Proof that every agent action was authorised, within policy, and auditable.

Hard spend ceilings enforced before execution — not after. Every agent run is checked against your per-agent and per-tenant budget. Runs that would breach the ceiling are blocked, not flagged.

Set latency, grade, reputation, and price-ceiling thresholds per agent. Violations surface in real time. Breaching agents are highlighted the moment the threshold is crossed.

Any run above a configured spend threshold pauses for a named approver. Approve or reject from the Risk dashboard — no engineering access required. Full audit trail either way.

Every agent run produces a signed, hash-chained receipt. Receipts are retained for 90 days and exportable on demand to your SIEM, GRC platform, or audit pipeline via webhook.

Compare your agent fleet's spend, latency, and grade profile against an anonymised cross-tenant benchmark. Know immediately if your agents are drifting from market norms.

Push violation events, approval decisions, and receipt hashes to any HTTP endpoint. Native connectors for Splunk, Datadog, and Elastic are on the roadmap. Pro includes managed connector setup.

• ✓Dedicated Risk dashboard
• ✓Hard spend blocks (pre-execution)
• ✓SLA policy editor
• ✓90-day signed receipt archive
• ✓Spend benchmark vs. peer fleet
• ✓Violation ledger (all severity levels)
• ✓Webhook delivery for all events
• ✓Self-serve onboarding guide
• ✓Email support

• ✓Everything in Risk Core
• ✓Human approval gates
• ✓Managed SIEM connectors (Splunk, Elastic)
• ✓Dedicated onboarding with risk team
• ✓Priority Slack support
• ✓5% enterprise toll eligibility on governed runs
• ✓SOC 2 evidence pack (under NDA)

Attestify Risk is a separately scoped engagement on a separate budget line — it is not a tier upgrade from Builder, Growth, or Enterprise. The two products share the same data layer but have distinct access paths and billing.

Standalone. Attestify Risk is a separate subscription for the risk buyer — it includes all the platform infrastructure your agents need plus the compliance controls layer. You do not need a Builder, Growth, or Enterprise plan alongside it.

No. The Risk dashboard is designed for a non-technical risk officer to use independently. Engineers continue using the main Attestify dashboard. The two views share the same data layer but have separate access paths.

A spend limit flags or alerts when a threshold is exceeded. A hard block prevents execution entirely before the payment or action completes — the run never starts if it would breach your mandate.

Large-scale enterprise deployments on Risk Pro can add a 5% toll on the notional value of each governed agent run — on top of the monthly fee. This applies to high-volume contracts and is scoped during onboarding.

Yes. Receipts are delivered to any HTTPS webhook endpoint you configure. Signed receipt hashes are compatible with any system that accepts JSON. Managed Splunk and Elastic connectors are included in Risk Pro.

Attestify Risk provides the evidence layer — signed receipts, violation logs, approval audit trails, and spend records — that your auditor needs. We are currently pursuing SOC 2 Type II and will share the report under NDA.