ZeroH Disclosure

Cryptographic proof of AI safety, for regulated finance

When your regulator, DPO, or Shariah board asks what data your AI saw, ZeroH Disclosure answers with a tamper-evident proof record. Bring your own AI. Keep your data sovereign.

Schedule a demoSee how it works
SOC 2 Type IIISO 27001:2022GDPRAmanie FatwaQFC Digital Assets LabUK Patent Pending

How it works

Watch a prompt get cryptographically redacted before it reaches an AI

ZeroH Disclosure intercepts every prompt at the policy boundary. Sensitive fields are masked by your governance rules, the AI sees only the redacted version, and a signed audit record is anchored to Hedera. Provable to your DPO and your regulator.

1. Your prompt

From your user, agent, or workflow

Review the Mudaraba contract for customer Ahmed Al-Maktoum with account ••• 4429 for Shariah compliance. Portfolio value AED 2.4M.
CUSTOMER_NAMEACCOUNT_NUMBERAMOUNT

2. What the AI sees

Microsoft 365 Copilot, Claude, ChatGPT, or your internal agent

Review the Mudaraba contract for customer ████ [CUSTOMER_NAME] with account ████ [ACCOUNT_NUMBER] for Shariah compliance. Portfolio value ████ [AMOUNT].
Policy applied3 fields masked

3. Signed audit record · anchored to Hedera

proof:bbs+sha256:0x9c2f...e41a · 2026-05-19T08:14:22Z

GDPR Art.5EU AI Act Art.12QCB AI GuidancePRA SS1/23
Loops every 6 seconds

Five proof points

What ZeroH Disclosure delivers to the buying committee

Regulatory Proof

Examiner-ready evidence under every framework you answer to

ZeroH Disclosure produces a tamper-evident audit record every time your AI processes sensitive data. Designed to support evidence under PRA SS1/23 model risk management, EU AI Act high-risk obligations, NIST AI RMF, ISO 42001, QCB AI Guidance, and CBUAE Responsible AI principles. When the supervisor asks how you are governing AI, the answer is a cryptographic proof record, not a policy document.

For: CCO · CRO · Board Audit Committee

Data Control / Bring Your Own AI

Use the AI your team already trusts, without surrendering data control

A patent-pending disclosure policy engine applies your governance rules at field level before any data reaches an external AI. Microsoft 365 Copilot, Claude, ChatGPT, Google Vertex, custom internal agents — all wrapped in the same cryptographic safety layer. Plugin integrations for Outlook, the browser, and MCP servers are in active development.

For: CIO · CTO · CISO · AI Platform Lead

AI Safety Layer

Cryptographic redaction at the prompt boundary

Sensitive fields are masked under your disclosure policy before the prompt reaches the model. The decision, the masked payload, the AI response, and the human review step are all signed and anchored. BBS+ selective disclosure lets you prove the redaction to your DPO without exposing the underlying data. Proof, not policy.

For: DPO · AI Risk Officer · Privacy Counsel

Built, Not Retrofitted

Designed for the AI × regulated finance × cryptographic provenance intersection

SOC 2 Type II, ISO 27001:2022, GDPR compliance, full Shariah Fatwa from Amanie Advisors, validated inside the QFC Digital Assets Lab in Qatar, UK patent pending (GB2604344.8). Not an AI tool with security bolted on. A cryptographic safety layer built ground-up for the regulators who actually examine you.

For: CCO · CIO · Procurement · Security Architecture

Multi-Stakeholder Verifiability

One signed record. Independently verifiable by every stakeholder

Your supervisor sees the regulatory proof. Your DPO sees the redaction evidence. Your Shariah board (where applicable) sees the Sharia-auditable view. Your internal audit reconstructs any AI interaction months later. Same signed record, different lenses, vendor-independent.

For: Regulator-facing teams · Internal audit · External audit

Frequently asked

What the buying committee asks

What does ZeroH Disclosure actually do?
ZeroH Disclosure is a cryptographic safety layer that sits between your team (or your AI agents) and any external AI system. Every prompt is intercepted, evaluated against your disclosure policy, and selectively redacted before it reaches the model. The decision, the masked content, the AI response, and the human review are all signed and anchored to Hedera. The output is a tamper-evident proof record your CISO, your DPO, and your regulator can each verify independently.
How does the disclosure policy engine work?
The policy engine evaluates every customer-data field against your institution governance rules at runtime. Fields are classified, masked under policy, and the disclosure decision is signed. When the external AI receives the prompt, only the fields your policy permits have reached it. The signed disclosure record can be exported as JSON-LD with provenance plus a PDF view that supervisors can read directly.
Which regulatory frameworks is ZeroH Disclosure designed to support evidence under?
PRA SS1/23 model risk management, EU AI Act high-risk Articles 8-15, NIST AI RMF, ISO 42001, QCB AI Guidance (September 2024), QCB Cloud Computing Regulation (April 2024), CBUAE Responsible AI principles, GDPR Article 5 and Article 12. For Islamic finance institutions, AAOIFI Sharia governance standards. Each framework has a mapped proof-pack template that produces the specific evidence shape the supervisor expects.
How is this different from LLM security tools or AI governance dashboards?
LLM security tools defend the prompt-response layer: prompt injection, jailbreaks, model integrity. They do not produce cryptographic, third-party-verifiable proof of what an AI actually saw or what was redacted. AI governance dashboards map controls to frameworks and produce attestation views. ZeroH Disclosure adds the cryptographic runtime evidence those governance dashboards assume but do not provide. Governance plus verification.
Does ZeroH Disclosure hold a Shariah Fatwa?
Yes. ZeroH holds a full Shariah Fatwa from Amanie Advisors, one of the most cited Shariah advisory firms in the Gulf. The Fatwa covers the underlying platform methodology: the tamper-evident proof record mechanism, the disclosure policy engine, and the documentation standards used in Shariah audit. Available to your SSB Secretary on request. Note that the Fatwa attaches to the ZeroH platform methodology, not to specific downstream products built on top of it.
How does a typical evaluation work?
We scope a 30 to 60 day proof of concept against one or two of your active regulatory frameworks and one or two business AI use cases. The POC validates the audit trail, the proof pack export, and the integration with your existing AI stack. Pre-launch institutions typically integrate Disclosure 6 to 9 months before licence approval, when retrofit costs are lowest.

Bring your own AI. Keep your data sovereign.

We work most closely with CISOs, DPOs, AI Risk Officers, and Heads of Shariah Compliance at regulated financial institutions. Reference conversations shape the roadmap.

Schedule a demoSee the roadmap