What is Proof-of-Control?
Proof-of-Control is a category of AI security that delivers independent, tamper-resistant provability that AI systems did what they were authorized to do.
Every time an AI agent acts — authorizing a payment, accessing patient data, crossing a system boundary — Proof-of-Control technology produces cryptographic, tamper-resistant evidence of what happened. Not a log that can be rewritten. Not a policy that describes intent. Evidence that can be independently verified by any third party, at any time, without trusting the vendor.
Human Authorizes
Agent Authenticates
Data Accessed
Boundary Crossed
Compliance Checked
Output Delivered
Context Retrieved
Payment Settled
Model Executes
A hypothetical AI agent lifecycle — each Proof-of-Control evidence point is where independent provability could apply.
The problem Proof-of-Control solves
Every enterprise deploying AI is asking the same question: how do we know what the machine did?
Today, the answer relies on three things that don't constitute evidence:
01
Logs can be fabricated.
They're generated by the same system they're supposed to monitor. The entity being watched is writing its own report card.
02
Policies describe intent, not behavior.
A governance policy says what should happen. It says nothing about what actually did.
03
Contracts assign blame after the fact.
They define liability. They don't prevent the harm or produce evidence of what occurred.
The distance between what AI systems do and what you can prove they did is the Provability Gap. Every enterprise deploying agents operates inside it.
What AI did
Actions, decisions, data accessed
The Provability Gap
No independent evidence
What you can prove
Logs? Policies? Contracts?
[ Proof-of-Control ] closes the gap
The technology exists. The shared language doesn't.
Vendors are selling independent provability under dozens of different names — and some are delivering it without even knowing that's what they have.
31+ terms. No shared language. No way for buyers to compare.
One category. One name. Every term above fits inside it.
These technologies touch five domains:
But buyers aren't asking for cryptographic logging or hardware attestation. They're asking:
“If an agent made a decision in our name, can we prove who gave it permission?”
“How do we prove the agent didn't expose patient data between clouds?”
“An agent just authorized a payment. Can we prove who approved it?”
Every one of these questions is a demand for independent provability. Buyers just don't know it has a name — and vendors aren't making it easy to find.
What makes Proof-of-Control different
It's a property, not a product.
Proof-of-Controlis a property — like “open source” or “cloud-native.” Many different technologies can deliver it. AAI Society defines the property. Our members build the technology.
It's implementable anywhere in the stack.
At the identity layer, the compute layer, the storage layer, the payment layer, the compliance layer. Wherever AI acts, Proof-of-Control can apply. Our members have the products for it.
It satisfies existing compliance requirements.
NIST AI RMF, Google SAIF, ISO 42001, and SOX all require integrity and transparency. Proof-of-Control is the technical implementation that satisfies those requirements with cryptographic evidence rather than self-reported claims.
It's compatible with your existing stack.
Whatever you have, our members' technologies are composable and integratable with existing vendors. You don't rip and replace — you add provability to what you already run.
It's enterprise-ready.
Our members build products with Proof-of-Control to meet enterprise compliance requirements including SOC 2, ISO 27001, HIPAA, and SOX. The evidence they produce is designed to satisfy auditors, not just engineers.
Compute is a commodity. Provability is the moat.
Christian Catalini's research at MIT Sloan demonstrates that as the cost to automate crashes toward zero, AI execution becomes a commodity. What remains scarce is verification: the ability to confirm what AI actually did.
Catalini's framework describes verification broadly. Proof-of-Control is the cryptographic subset that scales verification beyond human bandwidth. A human can verify a single transaction. Proof-of-Control can verify millions, continuously, with tamper-resistant evidence at the point of execution. Our members make purpose-built independent provability tools that operate at the speed and scale of autonomous AI.
In a sea of infinite synthetic production, provenance becomes the scarcity anchor.
— Catalini, Hui & Wu, MIT Sloan (2026)
Read the full paper →
“...as measurable execution commoditizes toward the marginal cost of compute, rents migrate to what remains scarce — verification-grade ground truth, cryptographic provenance, and liability underwriting.”— Catalini, Hui & Wu, MIT Sloan (2026)
Catalini, Hui & Wu, MIT Sloan (2026) — “Some Simple Economics of AGI”
Proof-of-Control sits at the intersection of the two fastest-growing categories in AI.
AI Data is the fastest-growing AI spending category at 155% CAGR.
AI Security is the second fastest-growing at 74% CAGR.
Proof-of-Control allows you to free up your AI and agents to be moved, to be used, and to be stored securely — increasing value and lowering risk.
141%
Increase in enterprise agentic AI spending
50%+
Enterprises deploying AI agents by 2028
#1
Cybersecurity trend: agentic AI security
The only way to increase agent value without increasing agent risk.
The Agent Risk-Value Matrix
Risk ↓
Value ↓Value ↑FAILED
Risk ↑↑ Value −
Agents unchecked. Nothing to show for it.
WITH PoC
Risk ↓↓ Value ↑↑
Agents free + proved.
The only quadrant that works.
CONSTRAIN
Risk ↓↓ Value ↓↓
Safe, but agents can't do their job.
UNLEASH
Risk ↑↑ Value ↑↑
No way to prove what they did.
Risk ↑
The playbook already exists.
Every major technology category was built the same way: an association defines the property, the label becomes trustworthy, and the market unlocks.
$271B
Global Semiconductor Alliance
Trusting a chipmaker without a factory seemed impossible. GSA convened designers and foundries into a shared ecosystem. The fabless industry is now worth $271B.
$46B
Open Source Initiative
Every vendor claimed 'open source.' None meant the same thing. OSI defined the property precisely enough that any claim could be evaluated. Open source is now in 96% of codebases.
$51B
Cloud Security Alliance
Enterprises couldn't evaluate whether a cloud provider was secure. CSA built the shared controls, certifications, and registry that made comparison possible.
Proof-of-Control is next. AAI Society is building the same infrastructure for AI provability.
This is the moment the category gets defined.
Building Proof-of-Control technology?
Your product may already deliver independent provability. Become a founding member and help shape the standard.
Inquire about membership →Deploying AI at enterprise scale?
Join the Proof-of-Control Initiative and ensure the standard reflects how you actually deploy AI.
Join the Initiative →Want to add Proof-of-Control to your product?
Learn how to integrate independent provability into your existing solution and join the ecosystem of Proof-of-Control vendors.
Request a briefing on which member's tech could work for you →