Questions people ask about AffixIO

AffixIO is a stateless verification engine, a truth layer that sits between a request and an action and returns a single signed yes or no. It evaluates eligibility, identity, and policy in real time without storing personal data at the verifier, and produces a cryptographic proof of every decision for audit.

A truth layer grounds automated systems in verifiable facts before they act. Instead of trusting a black-box model score, a downstream system asks AffixIO a binary question (is this payment eligible? is this agent authorised?) and receives a cryptographically signed allow or deny with no ambiguity and no silent inference.

Identity providers manage sessions and issue tokens. AffixIO does neither. It is stateless: no session is created, no profile is stored at the verifier, and no token persists between calls. It answers a single policy question per request and attaches a signed proof to the result.

A stateless verification engine processes each request independently with no standing memory of prior requests. Every call receives the same policy evaluation from scratch. This eliminates profile drift, cross-contamination of decisions, and the compliance risk of holding unnecessary identity state.

Yes. AffixIO intercepts each agent action at the decision boundary and returns a signed allow or deny before the action executes. This applies to tool calls, payment instructions, data access requests, and API calls made by autonomous or semi-autonomous AI agents.

Know Your Agent (KYA) is the emerging requirement to verify non-human identities (service principals, LLM agents, and automated workflows) with the same rigour applied to human users. AffixIO provides a verifiable, policy-bound gate for each agent action, producing signed evidence that a specific agent was authorised at a specific point in time.

Each AffixIO request carries a scope boundary. If an agent's action falls outside the authorised scope (wrong data type, wrong recipient, wrong value range). The decision engine returns a signed deny and the action is blocked. The signed proof is retained as evidence that the boundary was enforced.

Yes. AffixIO can gate payment instructions from AI agents by evaluating eligibility, merchant authorisation, and transaction scope before funds move. The signed allow or deny is replayable, giving payment processors and compliance teams a cryptographic record for every automated transaction.

Zero-knowledge proofs allow AffixIO to prove a fact (age over threshold, account in good standing, credential valid) without revealing the underlying data. The verifier receives proof that the condition is true, not the raw value, so no personal information crosses the verification boundary.

Each AffixIO outcome is a binary result (allow or deny), accompanied by a cryptographic signature covering the request identifier, the policy evaluated, and the timestamp. Any downstream system can verify the signature independently without calling AffixIO again.

AffixIO is designed for long-lived assurance. The proof architecture is aligned with NIST post-quantum cryptography standards including ML-KEM hybrid schemes, protecting against harvest-now-decrypt-later attacks where adversaries collect signed proofs today intending to break them with future quantum computers.

Yes. AffixIO's audit surface uses zero-knowledge techniques so an auditor can verify that a policy was applied correctly without accessing the raw attributes of the subject. This satisfies the audit requirement while preserving data minimisation obligations under GDPR and the EU AI Act.

The EU AI Act's general application deadline is August 2026. For high-risk AI systems it requires verifiable logging, human oversight gates, and demonstrable risk management. AffixIO provides signed decision records, policy-bound gates before autonomous actions, and a replayable audit trail, each satisfying a specific obligation under the Act.

Yes. By processing verification requests without storing personal data at the verifier, AffixIO implements data minimisation and privacy by default as required under GDPR Article 25. Zero-knowledge proof surfaces allow attributes to be verified without being transmitted or retained.

Yes. DORA requires financial entities to demonstrate operational resilience and audit trails for automated decisions. MiCA requires crypto-asset service providers to enforce eligibility gates and maintain records. AffixIO's signed proofs and stateless architecture directly support both frameworks.

Defensible evidence is documentation that can withstand regulatory scrutiny, not just a policy statement that controls exist, but cryptographic proof that a specific control was applied at a specific moment. AffixIO signs every decision, making each allow or deny independently verifiable and tamper-evident.