Proof Index

A governance product should hold itself to its own standard: claims tied to evidence, not asserted. Every major claim below is mapped to how you can check it — and we label the honest verifiability tier of each, including the ones you can only see in the demo or that are still stage-gated.

Last updated 2026-07-10 · [email protected]

VERIFY NOW · public, no account REPRODUCE · script + method provided SEE IT · recorded on camera IN THE DEMO · free, no signup PUBLISHED · honest boundary
ClaimHow to check it yourselfTier
Evidence Pack is tamper-evident & verifiable offline Download the real signed pack + the standalone verifier, run it (no network, no account), then flip one byte and watch it fail: /evidence/sample-pack/ VERIFY NOW
Ed25519 signature + SHA-256 hash chain The verifier re-computes the manifest signature, all file hashes, and the whole chain — the captured PASS output and the verifier source are on the same page: sample pack VERIFY NOW
~1,800 governed calls/second across three nodes, chain still valid Download the exact k6 load-test script and run it against your own rig — method + numbers below. proofpane-loadtest-k6.js REPRODUCE
DLP redacts secrets before the model sees them Watch five AI tools read a secret file — the AWS key comes back redacted before any model sees it: /demos (govern-tools walkthrough, captured live) SEE IT
Policy gate denies / pauses risky actions before execution On camera: a menu-bar tray fires an Approve/Deny checkpoint before a tool call runs — /demos; or trigger it yourself in the no-signup demo SEE IT
335 controls across NIST AI RMF · ISO 42001 · EU AI Act · GDPR · SOC 2 Browse the control catalogue and per-skill mappings in the demo org: app.proofpane.com/login?demo=1 → Compliance IN THE DEMO
Cost metered at one choke point, reconciled 1:1 vs vendor invoice Open the usage ledger + reconciliation view in the demo org: demo → Billing / Usage IN THE DEMO
Every run is a replayable audit tree with full lineage Open any agent run in the demo org and expand the tree — each tool call, policy decision, token and dollar: demo → Agent runs IN THE DEMO
Per-client coverage depth (gate+transform / gate-only / observe) The full honest coverage matrix — including the column of what we deliberately can't reach — is on the homepage’s deep-dive and in vs GRC & logs PUBLISHED
Security posture (data flow, encryption, tenant isolation, roadmap) Plain-text, item-by-item, with SOC 2 / pen test / signing tagged honestly as roadmap: Trust Center PUBLISHED
Reproduce the throughput number. The claim is ~1,800 governed calls/second across three 16-vCPU nodes with the hash-chained audit still verify-valid under concurrent load (measured on the async-writer path, p99 ≈ 0.9 s at that rate). The script above is the exact k6 test; point it at your own deployment and target rate:
BASE_URL=https://your-deployment DEVICE_ID=<id> TOKEN=<device-token> \
  MODE=perf TARGET=mcp_event TARGET_RPS=1800 DURATION=80s \
  k6 run proofpane-loadtest-k6.js

Numbers scale with hardware; a single node holds a lower rate. We publish the ceilings and the trade-offs (latency vs throughput, the lock-convoy vs decoupled-sealer story) rather than a single hero figure — ask for the perf notes if you want the full methodology.

Tiers we won’t pretend about. Two claim-classes have no public artifact yet, and we say so: a third-party penetration test and SOC 2 Type II are stage-gated (see the Trust Center roadmap), and there is no customer case study yet — we’re onboarding founding design partners. Those are the honest gaps; everything above this line, you can check today.

Found a claim on the site without a row here? Email [email protected] — it either gets an evidence link or gets cut.