Forensic Reconstruction of Every AI Decision.
When AI misuse triggers a response, DeepInspect supplies the complete reconstruction of the execution timeline. The forensic store holds a request-level record for every AI interaction that passes through the gateway. Each record carries its own HMAC-SHA256 signature computed at commit time over the canonicalized record body, so any single record can be verified independently and a tampered record fails its own integrity check. The conversation with regulators, auditors, and legal counsel moves to signed records of what happened, rather than inferred narratives from logs.
Each stored event contains the identity of the user or agent that triggered the request, the session context, the specific model invoked, the tools accessed during the request, the data classifications detected in the payload, the policy version in force, the rule evaluation path, the enforcement action taken, and the tokenization mappings if any identifier was tokenized on the way to the model. The record format is stable across policy versions, so a forensic query against records from January and records from September returns comparable data.
For each event, the system records:
DeepInspect is a forensic system of record for every AI decision.
What Evidence Can DeepInspect Export for Regulators and Courts?
Legal review
Complete audit trails with cryptographic verification support legal proceedings. The export includes each record with its own per-record signature, the timestamp of every record, and the policy version in effect at the time. Each signature stands on its own under verification and reduces the forensic expert testimony usually needed to establish admissibility.
Regulatory response
Exports from the forensic store are organized by actor, time window, and policy version. This is the evidence structure regulators commonly request, so the regulator reads a mapped answer instead of a raw data dump the compliance team has to interpret.
Incident investigation
Forensic reconstruction of an incident is a filter on the store, scoped to a time window and actor. The output is a chronological record of every AI interaction the actor participated in, every data classification the requests touched, and every enforcement action the gateway produced. A breach narrative exports from these records as a signed chronological document.
Board reporting
Executive summaries run against the same data with a different filter. Total AI requests for the period, requests that tripped policy, escalations to security review, escalations to legal, and the cryptographic attestation that the summary covers every event in the period. The format matches what the audit committee already reviews for financial controls.
The complete transaction, including the original request, the transformed request after request-side policy was applied, and the upstream response, is written to a customer-configurable object store alongside the lightweight decision records in the primary forensic store. Customers choose the storage target and the retention policy that matches their compliance posture. Offline forensic analysis runs on a scheduled cadence against the transaction data to surface anomalous behavior that inline deterministic detection is unable to catch, using a customer-configured LLM or SLM so the analysis model stays inside the customer’s preferred trust boundary. Response-side transformation captured alongside the upstream response is on the roadmap and tracked in the same record schema.
Webhooks in the control plane push audit data to customer-configured endpoints, which lets existing SIEM, data-warehouse, and observability stacks consume the audit stream through standard integration patterns.