Formal verification · Z3 SMT · AI agent behavior

Formal verification
for AI agents.

Prove whether harmful behavior is reachable before deployment.

VERDICT uses Z3-based formal methods to verify whether critical failure paths in agentic AI systems are reachable or impossible by construction — not by testing, not by probabilistic evals. Mathematical proof.

HealthcareFinanceEnterprise automationRegulated operations

AI agents create a new control problem.

Traditional testing can surface examples of failure. It cannot prove whether a dangerous path is fundamentally possible inside your agent system.

That gap matters when the workflow can trigger actions, move money, expose sensitive data, or operate inside regulated environments.

VERDICT verifies whether critical failure paths are reachable across approval logic, tool permissions, scope boundaries, context retention, and output controls.

A single misconfigured approval gate, scope leak, or injection path can create unauthorized actions, position-limit breaches, data exposure, or unsafe coordination between agents.

Simulation finds examples. Formal verification proves possibility.

SAT = harmful path reachable under the modeled config · UNSAT = path impossible by construction

ApproachFinds examples of failureProves unreachable statesWorks at agent behavior layerProduces auditor-ready artifacts
Red teaming
AppSec scanners
AI evals
VERDICT
EXAMPLE PROOF RESULTS

What verification looks like in practice.

Run on your agent →
Approval Gate Enforcement
MedAgent v1
SAT

A treatment action can execute without human approval.

Position Limit Bound
TradingAgent v3
UNSAT

No execution path exceeds the configured exposure cap.

Prompt Injection Tool Reachability
SupportAgent
SAT

Injected instructions can reach tool invocation under current config.

PII Exfiltration Path
HRAgent v2
UNSAT

Sensitive output is blocked by enforced output constraints.

Important: VERDICT does not claim universal safety. It proves whether defined unsafe behaviors are reachable within the modeled system boundary. Scope is bounded to the failure modes covered by the current engine version.

How verification works.

STEP 01

Model the system

We encode your agent's effective control surface: tools, permissions, approval gates, role boundaries, memory assumptions, and domain constraints.

STEP 02

Run the proofs

Each failure mode is expressed as a formal satisfiability theorem and checked with the Z3 solver. SAT or UNSAT — no ambiguity.

STEP 03

Deliver the report

Proof outcomes, modeled assumptions, configuration hash, severity findings, and remediation guidance. Structured for security, legal, and compliance review.

INITIAL VERIFICATION SUITE

Critical failure modes we verify.

Each verification result is tied to a concrete control model and a reproducible proof outcome.

FM-001
Approval bypass
FM-002
Policy bound violation
FM-003
Prompt-injection tool reachability
FM-004
Goal divergence under proxy optimization
FM-005
Tool scope escalation
FM-006
Context constraint drop
FM-007
Multi-agent collusion path
FM-008
PII exfiltration path

Inspired by real-world classes of agentic AI failure. Specific proof conditions vary by system model.

What buyers get.

Before deployment

Identify unsafe paths before production. Know which failure modes are reachable under your exact configuration before a single user interaction.

For governance review

Provide structured assurance artifacts for security, legal, and compliance stakeholders. Proof outcomes with modeled assumptions and a configuration hash.

For remediation

See exactly which control changes convert a result from SAT to UNSAT. Not a list of recommendations — a proof that the fix works.

For enterprise trust

Move from "we tested it" to "we proved whether this path is or is not reachable under the modeled system boundary."

AI GOVERNANCE READINESS

Built for the era of AI oversight requirements.

VERDICT can support internal control validation and assurance workflows relevant to emerging AI governance requirements. It is designed to strengthen evidence around how agent systems behave under defined constraints.

EU AI Act
Relevant

Risk management and control expectations under phased rollout, with broader applicability toward August 2026 and beyond.

ISO/IEC 42001
Aligned

AI management systems — risk management, governance, monitoring, and continual improvement requirements.

SOC 2 / Internal controls
Supported

Evidence preparation for security and governance reviews. Structured artifacts suitable for audit workflows.

Sovereign deployment
Available

For organizations with jurisdictional or data-residency requirements. Deployment options designed to reduce cross-border exposure. Legal review recommended.

ENTERPRISE VERIFICATION

Enterprise verification engagements

Foundational certification · Formal verification of core failure paths for one agent system
Continuous assurance · Ongoing verification after config changes or control updates
Sovereign deployment · For organizations with strict jurisdiction or residency requirements

Starting at $75,000 for scoped enterprise engagements