How to generate a cryptographic receipt for every AI inference

Pulkit Srivastava — Sat, 27 Jun 2026 07:31:34 +0000

The EU AI Act enforcement starts August 2026. Article 13(3)(c) requires
technical documentation of every automated AI decision made by high-risk
systems. The fine for non-compliance: €15M or 3% of global revenue.

Most teams are not ready for this.

The problem isn't understanding the regulation. It's that right now, every
AI output your system produces is unverifiable. Anyone can edit it after
the fact. There's no proof it came from a specific model at a specific time.
No proof the output wasn't changed. No audit trail that would survive a
legal dispute.

AetherProof fixes this with one function call.

What it generates

Every inference produces a receipt — a cryptographically signed JSON record
that proves:

WHAT model ran (provider-reported model id, not a guess)
WHAT the input was (SHA-256 commitment)
WHAT the output was (SHA-256 hash)
WHEN it happened (millisecond timestamp)
That none of it was altered (Ed25519 signature — one bit changes, verification fails)

The receipt is verifiable offline, forever, with only a public key.
No servers. No API calls. No dependency on AetherProof infrastructure.

Install

pip install aetherproof

Cloud API usage (OpenAI, Claude, Grok, DeepSeek, Gemini)

from aetherproof.core.receipt import Receipt
from aetherproof.core.keystore import load_or_create_signer
from aetherproof.core.log import ReceiptLog

your normal API call

resp = client.chat.completions.create(
model="gpt-4o",
messages=[{"role": "user", "content": user_prompt}]
)

generate the receipt

r = Receipt.for_api_call(
provider="openai",
model_id=resp.model, # from the API response, not typed
prompt=user_prompt,
output_text=resp.choices[0].message.content,
response_metadata={
"system_fingerprint": resp.system_fingerprint,
"response_id": resp.id,
"created": resp.created,
},
)

sign and log it

signer = load_or_create_signer()
r.signature = signer.sign(r.signing_bytes())
ReceiptLog().append(r)

The receipt JSON looks like this:

{
"receipt_version": "1.1",
"model_weight_root": "e04054baac10b5d2a36213244af1b979...",
"model_root_type": "api_attested",
"input_commitment": "52cb6b5e4a038af1756708f98afb718a...",
"output_hash": "a54fe368ce973a036ccb2271627f8fa4...",
"timestamp_ms": 1719400000000,
"log_sequence": 1,
"signature": "d5b00bf29e891892d87ee4a864b4e695...",
"log_anchor": "local://log/1"
}

Verify it offline — no AetherProof code required

import json, hashlib
from cryptography.hazmat.primitives.serialization import load_pem_public_key

r = json.load(open("receipt.json"))
pub = load_pem_public_key(open("public.pub", "rb").read())

fields = [
r["receipt_version"], r["model_weight_root"], r["model_root_type"],
r["input_commitment"], r["output_hash"], str(r["timestamp_ms"]),
str(r["log_sequence"]),
json.dumps(r["hw_evidence"], sort_keys=True, separators=(",", ":")),
r["log_anchor"],
]
preimage = "".join(f"{len(f)}:{f}" for f in fields).encode("utf-8")
pub.verify(bytes.fromhex(r["signature"]), preimage)
print("valid")

That's the entire trust model. SHA-256 + Ed25519. Standard crypto.
Runs anywhere, forever.

An important honesty note about cloud models

With cloud APIs (GPT-4o, Claude, Grok), you cannot hash the weights —
they live on the provider's servers. AetherProof is honest about this:
model_root_type is set to api_attested, not artifact_hash.

What it does prove is the part you are liable for: the exact input your
system sent, the exact output it acted on, the model the API claimed,
the timestamp, and that none of it was edited afterward. That's your
record-keeping obligation under EU AI Act and SEC 17a-4.

Works with 17 model families

OpenAI, Anthropic, xAI/Grok, DeepSeek, Google, Mistral, Meta, Cohere,
Alibaba — tested in the matrix test suite.

Apache 2.0 — fully open source

pip install aetherproof
github.com/pulkit6732/aetherproof

If you're hitting audit trail requirements from enterprise clients,
I'd love to hear about it.

I built a cryptographic audit receipt for Claude Mythos (and any AI model) — here's how it works

Pulkit Srivastava — Fri, 29 May 2026 15:47:13 +0000

Anthropic's Mythos model can autonomously find zero-day
vulnerabilities. Their CVD disclosure process uses manual
SHA-3-512 hash commitments to prove findings existed.

I built something that automates that in one line of Python.

What AetherProof does

One function call generates a 128-byte Ed25519-signed receipt
that proves:

What model ran — FNV-1a hash of provider/model ID
What it produced — hash of the output
When — cryptographic nanosecond timestamp
Tamper-evident — flip any byte anywhere → INVALID


python
import aetherproof

receipt = aetherproof.for_anthropic(
    "Find vulnerabilities in this binary.",
    finding_text,
    model="claude-mythos-preview"
)

receipt.save("CVE-2026-001.receipt")
print(receipt.verify())  # True
Try it in 30 seconds

pip install aetherproof
python -c "
import aetherproof
r = aetherproof.for_anthropic('question', 'answer')
print(r.verify())   # True
print(r.pretty())
"
The unusual part — invisible Unicode watermarking
Receipts embed invisibly into any text using Unicode
Private Use Area codepoints (U+E000–U+E0FF).

AI output carries its own audit trail. Works in any language —
Arabic, Chinese, Devanagari, Hebrew, Thai, Japanese all tested.


signed_output = aetherproof.embed(ai_response, receipt.to_bytes())
# Text looks identical. Receipt is inside.

aetherproof.verify_embedded(signed_output)  # True
Numbers
187 tests, 0 failures
128/128 byte flips all detected
1000/1000 tamper probes pass
Cross-language: Python generates, Rust CLI verifies
15,446 receipts/sec (Python) · 5,472/sec (Rust)
Why AGPL-3.0
Free for open source. Commercial use needs a license.
This is the compliance layer under your AI stack —
it should be open, auditable, and not vendor-locked.

GitHub
https://github.com/pulkit6732/aetherproof

Built by Pulkit. Feedback welcome.

DEV Community: Pulkit Srivastava