Nothing to Explain Away
No language model sits in the signed path. The determination is deterministic, not a generated explanation produced after the fact.
Trust and security
When a regulator, auditor, board, or insurer challenges a high-consequence AI decision, your own logs are just you vouching for yourself. Forge is the independent engine that builds the record of how the decision was reached and returns verification material the other side can check without trusting either party. The customer keeps the workflow, keeps decision authority, and holds the system of record. Forge retains only the verification material and the per-tenant calibration outcomes needed to reproduce and grade a decision. The proof trail reproduces offline, without relying on the system that made the original call.
No language model sits in the signed path. The determination is deterministic, not a generated explanation produced after the fact.
Each proof trail carries independent verification material, so a regulator or auditor can check the path without relying on the original system's own logs.
Live customer data is not accepted until an agreement is in place, security review is complete, and a deployment path is agreed. The first proof uses synthetic or sanitized data.
Each proof trail carries the decision question, the allowed action menu, the evidence that mattered, the rule that applied, the uncertainty carried, where a human held authority, and the verification material that lets the other side reproduce it.
Forge uses outcome feedback for metrics-only calibration, not customer-data training. The preferred first proof uses synthetic or sanitized data. Regulated or restricted data needs the right agreement and deployment path before use.
Forge stakes an explicit confidence on each decision, then lets your outcomes grade it. Your team tags what actually happened, and Forge keeps score against your results for that tenant and workflow. It earns calibration by being accountable to outcomes, never by training on your data.
Anyone can log what happened, and anyone can sign the log. A signature on a receipt is not a defense. What passes diligence is the independent, reproducible case for why the decision cleared the rules, the kind that holds when someone with power over you asks you to prove it.
| SOC 2 | Not certified. SOC 2 is not claimed. If your procurement requires it before a broader rollout, treat it as a scheduled contract milestone, not a pilot prerequisite. |
|---|---|
| FedRAMP / ATO | Not authorized. FedRAMP and ATO are not claimed. Do not route restricted government data through public commercial endpoints without the required authorization path. |
| CMMC | Not certified. CMMC is not claimed. |
| Decision authority | Forge does not make the customer's final legal, compliance, or business decision. |
| Integration boundary | Forge evaluates and signs a record for the actions routed through the Forge integration point, and for nothing outside it. The customer's system executes the action, and the customer's human keeps the decision. |
| Security contact | [email protected] |