Formal verification
for AI agents.
Prove whether harmful behavior is reachable before deployment.
VERDICT uses Z3-based formal methods to verify whether critical failure paths in agentic AI systems are reachable or impossible by construction — not by testing, not by probabilistic evals. Mathematical proof.
AI agents create a new control problem.
Traditional testing can surface examples of failure. It cannot prove whether a dangerous path is fundamentally possible inside your agent system.
That gap matters when the workflow can trigger actions, move money, expose sensitive data, or operate inside regulated environments.
VERDICT verifies whether critical failure paths are reachable across approval logic, tool permissions, scope boundaries, context retention, and output controls.
A single misconfigured approval gate, scope leak, or injection path can create unauthorized actions, position-limit breaches, data exposure, or unsafe coordination between agents.
Simulation finds examples. Formal verification proves possibility.
SAT = harmful path reachable under the modeled config · UNSAT = path impossible by construction
| Approach | Finds examples of failure | Proves unreachable states | Works at agent behavior layer | Produces auditor-ready artifacts |
|---|---|---|---|---|
| Red teaming | ✓ | — | ✓ | — |
| AppSec scanners | — | — | — | — |
| AI evals | ✓ | — | ✓ | — |
| VERDICT | ✓ | ✓ | ✓ | ✓ |
What verification looks like in practice.
A treatment action can execute without human approval.
No execution path exceeds the configured exposure cap.
Injected instructions can reach tool invocation under current config.
Sensitive output is blocked by enforced output constraints.
Important: VERDICT does not claim universal safety. It proves whether defined unsafe behaviors are reachable within the modeled system boundary. Scope is bounded to the failure modes covered by the current engine version.
How verification works.
Model the system
We encode your agent's effective control surface: tools, permissions, approval gates, role boundaries, memory assumptions, and domain constraints.
Run the proofs
Each failure mode is expressed as a formal satisfiability theorem and checked with the Z3 solver. SAT or UNSAT — no ambiguity.
Deliver the report
Proof outcomes, modeled assumptions, configuration hash, severity findings, and remediation guidance. Structured for security, legal, and compliance review.
Critical failure modes we verify.
Each verification result is tied to a concrete control model and a reproducible proof outcome.
Inspired by real-world classes of agentic AI failure. Specific proof conditions vary by system model.
What buyers get.
Identify unsafe paths before production. Know which failure modes are reachable under your exact configuration before a single user interaction.
Provide structured assurance artifacts for security, legal, and compliance stakeholders. Proof outcomes with modeled assumptions and a configuration hash.
See exactly which control changes convert a result from SAT to UNSAT. Not a list of recommendations — a proof that the fix works.
Move from "we tested it" to "we proved whether this path is or is not reachable under the modeled system boundary."
Built for the era of AI oversight requirements.
VERDICT can support internal control validation and assurance workflows relevant to emerging AI governance requirements. It is designed to strengthen evidence around how agent systems behave under defined constraints.
Risk management and control expectations under phased rollout, with broader applicability toward August 2026 and beyond.
AI management systems — risk management, governance, monitoring, and continual improvement requirements.
Evidence preparation for security and governance reviews. Structured artifacts suitable for audit workflows.
For organizations with jurisdictional or data-residency requirements. Deployment options designed to reduce cross-border exposure. Legal review recommended.
Enterprise verification engagements
Foundational certification · Formal verification of core failure paths for one agent system
Continuous assurance · Ongoing verification after config changes or control updates
Sovereign deployment · For organizations with strict jurisdiction or residency requirements
Starting at $75,000 for scoped enterprise engagements