Picture this: a bank deployed an AI agent to help with transaction approvals. Three weeks later a regulator shows up and asks a simple question: "On June 3rd your agent approved transaction #8492 for $47,000 — why?"
The bank goes to check the logs. The logs say "approved." But they don't say why. The agent's reasoning is gone, the context is lost, and the logs live on the same server where the agent runs. There's no way to prove to an external auditor that the decision was correct without asking them to trust the bank's own infrastructure.
This is not a hypothetical problem. Banks right now are starting to use AI agents for real things — moving money, making decisions, talking to customers — and the question of "how do I prove what my agent did last week?" is one that most of them cannot answer today.
I know because I've been researching this for months. And I built something that tries to fix it.
Logging is the default solution for tracking AI agents. Every framework writes logs. Every platform stores them. But logs have three problems that make them useless for regulated environments:
Logs can be changed. If someone with access to the server wants to modify a log entry, there's usually nothing stopping them. No signature, no chain, no external verification. A log is just a text file.
Logs depend on the server that produced them. If you want to verify what an agent did, you need to access the original system. You need to trust that the system wasn't tampered with. In banking, regulators want to verify things without needing to trust the bank's infrastructure.
Logs don't capture reasoning. Most logs record "what happened" but not "why the agent decided that." An AI agent's reasoning process is where the compliance value is. Logs usually just record the outcome.
Banks are required by regulations like the EU AI Act (which becomes active in August 2026) to keep records of high-risk AI system decisions. Article 12 specifically talks about automatic record keeping. But the regulation doesn't tell you how to do it — it just says you must.
TraceProof is an open-source system I built in Rust that creates a signed record of each AI agent decision. Think of it like a chain of evidence that follows every step the agent takes, signed with cryptographic keys so anyone can verify it later without needing to trust the system that produced it.
Here is how it works at a high level:
Agent decides something → Record is created → Signed with private key
→ Added to the chain → Anyone can verify later with the public key
Each record contains:
The key difference from logging is that TraceProof records can be verified offline by anyone who has the public key. A regulator can take the record, check the signature, and confirm that it is authentic without needing to contact the bank or access their servers.
I chose Rust for TraceProof for three reasons:
Safety. Rust's type system prevents entire categories of bugs at compile time. When money is involved, memory safety is not optional. The Rust compiler catches problems that would be runtime crashes in other languages.
Performance. Cryptographic operations are CPU-intensive. Rust's zero-cost abstractions mean I don't have to choose between clean code and fast code. TraceProof handles signing and verification without adding noticeable latency to agent operations.
Ecosystem. Rust has excellent cryptographic libraries (Ed25519, SHA-256) that are well-audited and widely used. The cargo tooling makes dependency management predictable, which matters for supply chain security in regulated environments.
TraceProof is designed to work with the FINOS AI Governance Framework (AIGF). FINOS is the Linux Foundation project where Goldman Sachs, Citi, Morgan Stanley, and other major banks collaborate on open-source financial infrastructure.
I designed TraceProof to plug into the AIGF MCP Server (contributed by Citi in June 2026) as an evidence layer. The AIGF MCP Server handles governance policies for AI agents — what they can do, where they can access data, how they should behave. TraceProof adds the proof layer — the cryptographic records that show those policies were actually followed.
This combination is important because FINOS members have the governance frameworks but nobody has solved the evidence problem yet. That's the gap TraceProof fills.
TraceProof is still early stage but the core is working. I've been building it since January 2026, it has 9 modules each with a clear responsibility, the core protocol for creating and verifying signed records is functional, and the MCP server integration allows it to connect with tools like filesystem and terminal access.
What I have today:
What I'm working on next:
The EU AI Act enforcement starts in August 2026. CNSA 2.0 (post-quantum cryptography) becomes mandatory in January 2027. Financial institutions that are deploying AI agents today need to start thinking about how they will prove what those agents did — not just log what they did.
I believe cryptographic attestation will become a standard part of AI agent infrastructure, just like logging and monitoring are today. TraceProof is my attempt to build that standard before the regulations force everyone to invent their own solutions in a hurry.
TraceProof is source-available (PolyForm Shield license — free for non-commercial use, learning, and auditing) and available on GitLab:
https://gitlab.com/zuo-labs/zuo-vector-nexus
If you're from a regulated financial institution and want to evaluate it under a commercial license, reach out via the repository.
If you're working on AI governance in finance or just curious about cryptographic attestation, I'd love to hear your thoughts. Open an issue, send a PR, or leave a comment below.
If this article was useful, consider sharing it with someone who works on AI governance or banking compliance. Follow me on DEV.to for more about Rust, AI agents, and cryptographic infrastructure.
The repository is undergoing internal documentation and test organization for regulatory compliance — it will be publicly available on July 1, 2026.