The trust engine · end to end

Security and compliance that decides, records, and proves - on every action.

Not a dashboard that says “that happened.” One engine reasons over a graph, maps to your frameworks, scores the action, rules on it, and seals the evidence - so trust is measured and provable, not asserted.

AegisGraph
reasons over the graph at ingest
76 frameworks
275 controls, one → many mapping
Evidence ledger
append-only, hash-chained
SentriAI
verdict + Action Trust Score
Trust CORTEX
ranks the decision for a human
Security graph
blast radius, made visible
Orryn
understands the business
Fintra
runs the business
SentriAI
decides whether it should act

How one action moves through the engine

Every consequential action - a person’s or an agent’s - passes through the same six stages. Each stage is deterministic and explainable, and each leaves evidence behind.

01AegisGraph · reasoning engine

The action enters a graph, not a log.

  • Graph-at-ingest: every event is enriched against the identity ↔ asset ↔ agent graph before anything reasons about it.
  • Deterministic detection rules and a risk score produce a plain-language “Graph Truth Statement” - repeatable, not a guess.
  • Toxic-combination attack paths surface chains - a stale token plus a new-vendor change plus an unregistered agent - that no single alert would ever show.
  • Blast radius is computed per action: what this touches if it is wrong.

AegisGraph reasons over a graph currently seeded with design-partner data. It decides, records, and can gate - it does not silently auto-execute.

02Frameworks & controls

One control, mapped to many frameworks.

  • The control library spans 76 frameworks and 275 controls - SOC 2, ISO 27001, HIPAA, GDPR, SOX, PCI DSS, NIST AI RMF and more.
  • A single control maps outward to every framework it satisfies, so one piece of evidence answers many obligations at once.
  • Each governed action is bound to the specific controls it touches, not to a vague “security” bucket.
  • Posture is a continuous state, not a once-a-year snapshot.
03Evidence ledger

A governed action seals itself into evidence.

  • The moment an action is governed, it is written to an append-only, hash-chained, control-mapped ledger.
  • Each entry embeds a cryptographic hash of the one before it - verify_chain recomputes the chain, and any edit or deletion breaks it visibly.
  • Evidence auto-populates the controls it maps to, so audit prep is a query, not a quarter of screenshot archaeology.
  • One trail covers human and AI actions with the same integrity model.
04SentriAI · AI Action Governance

A verdict and an Action Trust Score on every action.

  • SentriAI fuses the trust, identity, compliance, and financial signals into one explainable verdict - allow, step-up, hold, or block.
  • Every action carries a deterministic Action Trust Score with a visible factor breakdown - the same inputs always produce the same number.
  • Policies and attestations bind the verdict to a named owner and a stated reason.

Live actuation - actually holding or gating an action - happens only at the MCP / tool-call boundary and is opt-in. Elsewhere, consequential actions are draft-first and human-confirmed.

05Trust CORTEX

Cross-domain decisions, ranked by what matters now.

  • CORTEX ranks pending decisions across finance, identity, compliance, and AI by risk × urgency × blast radius.
  • It always outputs a decision - a recommended verdict an approver can act on - never a passive BI dashboard.
  • An approver acts once, and the outcome flows straight back into the evidence ledger.
06Security graph

See the blast radius before you approve.

  • The same graph that scored the action shows what it reaches - identities, assets, agents, and data classes.
  • The blast-radius view answers “what breaks if this is wrong?” before anyone signs off.
  • Toxic-combination paths are highlighted on the graph, not buried in a log nobody reads.
1 control
MFA enforced
satisfies obligations in
SOC 2ISO 27001HIPAAGDPRSOX 404PCI DSSNIST AI RMF

76 frameworks · 275 controls. Evidence is captured once and mapped to every framework it satisfies - so proving compliance in one regime proves it across all of them.

Trust ledger
verify_chain ✓ intact
evt_9f2a
bank-change proposed
prev · 00000000
evt_9f2b
Action Trust Score · 42
prev · a71c…9f2a
evt_9f2c
verdict · hold
prev · b03e…9f2b
evt_9f2d
HR approval · sealed
prev · c9d4…9f2c

Each entry embeds the previous entry’s hash. Edit or remove any record and verify_chain fails - tamper-evidence is mathematical, not a promise.

Blast radius

A toxic-combination path lit up on the graph - a stale token reaching payroll through an unregistered agent.

identitystale tokenagentunregisteredreportread-onlyactionbank changepayroll$ · runs tomorrow

Individually each hop looks benign. Chained, they reach money the day before payroll - which is exactly the toxic combination AegisGraph flags, and why the verdict was hold.

What’s real, said plainly

  • Decides, records, can gate. The engine issues a verdict and seals evidence on every action. Live actuation - actually holding or blocking - happens only at the MCP / tool-call boundary, and it is opt-in. Everywhere else, consequential actions are draft-first and human-confirmed.
  • AegisGraph runs on a reasoning graph currently seeded with design-partner data - the graph shown here reflects that, not a live customer environment.
  • Scoring is deterministic and explainable. The same inputs always produce the same Action Trust Score, and every score ships with its factor breakdown.
  • No fabricated proof. We align to recognized frameworks and share evidence on request. We never publish audit dates, certificate numbers, or customer logos that don’t exist.

One action, end to end

A real example: an employee changes their payroll bank account the day before payroll runs.

01
Event · seen through Fintra

Employee changes payroll bank account.

  • Fintra runs the books, payroll, and money - so the engine sees the action the moment it happens.
  • AegisGraph enriches it against the graph before anything decides.
02
Score · Action Trust Score

Trust dropped. Something is off.

  • Account trust dropped
  • Identity confidence low
  • Toxic combination: new bank + payroll runs tomorrow
  • Explainable score, not a black box
03
Verdict · allow / step-up / hold / block

Require HR approval · hold the payment.

  • The verdict can be enforced at the MCP boundary - or held draft-first for a named approver.
  • A person approves before money moves; the change waits either way.
04
Proof · sealed to the ledger

Handled - and provable.

  • Evidence auto-mapped to the controls it satisfies (SOC 2 and more)
  • Ledger entry written - append-only, hash-chained, verify_chain-checkable

Most systems say “that happened.” This engine says “here’s the decision, the score, and the evidence - and it’s handled.”

What is AI governance for finance?

AI governance for finance is the practice of deciding, at runtime, whether an action - taken by a person or an AI agent - should be allowed to proceed against financial systems, and proving that decision afterward. In Fintra it is one engine, end to end: AegisGraph enriches every action against a reasoning graph at ingest and computes its blast radius; the action is mapped to specific controls across 76 frameworks; SentriAI scores it with a deterministic Action Trust Score and issues a verdict - allow, step-up, hold, or block; Trust CORTEX ranks the decision for a human; and the whole thing seals into a hash-chained evidence ledger. Consequential actions are governed, draft-first, and human-confirmed: an AI agent can propose, but a named person approves before anything irreversible posts.

The trust engine - frequently asked

What is AI governance for finance?

AI governance for finance is deciding, at runtime, whether an action - taken by a person or an AI agent - should be allowed to proceed against financial systems, then proving that decision afterward. In Fintra this is one engine, end to end: AegisGraph enriches every action against a reasoning graph at ingest and computes its blast radius; the action is mapped to specific controls across 76 frameworks; SentriAI scores it with a deterministic Action Trust Score and issues a verdict - allow, step-up, hold, or block; Trust CORTEX ranks the decision for a human; and the whole thing seals into a hash-chained evidence ledger. Consequential actions are governed, draft-first, and human-confirmed: an AI agent can propose, but a named person approves before anything irreversible posts.

Should this AI agent be allowed to act?

That is the question SentriAI answers on every consequential action. Reading a report is not the same as posting a journal entry or moving money. AegisGraph reasons about the action in context - the graph, the toxic-combination paths, the blast radius - and AgentFence intercepts the agent’s tool call at the MCP boundary, checks it against allowlist and argument policies, and routes financially material actions through human-in-the-loop approval. Low-risk reads flow freely so agents stay useful; irreversible or money-moving actions wait for a named human, and both the proposal and the approval are recorded in the hash-chained ledger.

What is the Action Trust Score?

The Action Trust Score is a deterministic, explainable number SentriAI computes for every consequential action from weighted signals - identity confidence, account and vendor trust, compliance state, and Fintra’s financial context. “Deterministic” means the same inputs always produce the same score, and every score ships with a factor breakdown, so a reviewer sees why an action was trusted or held. It is the runtime companion to the composite Enterprise Trust Score: one is per-action, the other is the organization-wide roll-up.

How does the hash-chained evidence ledger work?

Every governed action - the prompt, the tool call, the verdict, the approval - is written to an append-only ledger where each entry embeds a cryptographic hash of the previous entry. Altering or deleting any record breaks the chain, and verify_chain recomputes it on demand to prove integrity. Each entry is also mapped to the specific controls it satisfies across frameworks, so operations become audit evidence automatically rather than being reconstructed after the fact.

What does AegisGraph actually do?

AegisGraph is the reasoning engine at the front of the flow. Its signature move is graph-at-ingest: before anything reasons about an event, it enriches it against the identity ↔ asset ↔ agent graph, runs deterministic detection rules, and computes a risk score and blast radius. It surfaces toxic-combination attack paths - dangerous chains of individually-benign conditions - that single-signal tools miss. Today it reasons over a graph seeded with design-partner data; it decides, records, and can gate, but it does not silently auto-execute anything.

How is this different from a SIEM or a compliance dashboard?

A SIEM or dashboard tells you “that happened.” This engine decides whether it should happen - before it does - scores it, enforces or holds the verdict, and proves it. Because it sees actions through Fintra, which owns the money, it grounds identity, fraud, and compliance signals in real financial events (pending approvals, payment and payroll changes, new-vendor and bank-change events) that a standalone monitoring tool never sees. Trust CORTEX outputs a decision, never a passive chart.

Running a security review?

We keep a standing evidence package - questionnaire answers, DPA, subprocessor list, and SOC 2 alignment documentation - ready for customer due diligence.

Talk to our security team

Stay in the loop

One practical finance briefing a week - security and compliance updates included.