II · THE ARCHITECTURE
Five structural properties
audit logs cannot deliver.
A cryptographic attestation, applied to AI-assisted work, produces records with five structural properties that conventional audit infrastructure does not. Each property addresses a specific failure mode of the audit logs in use today.
i
Cryptographic binding to a specific human
Each attestation is produced through a hardware-anchored credential held by an identifiable person. The system is structurally incapable of producing a valid signature without contemporaneous credential presentation. User accounts can be shared. Hardware credentials cannot be replicated.
ii
Tamper-evidence by mathematics
Each entry is cryptographically linked to its predecessor. Modification of any historical entry breaks the chain integrity downstream, detectable by anyone holding the chain. There is no privileged position from which a record can be altered without leaving a trace.
iii
Independent third-party verification
Verification does not require cooperation from the system that produced the attestation. A court, IG, opposing counsel, foreign regulator, journalist, or academic can verify integrity using only public material. The producing system can be hostile, defunct, or acquired — the record's integrity is unaffected.
iv
Architectural restriction on AI signing
By construction — not by runtime policy — the system cannot produce a signature on behalf of a software component classified as an AI agent. Enforced at the cryptographic primitive layer. AI agents can do many things. Signing on behalf of a human is not one of them.
v
Long-horizon defensibility
Hybrid classical and post-quantum signature architecture — FIPS 203, 204, 205 finalized August 2024. Records produced today survive the cryptographic transitions of the next decade. A signature that becomes invalid in 2035 cannot serve as evidence for a 2026 matter.
THE LINE THAT MATTERS
Conventional audit infrastructure produces records that the producing party controls. Amem produces records that survive adversarial verification by parties to whom the producing system owes nothing.
IV · THE NEGATIVE SPACE
What we
do not do.
Precision is asset. The category — AI memory, AI trust, AI safety — is crowded with products that share a name with Amem and almost nothing else. Stating clearly what Amem is not is part of stating clearly what Amem is.
NOT THIS
Conversational personalization memory. ChatGPT, Grok, Gemini, and Mem0 build features so chatbots remember your preferences. Useful. Different category. Amem is infrastructure, not personalization.
NOT THIS
Encryption. Cipher products encrypt data so it cannot be read without keys. Amem produces signatures so the work cannot be repudiated. Different cryptographic primitive class.
NOT THIS
Audit logging. Every enterprise platform has audit logs — some sophisticated, some primitive. All are records the producing party controls. Amem produces records that survive without that control.
NOT THIS
Workflow approvals. Approval routing, justification prompts, sign-off workflows — these record actions. Amem cryptographically attests them. Recording and signing are different categories.
NOT THIS
An AI vendor. Amem does not produce AI. Amem produces the cryptographic accountability layer that makes any AI defensible — Claude, ChatGPT, Gemini, Cursor, Harvey, CoCounsel, Lexis+ AI, and the proprietary models inside enterprise platforms.
NOT THIS
A compliance product. Compliance certificates document point-in-time conformance with frameworks. Amem produces operational evidence that satisfies multiple frameworks simultaneously, continuously, by structure.
Read the technical detail
under NDA.
The reference implementation works. The technical brief is shared with qualified parties under appropriate non-disclosure.
Request the brief