The ledger your
auditor opens first.
Every key decision, motion, variance, and dollar claim — verified, traceable to the source, and assembled into a single audit-ready record. Deployable by your team, reviewable, and exportable to any standard.
| Timestamp | Model / Agent | Decision type | Amount | Status |
|---|---|---|---|---|
| 2024-11-03 09:14 | GPT-4o / Spend Optimizer | Budget reallocation | –$42,800 | Verified |
| 2024-11-03 10:52 | Claude 3.5 / Contracts | Vendor selection | +$0 | Pending |
| 2024-11-03 11:31 | Custom LLM / Ops | Headcount approval | –$217,000 | Flagged |
| 2024-11-03 14:08 | GPT-4o / Finance | Variance explanation | $0 | Verified |
| 2024-11-03 15:22 | Gemini 1.5 / Risk | Policy exception | –$8,500 | Reviewing |
| 2024-11-03 16:44 | Claude 3.5 / HR | Compensation change | +$12,000 | Verified |
Rethink compliance
Compliance is a
query, not a
quarterly project.
Every event in SphereIQ — a model call, a routing decision, a Comply custom update — is written to a tamper-proof audit log with a cryptographic signature and full context: who asked, when, what model, which parameters, what the model returned, and what action followed.
The audit log is updated step-by-step automatically. Review becomes a Monday morning, not a six-week scramble. When enforcement arrives, the evidence is already assembled — signed exports in minutes, not weeks of reviewing each claim by hand. The faster the evidence, the better the auditor’s experience. That is exactly what SphereIQ Audit is built to make possible.
How it works
The path from input to
evidence.
Capture
Every module writes to the same ledger
Spend Optimizer, Comply AI, CISO, Bulwark — every agent action is structured and logged to the same immutable record in real time.
Link
Each event hashes to its predecessor
Linked-hash chaining means any tampering of a record breaks the chain visibly. The ledger is self-proving.
Retrieve
Searchable by who, what, when, how much, and why
Filter by model, agent, decision type, dollar range, date, or flag status. Export a filtered set in seconds — not hours.
Package
Sealed evidence bundles, signed offline
One click produces a court-ready, externally-verifiable ZIP with cryptographic signatures. Delivered to your auditor the same day they ask.
Built for the enterprise
Built for production,
not demos.
Append-only at its foundation
Records are written once and never modified. The ledger is backed by an append-only storage layer with cryptographic chaining — readable by your foundation only.
Hash chain
Every record contains the SHA-256 hash of the previous entry. Chain integrity is verified on every query and on export. Any break surfaces immediately.
Row-level security
Finance sees finance records. Legal sees legal. Audit sees all. Role-based column masking and row-level policy enforcement mean the right people see the right data.
A default for forensics
Every field is indexed for forensic queries. Filter by any combination of agent, model version, dollar impact, or flag reason — across millions of events — in under a second.
Schema evolution
Add custom fields to any module without breaking historic audit records. Schema versioning is built in — older records are always queryable against the current schema.
SIEM export
Push structured audit events to Splunk, Datadog, or any SIEM via webhook or direct connector. Audit log stays in sync with your SOC in real time.
Sealed evidence bundles
Export any date range or filtered set as a signed, verifiable ZIP in one click. Bundles carry embedded hashes — verifiable offline by any third party without SphereIQ access.
Reflective controller
Every agent decision is accompanied by the chain-of-thought trace that produced it. Auditors and examiners can replay decisions step-by-step — not just see the output.
Contradiction detection
SphereIQ Audit flags when the stated rationale for a decision is inconsistent with observed behavior — catching model drift, prompt injection, and policy violations automatically.
Schema-first design
The schema is the
contract.
Every audit event conforms to a published schema: timestamp, agent, category, company, outcome, dollar value, rationale, hash, and chain pointer. We ship the schema first — you know what you’re logging before you go live.
We also export records in JSON Lines (one event per line), CSV, and signed Parquet — so your data team, legal team, and auditor work from the same source without any re-export pipeline.
{
"event_id": "e3d9f21a-...",
"ts": "2024-11-03T09:14:22Z",
"agent_id": "spend-optimizer-v2",
"model_version": "gpt-4o-2024-08",
"decision_type": "budget_reallocation",
"dollar_impact": -42800.00,
"rationale": "Q4 overspend detected in...",
"rationale_hash": "sha256:a1b2c3...",
"prev_hash": "sha256:f9e8d7...",
"status": "verified",
"export_bundle": "bundle-2024-11-03.zip",
"custom_fields": {
"cost_center": "ENG-447",
"approver_id": "u:mbrown"
}
}SphereIQ Platform
Stronger with the rest of the platform.
Comply AI
Every policy enforcement decision written by Comply AI flows into Audit automatically. Your regulatory evidence trail starts at the policy, not the outcome.
LearnCISO
Security events, threat detections, and access control changes from CISO appear in the same audit ledger — cross-referenced with agent decisions in context.
LearnBulwark
Risk flags from Bulwark attach directly to audit records. When an examiner asks why a decision was flagged, the risk evidence is already in the bundle.
LearnFAQ
Common questions
Get started
See Audit in your stack.
Thirty minutes with a solutions engineer. We’ll show you exactly what your audit record looks like and discuss the evidence format your auditor expects.
Live preview
The ledger your auditor opens first.
| Timestamp | Agent | Decision | Dollar impact | Rationale | Status |
|---|---|---|---|---|---|
| 2024-11-03 09:14 | Spend Optimizer | Budget reallocation | –$42,800 | Q4 overspend detected in digital | Verified |
| 2024-11-03 10:52 | Contracts AI | Vendor selection | $0 | Preferred vendor score threshold met | Pending |
| 2024-11-03 11:31 | Ops Agent | Headcount approval | –$217,000 | Role approved outside policy window | Flagged |