Skip to main content
Audit · signed & hash-chained

Every AI call, signed and accounted for.

DVARA writes every LLM and MCP request to a tamper-evident audit log — each event HMAC-signed and hash-chained to the one before it, so a single altered record breaks the chain. Generate SOC 2, HIPAA, and GDPR reports on demand and stream every event to your SIEM.

Immutable audit & compliance reporting ship in every DVARA install — see pricing.

“We use AI responsibly” has to be provable.

Who sent which prompt, to which model, under which policy, and what came back — with a guarantee the log wasn't edited after the fact. Application logs don't carry policy decisions, aren't tamper-evident, and aren't shaped for an auditor. That gap is the difference between an interesting pilot and a deal security will sign off on.

Append-only, hash-chained, and exportable

Tamper-evidence you can verify

Chain-continuity plus strictly monotonic sequence numbers prove the log is intact. Edit or delete one row and verification fails.

Policy decision on every record

Not just “a call happened,” but which policy allowed, warned, downgraded, or denied it — the context an auditor actually asks for.

Per-tenant isolation

Every audit query is tenant-scoped at the application layer; one tenant can never see another tenant’s events.

Filter & export

Query by tenant, event type, and date range; export the results as CSV or JSON for your GRC workflow.

SIEM export

Stream every event in real time to Splunk (HEC), AWS CloudWatch Logs, or Kafka.

Scheduled compliance reports

Generate SOC 2 Type II, HIPAA, and GDPR reports on demand or on a cron schedule, with retention controls and PDF output.

Record, chain, export, report

  1. 1

    Record

    Every LLM and MCP call writes a signed audit event carrying its policy decision, tenant, model, provider, and outcome.

  2. 2

    Chain

    The event is HMAC-SHA256 signed, and the signature incorporates the previous event’s hash — sequence numbers are strictly monotonic, so the log is tamper-evident.

  3. 3

    Export

    Events stream to your SIEM — Splunk, CloudWatch, or Kafka — in real time, alongside the append-only store.

  4. 4

    Report

    Generate SOC 2 / HIPAA / GDPR reports on demand or on a schedule, downloadable as PDF for your auditor.

Every call, recorded in DVARA Flightdeck

The Audit log viewer in DVARA Flightdeck — signed, filterable records of every LLM and MCP call with policy decisionThe Audit log viewer in DVARA Flightdeck — signed, filterable records of every LLM and MCP call with policy decision
A filterable, signed record of every LLM and MCP call — each event carrying its policy decision, hash-chained into a tamper-evident trail.

Common questions about AI audit & compliance

What makes the audit log tamper-evident?

Each event is HMAC-SHA256 signed and the signature incorporates the previous event’s hash, forming a chain with strictly monotonic sequence numbers. Altering or deleting any record breaks chain verification, so tampering is detectable.

Can Dvara generate SOC 2, HIPAA, and GDPR reports?

Yes. Reports are generated on demand or on a schedule from the audit and usage data and downloadable as PDF.

Can I stream audit events to my SIEM?

Yes. Splunk (HEC), AWS CloudWatch Logs, and Kafka are supported export targets, and events stream in real time.

Is every audit query isolated per tenant?

Yes. Audit access is tenant-scoped at the application layer, so a tenant can never see another tenant’s events.

Does the log capture why a call was allowed or blocked?

Yes. Each event carries the policy decision — allowed, warned, downgraded, or denied — not just the fact that a call occurred.

Make AI provable for your auditors.

Immutable audit and compliance reporting ship in every DVARA install. Start a free 30-day trial, or read how it works.