Cryptographic enforcement for autonomous AI agents.
Kevros issues signed release tokens before any action executes. No token, no action. Every decision is hash-chained, ML-DSA-87 signed, and independently verifiable. CMMC Level 2 self-assessed. Built for defense-grade procurement.
The requirement is cryptographic, not documentary.
CMMC Level 2 (self-assessed) requires rigorous controls over information systems. NDAA Section 1513 directs DoD to establish enforceable AI accountability requirements for covered systems. Kevros provides the cryptographic enforcement evidence those frameworks require. The EU AI Act adds runtime guardrails for high-risk systems. Auditors need cryptographic proof, signed and chained, that the right authorization was enforced at the right moment.
Kevros produces that proof at request time, not post-hoc.
Three primitives. Every claim is verifiable.
Cryptographic enforcement
FIPS 204 ML-DSA-87 signatures on every release token. Fail-closed by design.
Tamper-evident evidence
SHA-256 hash-chained ledger. Independently verifiable. Evidence pack available on request.
Formally verified
1.94B-state TLA+ model of the release-token protocol. Three patents filed (USPTO docket pending).
Public verification repositoryTLA+ specifications, Lean 4 proofs, and the compliance manifest are published in the public verification repository. Full source access and the evidence pack are available to qualified buyers under NDA.
Regulation is already scheduled. Enforcement has to be live.
| Regulation | Date | What Kevros provides |
|---|---|---|
| NDAA Section 1513 | June 2026 | Requires cryptographic enforcement of AI agent actions for covered DoD systems. Kevros signs every release token with ML-DSA-87 and emits a hash-chained evidence record. |
| EU AI Act, runtime guardrails | August 2026 | High-risk AI systems must demonstrate runtime controls with auditable evidence. Kevros provides the signed, chained record at request time. |
| NIST Agentic AI | Active now | Kevros architecture maps to NIST AI RMF and the agentic AI extension. |
Three differences. One proof point each.
Quantum-ready cryptography
ML-DSA-87 (FIPS 204 final) + SLH-DSA-256f (FIPS 205). NSA CNSA 2.0 quantum-resistant.
Vendor-independent
Seven integration protocols: x402, L402, MPP, Stripe, PayPal, Lightning, Solana. Works with any LLM provider via the agent SDK.
Patent-protected technology
Three patents filed on the cosign + release token + permission-before-power architecture.
Patent applications: available on request via legal@taskhawktech.comA single CLAMP decision, fully verifiable.
Every action produces a record like the one below. Every field is independently verifiable by a third party using the public tooling.
{
"decision_id": "clamp-2026-04-08T14:22:07Z-7f3a",
"agent_id": "agent-prod-001",
"action": "fs.write",
"target": "/var/reports/q1-summary.pdf",
"policy_hash": "sha256:2b9c...e41",
"prev_hash": "sha256:a04f...77d",
"timestamp": "2026-04-08T14:22:07.814Z",
"verdict": "ALLOW",
"release_token": "mldsa87:...",
"signer": "kevros/cosign@v1.4.2",
"signature": "mldsa87:3c1d...b9e"
}Every decision_id is independently verifiable. The evidence pack includes verification tooling and reference chains.
Three entry points.
Commercial
Enforce agent actions across production workloads. Runs on any LLM provider and integrates with your existing billing, IAM, and observability.
Talk to our teamDefense & Federal
CMMC Level 2 self-assessed. NDAA Section 1513 aligned. Evidence pack available on request.
Chat with an expertIntegrate Kevros
SDK, quickstart, and a curl example that returns a signed release token in under 30 seconds.
Read the docs