Answer the AI section of your security questionnaire.
Every enterprise prospect in 2026 asks a version of “how do you isolate tenant data in your AI features?” The honest answers are awkward (“each tenant has its own namespace”), the careful ones are vague (“we follow industry best practices”), and neither unblocks the deal. The buyer's security team wants verified evidence, not assurance.
Sectum AI delivers a Trust Evidence Pack: an annual,
tamper-evident attestation of multi-tenant isolation across your AI
surfaces — vector DB, RAG pipeline, agent framework, semantic
cache, fine-tunes, MCP. Drop the PDF + evidence JSON into your data
room; the prospect's security team independently verifies it with
sectum-ai verify.
Start an engagement Annual artifact, scoped per engagement
What you hand to the prospect
Trust attestation PDF
A 6-10 page artifact: executive summary, scope (the AI surfaces in scope at your stack), methodology (the marker substrate, the probes, the detection pipeline), per-surface verdicts, independent-verification instructions. The deliverable buyers' security teams accept.
Machine-readable evidence
The evidence.json the PDF is built from. The
in-toto envelope. The RFC 3161 timestamp token. The optional
Sigstore Rekor inclusion proof. Everything any auditor or
security team would want to verify the artifact themselves.
Independent verifier
Anyone with pip install sectum-ai runs
sectum-ai verify against the pack and validates the
chain end-to-end.
Mutating any field makes verify exit 4 with a
[FAIL] line. The pack is the proof, and the verifier
does not trust us.
Renewable annually
AI stacks change. The Trust Evidence Pack refreshes on an annual cadence so the artifact you hand the next prospect reflects the current state of your AI features. Renewable each cycle; no per-deal fee.
How an engagement runs
- Scoping (30 min call). We collect the configuration
of your AI surfaces — the vector DB, the tracing backend, the
cache, the agent framework, the MCP servers. No secrets cross the
boundary; everything resolves from your environment variables via
references in a
sectum-ai.yaml. - Substrate + probe runs (3 days). We provision synthetic tenants, plant cryptographic canary markers, run the probe suite across each configured surface, and detect cross-tenant findings against the ground-truth manifest.
- Attestation delivery (day 5). You receive the
Trust Evidence Pack: the PDF, the
evidence.json, the in-toto envelope, the RFC 3161 timestamp token, and aVERIFY.mdthat any third party can follow to verify the chain. - Reuse across deals (12 months). Drop the pack into every enterprise data room for the next 12 months. The artifact remains valid as long as your AI stack does not materially change.
What we attest, what we don't
Sectum AI verifies and attests; we do not certify your overall security posture, and the attestation is scoped narrowly to AI tenant isolation. If a surface returns RESIDUAL DATA, the pack itemizes the finding — the remediation belongs to your platform team. The pack is the proof, not the fix.
The control mappings on the pack are assertions of test coverage, not legal certification. The wording is explicit in the pack itself.
Why this works for the buyer's security team
- Independently verifiable. Their team does not need to trust Sectum AI — they run the verifier themselves.
- Cryptographically anchored. RFC 3161 timestamp and (optional) Sigstore Rekor inclusion proof bind the run to a public time and a public log entry.
- Control-mapped. The PDF appendix maps findings to SOC 2 CC6.1 / CC6.6 / CC6.7, ISO 27001 A.8.3 / A.8.12, NIST AI RMF MEASURE 2.7. Their compliance team has a familiar artifact shape.
- Scoped, not vague. The pack enumerates exactly which surfaces were tested, with which probes, against which ground-truth manifest. No “industry best practices” hand-waving.
Engagement
Scoped per engagement and delivered as a single annual artifact — one pack, reusable across every enterprise deal for 12 months, renewable each cycle. Start an engagement for a quote.
For continuous (monthly) verification across multiple stacks, see Continuous Multi-Tenant Verification. For a targeted GDPR Article 17 erasure attestation, see Erasure Attestation.