Every claim has a receipt.

Each AI repair carries a Proof-of-AI card: the exact tier used, the upstream request-id, the per-call latency, and the cost on your account. Copy the JSON, open a Patchguard support ticket — we can verify the request-id came from your call.

Below is the real Forensic-tier call counter from the last five minutes — the same widget that lives on the home page. If our primary tier is unavailable, this badge turns amber rather than going dark. We don't get to hide degradations.

Your AI supply chain — agent frameworks, MCP servers, model SDKs — ships CVEs like everyone else. Live count from NVD — when one shows up, we want our customers to be the first to know.

Every state change in your org — repo connected, SBOM generated, CVE detected, repair started, patch deployed — is appended to a hash-chained audit log. Export the entire chain in one click; hand it to your SOC2 auditor.

Login required. Exports are scoped to your org by row-level security at the database layer.

Our detection and repair numbers come from a 200-CVE seed corpus across 8 languages, run against Patchguard and competitors with the same harness. Every number is reproducible from this repository — no private API.

We are not yet SOC2 Type II certified — and we will not pretend otherwise. We have the controls in place (RLS, audit chain, encryption, sandboxed AI). Formal attestation is the next step. We will publish the report number here when issued.

Status: Type I scope locked, Type II window opens 2026-Q3.