NEW RESEARCH: Your Sandbox Is Made of Glass

Read

Trinitite

The Audit Platform for the AI Era

Auditors sign opinions on systems they can finally re-examine.

A model decides. An agent acts. The logs say what happened — nothing lets anyone replay it later to check. Trinitite is the substrate where every decision is re-executable, attested, and independently verifiable, and where the audit, the regulator, and the public trust page all read from one ledger.

ssae_21 · direct_examination

ISSUED

merkle_root

7c1a…d09f

replay_match

100% · bit_exact

eqcr

concurred · AS 1220

anchor

RFC 3161 + Rekor

signature

Ed25519 · JWKS

verify

QR · no NDA

✓ re-verifiable

You don’t trust and verify. You re-verify.

Every artifact we issue — fairness receipt, drift run, sampling draw, workpaper, SSAE 21 report — carries a recompute plan. Bit-exact replay is the wedge nobody else can honestly claim; external auditors operate on the same platform as the client, write-guarded by schema.

The foundation

Four load-bearing primitives.

Deterministic kernel

A determinism-fixed kernel with a CI gate that refuses merges if a hash drifts. This is the layer that makes "re-run the model" binary instead of advisory.

Unified Merkle ledger

Every governance event — LLM call, MCP tool call, training job, policy change, HITL approval — hashed into a single sealed Merkle root per epoch. One root, one proof, one trail.

Replay service

Re-runs a historical request through the same pinned policy, adapter, and kernel — and returns a signed verdict: bit_exact, semantic_only, divergent, or original_missing.

Attestation hub

Canonical JSON → SHA-256 → asymmetric Ed25519 / ECDSA signature, published as JWKS. Every Merkle root externally anchored to RFC 3161 + Sigstore Rekor — not even Trinitite can backdate.

What makes it 10×

What a buyer asks. What we ship.

“Can we re-run a decision?”

Here are the logs.

Bit-exact replay, signed, one click.

“Where did this GenAI answer come from?”

RAG, probably.

A retrieval receipt: corpus hash, top-k doc hashes, prompt + tool-schema hashes.

“Would it flip if we changed this feature?”

We don’t have that.

Counterfactual replay with a signed verdict.

“Prove fairness without showing protected data.”

Trust the aggregate.

ZK fairness, materiality, and counterfactual proofs.

“Issue a SOC-style report on this AI assertion.”

Not in scope.

SSAE 21 direct examination report, signed.

“Tick-marks, confirmations, sampling projection?”

We fall back to CaseWare.

Native AS 1215 tick-marks, ISA 505 confirmations, AS 2301 sampling projection.

Who it’s for

One ledger, four audiences.

Big-4 engagement teams

Issue AI SOC / SSAE 21 direct exams without hosting-services ethics risk — reviewer portal, deep-links, and independence-safe mode built for it.

Internal audit & model risk

SR 11-7 / EU AI Act Art. 10-grade evidence continuously, not quarterly — replay is one click.

GRC & compliance leaders

One Merkle chain, one ledger, one vendor to integrate with AuditBoard, Workiva, ServiceNow GRC, Archer, OneTrust, Hyperproof.

Regulators & notified bodies

Annex IV packets land the way the framework specifies; direct examination reports land the way SSAE 21 specifies; ZK proofs land without violating the privacy rules they enforce.

The always-on stream is continuous audit; the chain of custody is the Glass Box Ledger; the reviewer experience is the auditor workflow; the robustness evidence is the ATLAS red team.

FAQ

The AI audit platform, answered

What is an AI audit platform?

An AI audit platform is the substrate where every AI decision is re-executable, attested, and independently verifiable — and where the audit, the regulator, and the public trust page all read from the same ledger. Trinitite ships bit-exact replay, a unified Merkle ledger, signed SSAE 21 / ISAE 3000 attestations, and a public verifier, so an auditor re-verifies evidence rather than trusting a dashboard.

How can a Big-4 firm use this without independence problems?

Independence is enforced by schema. An engagement with role = external_auditor is write-guarded at the permission layer — every mutating endpoint returns 403 for that role regardless of UI state. That keeps the firm clean of the AICPA hosting-services interpretation and the SOC tool-provider ethics risk, so legal signs off in a meeting, not a memo cycle.

What is bit-exact replay and why does it matter for audit?

Because the kernel is determinism-fixed, any historical AI decision can be re-executed bit-for-bit months later. Replay is the wedge — it turns “trust the log” into “re-run the decision.” See deterministic replay for AI agents for the receipt shape and the public verifier.

How does this relate to continuous audit?

The same primitives that drive a point-in-time Big-4 engagement also drive a rolling assurance stream. See continuous audit for the always-on CCT / CCOE / continuous-attestation stack, and the auditor workflow for the reviewer experience.