OAIS — AI Sovereignty Infrastructure
AI Sovereignty Infrastructure

AI was never the problem.
Deploying it without
sovereignty was.

OAIS builds the infrastructure that makes AI yours — captured, blocked, governed, and optimised.

See How Sentinel Works Request a Demo
287 automated tests
97%+ branch coverage
April 2026 running since
0 chain gaps
OSFI E-23 Compliance Deadline
--- days
:
-- hours
:
-- min
May 1, 2027 — Mandatory for all federally regulated Canadian FIs
Overview

What Is OAIS?

OAIS (Optimized Artificial Intelligence Systems Inc.) is a Canadian company that builds AI sovereignty infrastructure for regulated enterprises. Founded by Daniel Fruman, OAIS provides two products — Sentinel Core and Sentinel Guard — that capture, block, govern, and optimise every AI interaction in an organisation, creating a cryptographic chain of custody that is independently verifiable.

OAIS serves financial institutions, insurers, and other regulated enterprises preparing for OSFI E-23 (mandatory May 2027), the EU AI Act, and ISO 42001 compliance. The platform is metadata-only by default — OAIS never sees client content, only cryptographic fingerprints.

Products

Two Products. One Chain.

Sentinel Core captures and anchors every AI interaction. Sentinel Guard intercepts them at the browser. Together, they form a cryptographic chain of custody for every AI interaction in your organisation.

Sentinel Core

Cryptographic AI Interaction Registry

One line of code. Every AI interaction is HMAC-hashed with a key only you hold, Ed25519-signed, Merkle-anchored, and timestamped by an independent RFC 3161 authority. OAIS sees the fingerprint. Never the content.

Layer 1

HMAC-SHA3-256 Hashing

Content hashed with a tenant key that OAIS never holds. Inputs and outputs become irreversible fingerprints.

Layer 2

Ed25519 Signing

Each record is signed by the client agent. Tamper-evident from the moment of capture.

Layer 3

RFC 6962 Merkle Anchoring

Records are batched into Merkle trees. Any single change invalidates the entire chain above it.

Layer 4

RFC 3161 Timestamping

An independent timestamp authority proves records existed at a specific time. No OAIS infrastructure access required to verify.

Independently Verifiable

Any third party can verify the entire chain with a standalone script. No OAIS account, no API access, no trust required.

Sentinel Guard

Browser Extension for Shadow AI Detection & DLP

Deployed via Chrome Enterprise Policy or Intune. Sentinel Guard detects AI tool usage across Chrome and Edge, enforces DLP rules before data leaves the browser, and feeds metadata records into the same Sentinel Core registry.

Shadow AI discovery across ChatGPT, Claude, Gemini, Perplexity
DLP enforcement at the browser layer — stop what you don't want leaving before it leaves
Metadata-only by default — content capture is opt-in
Same cryptographic chain as Sentinel Core — one registry, complete coverage
How It Works

From AI Interaction to Verifiable Proof in Four Steps

When an employee interacts with any AI system, Sentinel captures that interaction and produces a tamper-evident, independently verifiable record. Here is exactly how the process works.

Step 1

Interaction Capture

Sentinel Core intercepts the AI interaction at the API layer (or Sentinel Guard captures it at the browser layer). The raw content never leaves the client environment. Instead, it is immediately processed locally.

Step 2

Cryptographic Hashing

The interaction content is hashed using HMAC-SHA3-256 with a key held exclusively by the client. The result is a fixed-length fingerprint. OAIS receives this fingerprint. It cannot reverse the hash to recover the original content. This is the zero-knowledge guarantee.

Step 3

Signing and Anchoring

The fingerprint is signed with an Ed25519 key (proving who created the record), then batched into a Merkle tree (RFC 6962). Any modification to any record in the batch invalidates the tree root. The Merkle root is then submitted to an independent RFC 3161 timestamp authority, proving the batch existed at a specific time.

Step 4

Independent Verification

Any third party — a regulator, auditor, or internal compliance team — can verify the entire chain using a standalone verification script. No OAIS account is required. No API access is needed. The proof is mathematical, not institutional.

The result: A cryptographic chain of custody for every AI interaction in your organisation. Every record is tamper-evident, independently timestamped, and verifiable without trusting OAIS. This is what separates independent audit custody from platform governance logging.

Why OAIS

We are not here to make the
Large Liability Model more powerful.

We are here to make you sovereign over it.

01

Capture

Every AI interaction, in and out, hashed with a key only the client holds. OAIS sees the fingerprint, never the content.

02

Block

DLP enforcement at the browser and API layer. Stop what you don't want leaving before it leaves.

03

Govern

AI output that triggers autonomous action passes through a deterministic governance gate before it executes.

04

Optimise

The audit chain is data. Use it to optimise tokenomics, fine-tune models, build proprietary datasets, demonstrate ROI, streamline workflows.

OSFI E-23

Effective May 2027. Enterprise-wide AI model risk management for all federally regulated Canadian FIs.

EU AI Act

Mandatory compliance for AI systems in regulated contexts across European markets.

ISO 42001

International standard for AI management systems. Sentinel produces the evidence automatically.

What Becomes Possible

The Audit Chain Is Data

Once every AI interaction is captured cryptographically by Sentinel Core, new capabilities emerge that were previously impossible.

Regulatory Evidence on Demand

OSFI E-23, EU AI Act, ISO 42001. Export a verifiable, timestamped chain for any audit window in seconds.

Shadow AI Discovery

Find every AI tool in use across your organisation. Know what's happening before a regulator asks.

Proprietary AI Datasets

Your interaction data, structured and labelled. Build proprietary datasets for fine-tuning and competitive advantage.

Token Optimisation

Cost per outcome, not cost per call. See which interactions produce value and which waste tokens.

Governed Autonomous Agents

AI that acts within your boundaries. Deterministic governance gates that are architecturally incapable of being bypassed.

Workflow Streamlining

Audit chain insights reveal bottlenecks, redundant interactions, and optimisation opportunities across your AI-augmented workflows.

Why It Matters

Platform Governance Logs vs.
Independent Audit Custody

Most AI platforms offer built-in usage logs. These logs record what happened. They cannot prove the log is true. This distinction is critical for regulatory compliance.

Platform Governance Logging

The platform that generated the AI output also controls the log of that output.
Logs can be modified, deleted, or selectively exported by the platform operator.
No independent timestamp — the platform's own clock is the only authority.
Verification requires trusting the platform. No independent path exists.
Satisfies internal policy requirements. May not satisfy regulatory audit standards.

OAIS Sentinel — Independent Audit Custody

The audit record is captured by an independent system, separate from the AI platform.
Records are HMAC-hashed, Ed25519-signed, and Merkle-anchored. Any modification is cryptographically detectable.
Independent RFC 3161 timestamp authority proves records existed at a specific time.
Any third party can verify the entire chain with a standalone script. No OAIS account required.
Designed for OSFI E-23, EU AI Act, and ISO 42001 regulatory audit requirements.

For a detailed analysis, read: Your AI Platform Logs What Happened. It Cannot Prove the Log Is True. — by Daniel Fruman, May 2026.

Pricing

Tailored to Your Environment

Every deployment is different. Pricing is scoped to your systems, data volume, integration requirements, and compliance objectives.

Pilot Program
Let’s Scope It

30 days. One AI system. Full Sentinel Core functionality with dedicated onboarding. We’ll define scope, integration approach, and success criteria together.

  • Full Sentinel Core functionality
  • Cryptographic chain of custody
  • RFC 3161 timestamping
  • Independent verification
  • Dedicated onboarding support
Start a Conversation
Sentinel Core
Custom

Priced by the number of AI systems monitored, interaction volume, and integration complexity. Includes platform licensing, implementation, and ongoing support. Consulting and advisory services available.

  • Full compliance-grade audit trail
  • Cryptographic chain of custody with RFC 3161
  • Real-time and batch integration options
  • OSFI-aligned governance reporting
Talk to Our Team
Sentinel Guard
Contact Us

Per-seat licensing for Chrome and Edge. Volume-based pricing scaled to your organization. Annual and multi-year options available.

  • Shadow AI discovery
  • DLP enforcement
  • Chrome Enterprise / Intune deployment
  • Records feed into Sentinel Core
Get a Quote

Every engagement starts with a scoping conversation. No commitment required.

The Team

Built by Practitioners,
Not Observers

Founder & Architect

Daniel Fruman

Designed and built the Sentinel architecture. Over a decade of hands-on experience in healthcare privacy compliance and data governance, building and enforcing governance systems in regulated Canadian environments. Specialises in cryptographic audit systems, AI risk management, and regulatory compliance (OSFI E-23, EU AI Act, ISO 42001).

info@oais.ai | LinkedIn

Co-Founders

Founding Team

Three co-founders with senior experience spanning institutional investment management, insurance operations, and financial services. Combined expertise in enterprise governance, regulatory compliance, actuarial science, and risk modelling — drawn directly from the industries Sentinel is built to serve.

Built in 25 Sheppard Avenue West, Suite 300, Toronto, Ontario M2N 6S6, Canada. Focused on OSFI E-23. Serving regulated enterprises globally.

Contact us: info@oais.ai | Learn more about OAIS | Privacy Policy | LinkedIn

Research & Analysis

Published Analysis

OAIS publishes technical analysis on AI governance, regulatory compliance, and audit independence for regulated enterprises.

Latest Analysis

Your AI Platform Logs What Happened. It Cannot Prove the Log Is True.

By Daniel Fruman, Founder & Architect at OAIS —

Why AI platform governance logging is structurally insufficient for regulatory audit purposes. Covers OSFI E-23 requirements for independent audit custody and the architectural distinction between governed AI infrastructure and independent cryptographic verification.

Read the full analysis →

View all published analysis →

FAQ

Frequently Asked Questions

What is OAIS?

OAIS (Optimized Artificial Intelligence Systems Inc.) builds AI sovereignty infrastructure for regulated enterprises. Its two products — Sentinel Core and Sentinel Guard — capture, block, govern, and optimise every AI interaction in an organisation, creating a cryptographic chain of custody that is independently verifiable.

What is Sentinel Core?

Sentinel Core is a cryptographic AI interaction registry. With one line of code, every AI interaction is HMAC-hashed with a key only the client holds, Ed25519-signed, Merkle-anchored (RFC 6962), and timestamped by an independent RFC 3161 authority. OAIS sees the fingerprint, never the content. Any third party can verify the entire chain without an OAIS account.

What is Sentinel Guard?

Sentinel Guard is a browser extension for shadow AI detection and data loss prevention. Deployed via Chrome Enterprise Policy or Intune, it detects AI tool usage across Chrome and Edge, enforces DLP rules before data leaves the browser, and feeds metadata records into the Sentinel Core registry. It is metadata-only by default — content capture is opt-in.

How does OAIS help with OSFI E-23 compliance?

OSFI E-23, effective May 2027, requires enterprise-wide AI model risk management for all federally regulated Canadian financial institutions. Sentinel Core and Sentinel Guard automatically produce the cryptographic audit evidence needed to demonstrate control over AI interactions — including tamper-evident records, independent timestamps, and exportable compliance reports for any audit window.

Does OAIS see my data?

No. Sentinel Core hashes content with an HMAC key that only the client holds. OAIS sees the cryptographic fingerprint — never the content itself. Sentinel Guard is metadata-only by default; content capture is an opt-in configuration. The entire chain can be verified by any third party using a standalone script, without OAIS infrastructure access.

What compliance frameworks does OAIS support?

OAIS supports OSFI E-23 (mandatory May 2027 for Canadian federally regulated financial institutions), the EU AI Act (mandatory for AI systems in regulated European contexts), and ISO 42001 (the international standard for AI management systems). Sentinel produces the audit evidence automatically.

How is Sentinel Guard deployed?

Sentinel Guard is deployed via Chrome Enterprise Policy or Microsoft Intune. It runs as a browser extension on Chrome and Edge, requiring no changes to existing AI tools or workflows. It detects AI usage, enforces DLP rules at the browser layer, and feeds records into the same Sentinel Core cryptographic registry.

What does OAIS pricing look like?

Pricing is scoped to each deployment: number of AI systems monitored, interaction volume, integration complexity, and compliance objectives. Sentinel Core uses custom platform licensing. Sentinel Guard uses per-seat licensing with volume-based pricing. A 30-day pilot program is available. Every engagement starts with a scoping conversation.

How long does it take to deploy Sentinel Core?

Sentinel Core integrates with one line of code. The initial deployment — connecting one AI system and producing the first cryptographic audit record — can be completed in hours. A full enterprise rollout, covering multiple AI systems, configuring governance rules, and establishing compliance reporting, is typically scoped during a 30-day pilot engagement.

How does independent verification work?

OAIS provides a standalone verification script that any third party can run — a regulator, external auditor, or internal compliance team. The script recalculates HMAC hashes, validates Ed25519 signatures, reconstructs the Merkle tree, and checks RFC 3161 timestamps against the independent timestamp authority. If any record has been modified, the verification fails. No OAIS account, API key, or infrastructure access is required.

What is the difference between platform governance logging and independent audit custody?

Platform governance logging means the AI platform that generated the output also controls the log of that output. The log can be modified or selectively exported by the platform operator, and verification requires trusting the platform. Independent audit custody — what Sentinel provides — captures the audit record in a system architecturally separate from the AI platform. Records are cryptographically hashed, signed, Merkle-anchored, and independently timestamped. Any third party can verify the chain without trusting OAIS or the AI platform. For a detailed analysis, see our published research.

Can Sentinel Core work with on-premises AI models?

Yes. Sentinel Core integrates at the API layer and is agnostic to where the AI model runs. It works with cloud-hosted AI services (ChatGPT, Claude, Gemini), private cloud deployments, and on-premises models. The cryptographic hashing occurs locally, so interaction content never needs to leave the client environment regardless of deployment model.

Trust & Compliance

Built on Verifiable Trust

OAIS is founded on the principle that trust must be cryptographically verifiable, not assumed. Every claim we make about audit custody can be independently verified by any third party.

About OAIS

Optimized Artificial Intelligence Systems Inc. is a Canadian company founded by Daniel Fruman, who brings over a decade of experience in healthcare privacy compliance and data governance. The founding team includes senior leaders from institutional investment management, insurance operations, and financial services.

Read more about OAIS →

Privacy Policy

OAIS operates a zero-knowledge architecture by design. We never see client content — only cryptographic fingerprints. Our privacy practices are documented transparently.

Read our Privacy Policy →

Contact & Support

Reach our team directly at info@oais.ai. Located at 25 Sheppard Avenue West, Suite 300, Toronto, Ontario M2N 6S6, Canada. We welcome conversations about AI governance, OSFI E-23 preparation, and compliance requirements.

Request a demo → | Follow us on LinkedIn →

Independent Verifiability: Any third party can verify the entire Sentinel audit chain using a standalone script — no OAIS account, no API access, no trust required. This is not a claim; it is an architectural guarantee.

Request a Demo

If your organisation is preparing for OSFI E-23 compliance, evaluating AI governance solutions, or needs to demonstrate control over AI interactions — we welcome a conversation.

Or reach us directly at info@oais.ai