What is Proof-of-Control?
Proof-of-Control is the spectrum of AI verification: Self-Verifiable, Independently Verifiable, and Cryptographically Verifiable. The Proof-of-Control Standard defines the third stage: cryptographic verification. The Proof-of-Control Certification covers all three stages, with companies earning certification at the stage that matches their technology.
Human Authorizes
Agent Authenticates
Data Accessed
Boundary Crossed
Compliance Checked
Output Delivered
Context Retrieved
Payment Settled
Model Executes
A hypothetical AI agent lifecycle — each Proof-of-Control evidence point is where verification could be applied.
The problem Proof-of-Control solves
Every enterprise deploying AI is asking the same question: how do we know what the machine did?
Today, the answer relies on three things that don't constitute evidence:
01
Logs can be fabricated.
They're generated by the same system they're supposed to monitor. The entity being watched is writing its own report card.
02
Policies describe intent, not behavior.
A governance policy says what should happen. It says nothing about what actually did.
03
Contracts assign blame after the fact.
They define liability. They don't prevent the harm or produce evidence of what occurred.
The Verifiability Gap is the absence of independent evidence of what AI systems actually do. It is the distance between what AI systems do and what you can verify they did. Wherever AI operates without independent verification, the gap exists. Agents make it acute.
What AI did
Actions, decisions, data accessed
The Verifiability Gap
No independent evidence
What you can verify
Logs? Policies? Contracts?
[ Proof-of-Control ] closes the gap
The technology exists. The shared language doesn't.
Vendors are selling verifiability under dozens of different names and some are delivering it without even knowing that's what they have.
31+ terms. No shared language. No way for buyers to compare.
One category. One name. Every term above fits inside it.
These technologies touch five domains:
But buyers aren't asking for cryptographic logging or hardware attestation. They're asking:
“If an agent made a decision in our name, can we verify who gave it permission?”
“How do we verify the agent didn't expose patient data between clouds?”
“An agent just authorized a payment. Can we verify who approved it?”
Every one of these questions is a demand for verifiability. Buyers just don't know it has a name and vendors aren't making it easy to find.
What makes Proof-of-Control different
It's a property, not a product.
Proof-of-Controlis a property — like “open source” or “cloud-native.” Many different technologies can deliver it. AAI Society defines the property. Our members build the technology.
It's implementable anywhere in the stack.
At the identity layer, the compute layer, the storage layer, the payment layer, the compliance layer. Wherever AI acts, Proof-of-Control can apply. Our members have the products for it.
It satisfies existing compliance requirements.
NIST AI RMF, Google SAIF, ISO 42001, and SOX all require integrity and transparency. Proof-of-Control is the technical implementation that satisfies those requirements with cryptographic evidence rather than self-reported claims.
It's compatible with your existing stack.
Whatever you have, our members' technologies are composable and integratable with existing vendors. You don't rip and replace; you add verifiability to what you already run.
It's enterprise-ready.
Our members build products with Proof-of-Control to meet enterprise compliance requirements including SOC 2, ISO 27001, HIPAA, and SOX. The evidence they produce is designed to satisfy auditors, not just engineers.
Compute is a commodity. Verification is the moat.
Christian Catalini's research at MIT Sloan demonstrates that as the cost to automate crashes toward zero, AI execution becomes a commodity. What remains scarce is verification: the ability to confirm what AI actually did.
Catalini's framework describes verification broadly, from human review to automated checks. Verifiable AI scales verification beyond human bandwidth. Where a human can verify a single transaction at a time, our members build for verification at machine speed and scale. Proof-of-Control organizes this work into three stages: Self-Verifiable, Independently Verifiable, and Cryptographically Verifiable.
Some Simple Economics of AGI
Catalini, Hui & Wu (2026)
Read the full paper →
In a sea of infinite synthetic production, provenance becomes the scarcity anchor.
— Catalini, Hui & Wu, MIT Sloan (2026)
...as measurable execution commoditizes toward the marginal cost of compute, rents migrate to what remains scarce — verification-grade ground truth, cryptographic provenance, and liability underwriting.
— Catalini, Hui & Wu, MIT Sloan (2026)
Catalini, Hui & Wu, MIT Sloan (2026) — “Some Simple Economics of AGI”
Proof-of-Control sits at the intersection of the two fastest-growing categories in AI.
AI Data is the fastest-growing AI spending category at 155% CAGR.
AI Security is the second fastest-growing at 74% CAGR.
Proof-of-Control allows you to free up your AI and agents to be moved, to be used, and to be stored securely — increasing value and lowering risk.
141%
Increase in enterprise agentic AI spending
50%+
Enterprises deploying AI agents by 2028
#1
Cybersecurity trend: agentic AI security
The only way to increase agent value without increasing agent risk.
The Agent Risk-Value Matrix
Risk ↓
FAILED
Risk ↑↑ Value −
Agents unchecked. Nothing to show for it.
WITH Proof-of-Control
Risk ↓↓ Value ↑↑
Agents free + proved.
The only quadrant that works.
CONSTRAIN
Risk ↓↓ Value ↓↓
Safe, but agents can't do their job.
UNLEASH
Risk ↑↑ Value ↑↑
No way to verify what they did.
Risk ↑
The playbook already exists.
Every major technology category was built the same way: an association defines the property, the label becomes trustworthy, and the market unlocks.
$271B
Global Semiconductor Alliance
Trusting a chipmaker without a factory seemed impossible. GSA convened designers and foundries into a shared ecosystem. The fabless industry is now worth $271B.
$46B
Open Source Initiative
Every vendor claimed 'open source.' None meant the same thing. OSI defined the property precisely enough that any claim could be evaluated. Open source is now in 96% of codebases.
$51B
Cloud Security Alliance
Enterprises couldn't evaluate whether a cloud provider was secure. CSA built the shared controls, certifications, and registry that made comparison possible.
Proof-of-Control is next. AAI Society is building the same infrastructure for verifiable AI.
This is the moment the category gets defined.
Building Proof-of-Control technology?
Your product may already deliver verifiability. Become a founding member and help shape the standard.
Inquire about membership →Deploying AI at enterprise scale?
Get a briefing on Proof-of-Control and how independent verification fits into your AI strategy.
Request a briefing →Want to add Proof-of-Control to your product?
Learn how to integrate verifiability into your existing solution and join the ecosystem of Proof-of-Control vendors.
Request a briefing on which member's tech could work for you →