Pillar 02 — Verifiable AI

Verifiable AI.

Independently reproduce and verify AI decisions, after the fact.

Record AI inputs and outputs, the model ID, and the applied policy as cryptographic proofs. Leave the decision process in a form a third party can reproduce without ever accessing the original. One of the four pillars that make up Lemma's trust infrastructure.

Answering the questions being asked most urgently today
? Held accountable for AI decisions under regulation and audit
Need to guarantee decision consistency across model switches
Need to detect tampering with AI inputs after the fact
01 · What is Verifiable AI

Make "what it saw and how it decided" independently verifiable, after the fact.

Issue commitments to the AI's input, the model used, and the output. A third party can verify the reproduction and compliance of the decision without accessing the original.

AI workflow

Input + model + output

The input data the AI processes in your workflow, the model used, and the output result.

The original data stays in-house
Lemma

Commitment + policy verification

1Commit the input hash
2Record the model ID and policy
3Guarantee consistency with a ZK proof
Never touches confidential inputs or model internals
Audit / regulatory response

A verifiable decision log

modelIdgpt-4o
inputCommitment0xa3...
outputCommitment0xb7...
satisfiesPolicy
A third party reproduces and verifies it independently

Think of it like meeting minutes.

After an important meeting, you keep minutes recording who attended, what was discussed, and what was decided — sound familiar? Lemma's Verifiable AI is a mechanism that automatically issues these minutes for every AI decision. Later, a third party can verify that "this input really did produce this decision from this model," without ever seeing the original.

What you disclose

A verifiable fingerprint of the decision

  • modelId (identifier of the model used)
  • inputCommitment / outputCommitment
  • satisfiesPolicy (policy compliance)
  • A ZK proof for third-party verification
What stays private

Confidential inputs, outputs, and model internals

  • The input itself (customer data, internal documents)
  • The output itself (sensitive details of the decision)
  • Model weights and parameters
What this mechanism makes possible
AI decisions are kept as reproducible "minutes"
The input itself and model internals stay protected as confidential
You can meet accountability requirements in regulation and audit
You can verify decision consistency even across model switches

Meet AI accountability with cryptography.

Build workflows where regulatory audit holds up retroactively
Keep decisions consistent even across model switches
Automation and verifiability coexist by the same construction
02 · How it differs from existing approaches

How it differs from AI logging, model audit, and access control.

Merely "recording," "auditing," or "controlling" does not guarantee tamper-proofness and independent verification.

Approach
Reproduce the decision
Confidential data stays local
Independent verification
Cryptographic proof
AI logging only
Model audit tools
Access control only
Lemma Verifiable AI
03 · Position in the trust infrastructure

P2 is one of the four pillars that make up Lemma's trust infrastructure.

P1 Origin P2 AI P3 Authority P4 Attributes
See the full trust infrastructure →
04 · In practice

Workflow scenarios that use this pillar.

P2 · Log
AI audit log proof
P2 · Attack
Prompt injection detection
 EU
P2 · Regulation
EU AI Act compliance
P2 · Model
Model integrity proof
P2 · Document
AI document isolation
P2 · RAG
RAG source attestation
See all use cases →
05 · Technical reference

Make AI decisions verifiable with proprietary cryptography.

Commitment

Fixes the contents of inputs and outputs as a unique fingerprint without revealing them. You can independently verify later whether "it was the same input."

Policy verification

Proves with ZK whether the AI's decision satisfies a predefined policy (age limits, geo restrictions, and so on).

Model ID fixing

Cryptographically fixes which model (version, parameter set) performed the inference. For tracking consistency across model switches.

// your.model.v1 — Lemma canonical schema
{
  "$schema": "your.model.v1",
  "modelId": "gpt-4o-2024-08-06",
  "inputCommitment": "0xa3f1...c9d2",
  "outputCommitment": "0xb7e2...4a8f",
  "policyHash": "0xf1c5...e3b9",
  "satisfiesPolicy": true,
  "timestamp": "2026-06-05T10:00Z",
  "zk_proof": "0x8c4f...e7d2"
}
Developer guides for implementing P2

Technical documentation related to this pillar.

GUIDESProve Facts with Zero Knowledge
GUIDESDisclose Only What AI Needs
GUIDESDefine Your Domain as a Schema
GUIDESQuery Verified Attributes
See all technical documentation →
06 · Next step

See it for yourself with a workflow scenario.

For business teams

Discovery Call

We'll hear your workflow scenario in 30 minutes. No technical details, personal information, or confidential data required.

Get in touch →
For developers

Try the Schema

Try your.model.v1 in the Lemma Dashboard in 5 minutes. Read alongside the SDK and Guides.

Dashboard →