Audit-grade evidence
for every AI agent decision.
The compliance evidence platform built for the regulators your carrier, MGA, or InsurTech actually answers to. Colorado DOI Regulation 10-1-1, the NAIC Model Bulletin, NY DFS Circular Letter 7, California SB 1120. Four lines of code. The evidence pack is one click.
Engineer instead? Install the free SDK. 25,000 events a month. No card.
Tamper-evident by design
Ed25519 signing, hash chain, Merkle log. Shipping at MVP, 10 August 2026.
AWS BAA in force
Object Lock COMPLIANCE retention from six months to ten years.
Third-party verification at MVP
Open-source verifier script. Regulators verify against your published public key. No vendor trust required.
Install. Capture. Prove.
Four lines of Python or TypeScript in your agent runtime. Every meaningful event, every prompt, every tool call, every sub-agent delegation, every model output, every human override, flows through Invistiq from that moment forward. Signed at write time. Verifiable forever.
from invistiq import Invistiq
inv = Invistiq(org_id="org_abc", public_key=PUBKEY)
inv.attach(agent) # OpenAI Agents, LangChain, MCP
agent.run(prompt) # every event is signedCapture the event. Prove the decision.
01
Install the SDK
Python or TypeScript. Wraps LangChain, OpenAI Agents SDK, Anthropic Claude, Anthropic MCP. Intercom Fin webhook ships first at MVP. Sierra, Zendesk AI, Decagon, Ada on the roadmap.
02
Every decision gets signed
Model calls, tool calls, sub-agent delegation, outputs, human overrides. Each event signed with Ed25519 at write time. Hash-chained. Persisted to AWS S3 Object Lock.
03
Export the evidence
One click. Signed PDF, JSON manifest, signed Merkle root. Mapped to Reg 10-1-1, the NAIC Bulletin, NIST AI RMF, ISO 42001, HIPAA, FINRA, or whichever framework covers you.
Colorado DOI starts asking on 1 July.
Regulation 10-1-1 was amended in October 2025 to cover life, auto, and health carriers. The first full compliance report is due 1 July 2026. 24 states plus DC have already adopted the NAIC Model Bulletin. The audit-trail burden is moving from a procurement question to a market-conduct exam question.
AI liability underwriters
Armilla. AIUC. Munich Re and Mosaic aiSure. Vouch.
Replace self-reported underwriting documentation with continuous, cryptographically verifiable evidence on every covered deployment.
InsurTechs and MGAs
Lemonade. Root. Hippo. Corgi. AgentSync.
Carrier customers ask for the audit trail in procurement. The vendor grading its own homework is structurally not independent evidence.
Mid-market carriers
Colorado life, auto, and health. NY DFS-supervised. CA health.
Reg 10-1-1 wants a versioned inventory of every external-data source and predictive model, documented bias testing, ongoing drift monitoring. The first report is due 1 July 2026.
Insurance brokers placing AI E&O
CAC Specialty. Aon. Marsh. Gallagher.
Verisk AI exclusion forms went live in January. The renewal cycle is going to surface a doubled-up gap, the carrier excluding the AI liability, the client with no defensible audit trail.
Priced against the penalty, not the SaaS.
Free for developers up to 25,000 events a month. Compliance Starter from $18,000 a year. Compliance Insurer from $75,000. A single market-conduct exam finding runs well past that. The math is not close.
Eight founding seats. $12,000 a year. Reverts to the $18,000 Compliance Starter list once filled. 20 percent locked for life.
For the first eight US companies deploying high-risk AI inside an insurance workflow, an InsurTech, an MGA, or a broker. The founder installs the SDK with your engineer on a screenshare and hand-delivers your first Reg 10-1-1 narrative report. Direct Slack with the founder. Full refund if the SDK does not ship on time. Eight seats, then the list price returns.
Your AI agents are making decisions right now.
When the regulator asks, the trail will exist. Or it will not.
Drop in the SDK. Watch the first event arrive in under five seconds.
Pre-MVP. SDK ships 10 August 2026. No card required.
What is Invistiq?
Invistiq is the audit-grade evidence platform for AI agent decisions. The platform captures every meaningful event an AI agent emits, signs each event with the customer organization's Ed25519 private key at write time, chains events into a per-organization Merkle log, and persists to AWS S3 Object Lock for retention from six months to ten years. An open-source verifier script lets regulators check chain integrity against the organization's published public key, with no vendor trust required. Invistiq leads with the US insurance vertical: Colorado DOI Regulation 10-1-1 (first compliance evidence due 1 July 2026), the NAIC Model Bulletin (adopted by 24 states plus DC as of February 2026), the NAIC AI Systems Evaluation Tool (12-state pilot), NY DFS Circular Letter 7, and California SB 1120. Adjacent rulesets include NIST AI Risk Management Framework, ISO/IEC 42001, SOC 2 CC7.2, HIPAA section 164.312(b), FINRA Rule 17a-4, GDPR Article 30, and EU AI Act Article 12. The Invistiq SDK is OpenTelemetry-native and installs in four lines of Python or TypeScript, wrapping LangChain, OpenAI Agents SDK, Anthropic Claude, and Anthropic MCP. Pricing: Free up to 25,000 events a month, Compliance Starter from $18,000 a year, Compliance Insurer from $75,000 a year (for mid-market carriers), Enterprise Insurer from $150,000 a year, with the Charter program offering eight founding seats at $12,000 a year. AWS BAA in force. SOC 2 Type II targeted Month 18.