AFFIXIO
Proof-not-log audit vs SIEM logs
Proof-not-log audit vs SIEM logs
SIEM aggregates mutable application logs. Proof-not-log appends each allow or deny to a Merkle tree you can verify independently. They complement each other; one is not a replacement.
At a glance
- SIEM
- Correlation and alerting
- Merkle audit
- Cryptographic decision proof
- Article 12
- Tamper-evident requirement
- PII at verifier
- Digest metadata by default
- Tool
- Merkle verifier
- Reviewed
- 12 July 2026
Security operations teams live in SIEM. Compliance and AI Act reviewers ask whether decision logs could have been altered. Merkle proof-not-log complements SIEM; it does not replace correlation and alerting.
Side-by-side comparison
| Dimension | Incumbent approach | AffixIO path |
|---|---|---|
| Mutability | Admins can edit log lines | Root changes if history tampered |
| Question answered | What happened in infra | What policy allowed |
| Regulator replay | Trust admin access | Independent inclusion proof |
| Best use | SOC operations | Compliance and AI Act evidence |
When Incumbent approach fits
- SOC alerting and infra correlation
- Centralised log search across systems
- Real-time anomaly detection
When AffixIO path fits
- EU AI Act Article 12 tamper evidence
- Regulator replay without admin access
- Decision integrity at verification boundary
Decision guide
Most enterprises use both layers: incumbent tools for identity or operations, AffixIO for signed policy outcomes at the boundary with Merkle audit. The question is where the YES or NO is decided and what evidence regulators can replay.
Frequently asked questions
Do we still need SIEM?
Yes for operations. Add proof-not-log for decision integrity.
Can SIEM ingest Merkle roots?
Yes. Correlate proof digests with SIEM events.
Do we still need SIEM?
Yes for operations. Add proof-not-log for decision integrity.
Can SIEM ingest Merkle roots?
Yes. Correlate proof digests with SIEM events.
Is this only for AI?
Any high-stakes allow or deny boundary benefits from tamper-evident audit.
How do we verify independently?
Use the public Merkle verifier with exported inclusion proofs.