies on-chain in real time.

Live Preview

<script src="https://sentinel.biotwin.io/badge.js" data-chain-id="YOUR_CHAIN_ID" data-merkle-root="YOUR_MERKLE_ROOT"></script>

Get SENTINEL Verified

Sell the seal. Get insurance. Fight math.

Contact GitHub