EVE CoreGuard

Validation & Assurance

What you can verify about EVE CoreGuard independently, right now — without trusting a single claim we make — and an honest, dated account of the third-party assurance work that is in progress or still on the roadmap.

Verify a decision yourself →

Straight answer

We don't have third-party audit letters or an external pen-test report yet. We're not going to imply we do. What we offer instead is evidence you can verify yourself — which is the same principle the product is built on.

Tier 1 · Verify it yourself, today

What you can independently confirm with zero trust in us

Each of these is checkable by you or your auditors directly. None of it requires you to take our word for anything, and none of it depends on EVE's servers being honest.

Offline cryptographic verification Every governed decision is signed (Ed25519 in production). Anyone can re-hash the decision record and re-verify the signature without contacting EVE's servers. Try it at /verify; the public key is published at /.well-known/eve-pubkey.

Determinism = reproducibility The same input plus the same policy version yields the same disposition every time. You can replay decisions and confirm the verdict reproduces — an independent check on the engine's behavior, not a claim about it.

Public patent filings 90 U.S. provisional applications, sole inventor, with published serial numbers verifiable at the USPTO. See the portfolio at /ip.

Published methodology The architecture and the benchmark methodology are public, so you can scrutinize how the numbers were produced — not just the numbers. Read the whitepaper and the benchmark.

Tier 2 · In progress

Third-party assurance underway

Honest status as of June 2026. These are started but not yet complete — we will say so until they are.

In progress SOC 2 Type II Engagement is in progress. No report has been issued yet, and we will not represent SOC 2 as completed until an examination report exists.

Tier 3 · On the roadmap

Planned, not yet done

These are commitments we intend to deliver. None of them have been completed, and we mark each one plainly so there is no ambiguity.

Planned Independent third-party penetration test With a published summary of findings. Planned — not yet completed.
Planned External security assessment An independent review of the security posture. Planned — not yet completed.
Planned Independent benchmark validation Reproduction and validation of our published methodology by an external party. Planned — not yet completed.

Talk to us about your assurance requirements

If your procurement or risk team needs specific evidence, start with what you can verify today, then tell us what else you need. We'd rather show you the evidence than ask you to trust the claim.

Verify a decision Enterprise & procurement [email protected]