VerdifaX

Security & trust

Last updated: April 30, 2026

Verdifax is a security product. This page describes the controls, the threat model, the assumptions, and the limits of what the platform protects against. Security promises are stated narrowly so they can be audited.

Threat model

Verdifax is built to defend against operators and infrastructure providers (including Verdifax itself) tampering with execution after the fact. The platform is notdesigned to prevent the user's own program from being incorrect, malicious, or biased, those are evaluation problems upstream of the attestation pipeline.

Cryptographic primitives

Verdifax uses industry-standard cryptographic primitives: collision-resistant hashing, deterministic canonical serialization, and zero-knowledge proofs. We do not invent cryptography; we compose audited primitives. Specific algorithms and protocol details are disclosed under NDA to evaluating customers.

Hardware root of trust

Verdifax binds every production run to a measured-boot attestation from the underlying compute substrate. The platform supports a multi-vendor root of trust requiring quorum agreement so that no single hardware vendor or operator can forge a manifest.

Determinism guarantees

Identical inputs produce identical manifest hashes byte-for-byte across languages and architectures. This is a primitive of the system, not an aspiration, it is enforced by the platform's foundational specification and tested by an automated cross-architecture determinism audit.

Independent verification

Every Verdifax manifest can be re-derived by a verifier that does not trust Verdifax. Independent verifier services run outside the Verdifax runtime, recompute every hash, and return either a verified status or a specific failure reason. There is no privileged path that bypasses verification, not even for the Verdifax operator.

Data handling

Verdifax never stores the raw input bytes you attest. Payloads are processed in a stateless way and discarded after processing. Only a cryptographic hash of the canonical request is retained for audit purposes. Model weights, IAM tokens, and customer records do not enter the Verdifax substrate and cannot be exfiltrated through it.

Access controls

Production access is gated by hardware-backed multi-factor authentication, role-based authorization, just-in-time credentials, and per-action audit logging. Engineers cannot access customer payloads in production. Administrative actions are themselves attested and emit their own VFA artifacts.

Vulnerability disclosure

Security researchers may report suspected vulnerabilities to security@verdifax.com. We acknowledge reports within forty-eight (48) hours and aim to triage within five (5) business days. We do not take legal action against researchers acting in good faith and within the scope of our responsible-disclosure policy.

Compliance posture

Verdifax is designed to satisfy the evidence-of-execution requirements of:

  • EU AI Act, Article 12, record-keeping (automatic logs over the lifetime of high-risk AI systems)
  • EU AI Act, Article 13, transparency and traceability
  • NIST AI RMF 1.0, Govern and Measure functions (evidence-of-execution records sufficient for Govern.4 and Measure.2)
  • ISO/IEC 42001:2023, AI management system, clauses 8 (operational planning) and 9 (performance evaluation)
  • HIPAA 45 CFR § 164.312(b), audit controls
  • SOX § 404, IT change controls
  • SR 11-7, model risk management evidence (sealed inputs, sealed model output, sealed policy gate per decision)
  • GDPR Articles 17 and 22, right to erasure (via Cryptographic Record Erasure) and automated-decision record
  • FedRAMP / NIST SP 800-53, attestation and continuous monitoring

Compliance certifications are issued at the operator level, against specific deployments.

What Verdifax does not protect against

To keep the security promise narrow and auditable, we list the out-of-scope items explicitly:

  • Verdifax does not certify that a model's output is correct
  • Verdifax does not certify training-data licensing or representativeness
  • Verdifax does not authenticate the human user, wire your IAM into the inputs you attest
  • Verdifax does not prove that the values inside a payload describe reality (input authenticity is upstream of the pipeline)

The narrow scope is the source of the cryptographic strength.

Contact

Security questions can be sent to security@verdifax.com.