Legal, insurance & regulated enterprise
Fact-checking & guardrails for document AI you can be held to
In regulated work, an AI answer is not a draft – it gets relied upon, filed, quoted. A fabricated citation or a figure that contradicts the source document is not a quality issue, it is a liability. And when a regulator asks what your AI did and why, “we don’t log that” is not an answer.
The proxy grounds every answer against the documents the model was actually given: figures are matched to the source deterministically, a fact-check judge flags claims the material cannot support and contradictions inside the answer itself, and RAG cross-checks against your own document store.
Governance is built into the same wire: policies are versioned documents with history, every request records which checks ran and what they decided, and each agent run produces one coherent audit trail across the LLM boundary, tool calls, and workflow checkpoints.
Where it breaks
- ✕Fabricated citations / figures
- ✕Internal contradictions
- ✕Data residency & audit gaps
What answers it
- → Grounding + fact-check + RAG
- → Conformance to stated policy
- → Versioned policy-as-code
- → Immutable per-run audit trail
The confident fabrication
A contract-review assistant cites a clause number and a figure that appear nowhere in the uploaded agreement. Numeric grounding flags the unsupported figure against the source; the fact-check judge flags the citation as unsupported by the material. In prevent mode the answer is blocked; in fix mode both findings are recorded and visible in the request’s grounding report.
How do you catch a fabricated citation?
Two independent layers: deterministic grounding matches figures and identifiers against the provided source, and a fact-check judge evaluates whether claims are supported by the material – flagging unsupported and overconfident statements.
Is there an audit trail?
Every request logs which guardrail stages ran, what they found, and what action was taken; agent runs are reconstructed into a single run graph spanning model calls, tool calls, and checkpoints. Policies are versioned with rollback history.
Can we enforce our own review policy?
Yes – declare it as a sequence policy (for example, “file only after review”) and the proxy enforces it as a state machine over the run, flagging in fix mode and blocking in prevent mode.
What about privileged or client-identifying data?
PII screening replaces identifying values with placeholders before they reach the model provider, and unscreens them in the response your application receives. Logs store the screened form by default.
See it on your own traffic.
We’re running a limited demo – sign up and we’ll get you in as soon as we can.