AI Audit Layer
Implementing the AI Decision Traceability white paperKushal Gajurel ↗Demo · Insurance claims5 min walk-through

Exhibit A · Decision Defensibility

If a regulator asked you to defendan AI-assisted claim decisiontwelve months from now — could you?

A working demo of a lightweight audit layer for AI-assisted insurance decisions. A claims officer submits a claim, an AI streams a recommendation, the officer approves or overrides, and a complete decision event — model version, policy in force, reviewer, outcome, reason — is recorded against an immutable schema you can later query, export, and replay.

Open the dossierSkip to the dashboardRead the white paper

For claims & underwriting leads, risk and compliance teams, and product owners weighing AI assistance against the evidence regulators will actually ask for. Five minutes end-to-end. No credentials.

Exhibit B · Decision Event

The artifact your auditor actually inherits.

Every approved, denied, overridden, or escalated claim produces one of these. Same shape across providers. Deterministic. Queryable. Replayable twelve months later, exactly as it was.

decision_event.json · schema §6On the wire
{
  "decision_id": "DEC-2026-000145",
  "timestamp": "2026-05-14T10:22:31Z",
  "system": "ClaimAssessmentAI",
  "model": { "name": "ClaimAdjudicator-X", "version": "v4.2" },
  "prompt_hash": "a94f3c9b",  // SHA-256 of the rendered prompt template
  "policy_version": "claims_policy_2026_01",  // active rules at decision time
  "risk_level": "Level 3 — Regulatory",
  "confidence_score": 0.82,
  "recommendation": "APPROVE",
  "human_review": {
    "required": true,
    "reviewer_id": "OFFICER-221",
    "outcome": "OVERRIDE",
    "override_reason": "Insufficient evidence for property damage claim per §4.2"
  }
}

Three problems this layer is designed to address.

  1. 01

    The defensibility gap

    Insurers can usually explain how a model performs on average. Far fewer can reconstruct why one specific claim was approved, denied, or escalated — which model version ran, which policy was in force, who reviewed it, and on what evidence. That gap is where regulatory and reputational risk live.

    § Defensibility
  2. 02

    Regulation has dates on it now

    EU AI Act Article 6 high-risk obligations begin enforcing August 2026. The NAIC Model Bulletin on AI — adopted by 24 U.S. state insurance departments as of 2025 — requires documented governance per AI-influenced decision. The expectation across both: traceable model, data, and human-review context per decision. Aggregate logs don't satisfy it.

    § Regulation
  3. 03

    Overrides are evidence, not exceptions

    When an officer overrides the model, that override is the strongest signal of human oversight you have. The POC treats overrides as first-class events — reviewer identity, outcome, reason — exactly the artifact a regulator or external auditor will ask to see.

    § Oversight

A five-minute walk through the audit layer.

What this POC is — and isn't.

On Record · What it demonstrates

  • An end-to-end decision event schema you can adopt as-is
  • Real model integration (Claude / Ollama) with prompt hashing
  • Human-in-the-loop review with first-class override evidence
  • Risk-tier auto-assignment and a maturity scoring formula
  • Filterable, exportable, replayable audit log

Off Record · Out of scope

  • Persistent backend or database — state is per browser
  • User auth or RBAC — officer is a dropdown for illustration
  • Real claims data, fraud rules, or pricing logic
  • Integration with your existing GRC, SIEM, or MLOps stack
  • Legal-compliance assertion — alignment support, not certification

See what an audit-defensible
AI decision actually looks like.

Setup takes thirty seconds. Pick the Demo provider, submit a claim, override the model on purpose, then open the Audit Log and ask yourself — is this the evidence I want to inherit?

Open the dossierRead the white paper

AI Decision Audit Layer · Proof of Concept

Session-local state · No telemetry · Clear site data to reset