EVE AI Core
Analysts define the AI governance platform category by a specific capability set — inventory, audit, risk and regulations, runtime enforcement, data usage mapping, evidence collection, interoperability, and approvals. This page maps EVE AI Core to each capability, plainly, with the enforcement-grade mechanism behind it.
Updated · Maintained by the EVE NeuroSystems engineering team · Reviewed by Jamaurice Holt, Founder
An AI governance platform is expected to deliver all eight. EVE AI Core approaches them from the enforcement side: the gate produces the inventory, the audit trail, and the evidence as one artifact — not as separate reports to reconcile. Jump to any capability:
Before any AI agent, model route, or tool can act, it must be registered: agents and tools in the governed registry, models on per-tenant provider allowlists, and rules in a versioned catalog of executable policy packs. Registration is a precondition of passing the gate, so the inventory is enforced, not self-reported. An unregistered agent, tool, or model route is refused — the catalog cannot silently drift from reality.
Every decision appends to a hash-chained, tamper-evident audit trail, and batches are aggregated into signed Merkle roots. Chain integrity is verifiable independently of EVE — an auditor checks the cryptography, not a screenshot. Operator actions (approvals, rejections, cancellations, exports) are themselves audited on the same trail.
Each proposed action is risk-scored (LOW / MEDIUM / HIGH) and evaluated against versioned regulatory policy packs — mappings for ECOA / Reg B, SR 11-7, HIPAA, and the EU AI Act among them. The pack version is recorded inside the decision evidence, so you can prove which rules were in force when a specific decision was made.
The anchor capability. EVE CoreGuard evaluates every proposed action before it executes and returns a deterministic ALLOW / BLOCK / MODIFY verdict — fail-closed, with no LLM in the decision path. Compliance is not a dashboard reconciled after the fact; it is a gate the action must pass through, every time, with the same inputs producing the same verdict.
Data-usage rules are enforced at decision time: PII-handling policy packs, per-tenant isolation, and user-controlled retention policies. Deletions produce signed, hash-chained deletion receipts across storage layers — proof built for GDPR right-to-erasure and CCPA deletion obligations — so you can show an examiner not only how data is permitted to be used, but cryptographic proof of when its use stopped.
Evidence is a by-product of enforcement, not a separate collection workflow. Every decision emits an Ed25519-signed certificate via EVE Proof that a third party verifies offline — no EVE service in the loop — and decisions replay deterministically to demonstrate the verdict was what the policy required. The decision and its proof are produced at the same instant.
EVE AI Core integrates without rearchitecting: a REST decision API (POST /v1/decisions/evaluate) with Python, TypeScript, and Rust SDKs; a sidecar deployment mode that sits in front of existing services; webhooks for governance events; and model-agnostic routing — any provider or self-hosted model. EVE governs the decision, not the model, so you can swap models without changing the control plane. See the API reference.
A three-phase workflow — propose → approve → execute — with risk-gated approvals: high-risk actions require human sign-off before they run. Role-based access control separates viewers, operators, approvers, and admins; an approvals inbox surfaces pending decisions; and every approval or rejection lands on the signed audit trail.
Same eight capabilities, one line each — what the category asks for, and the concrete EVE AI Core mechanism that answers it.
| Capability | What the category asks for | EVE AI Core mechanism |
|---|---|---|
| AI Inventory/Catalog | Know every AI system, agent, and model in scope | Governed agent/tool registry, per-tenant model allowlists, versioned policy-pack catalog — registration required to pass the gate |
| Audit | A complete, trustworthy record of AI activity | Hash-chained audit trails with signed Merkle-root aggregation; independently verifiable integrity |
| Risk Management and Regulations | Assess risk and map to regulatory obligations | Per-decision risk scoring against versioned regulatory packs (ECOA/Reg B, SR 11-7, HIPAA, EU AI Act); pack version bound into evidence |
| Automated Policy Compliance and Runtime Enforcement | Enforce policy on live systems, not just report on them | EVE CoreGuard pre-execution gate: deterministic ALLOW / BLOCK / MODIFY, fail-closed, zero-LLM decision path |
| Data Usage Mapping | Understand and control how data is used by AI | PII policy packs, tenant isolation, retention policies, signed deletion receipts across storage layers |
| Evidence Collection | Produce proof for auditors, examiners, and courts | EVE Proof: Ed25519-signed per-decision certificates, offline third-party verification, deterministic replay |
| Interoperability | Work with the stack you already run | REST API, Python/TypeScript/Rust SDKs, sidecar mode, webhooks, model-agnostic routing |
| Workflow and Approvals | Route decisions to humans with accountability | Propose → approve → execute registry, risk-gated human approval, RBAC, audited operator actions |
If the requirement is to stop a non-compliant decision before it runs and hand an examiner signed, replayable, offline-verifiable proof, that is what EVE AI Core is purpose-built for. Runtime enforcement (capability 04) and evidence collection (capability 06) are where deterministic, fail-closed architecture makes the difference — the audit trail, the risk verdict, and the certificate are produced by the same gate, so they can never disagree with each other. To see the mechanics end to end, walk the reference governed-decision case study (illustrative) or verify a sample signed decision yourself.
EVE AI Core inventories and maps the systems routed through its gate. If you also need organization-wide discovery of AI you do not yet govern — shadow-AI scanning, vendor assessments, framework attestation workflows across every department — that is program-level GRC, and a registry platform does it well alongside EVE. See our AI governance platform roundup for how the layers interlock, or compare EVE AI Core with GRC-first platforms side by side.
Bring a regulated decision — lending, healthcare, claims, trading — and we will walk it through the gate: the inventory entry, the risk verdict, the enforcement decision, and the signed certificate you can verify offline. Controlled pilot from $37,500.
Not ready for a pilot? Start lighter: the API reference, the whitepaper, or verify a sample signed decision.
Gartner® is a registered trademark of Gartner, Inc., used here for identification only; no affiliation or endorsement. Capability descriptions reflect EVE AI Core as documented as of . Related: Best AI governance platforms · All comparisons · EVE CoreGuard.