Announcement4-week governed pilot: move one real workflow into controlled production
KLA Digital Logo
KLA Digital
Documentation Menu
KLA Documentation
Core Concepts

Evidence-by-Default

Every agent action, policy decision, and approval is captured, redacted, and cryptographically sealed automatically, with no manual evidence collection required.

3 min read731 words

Compliance reviews should not require chasing screenshots and spreadsheets after the fact. The KLA Control Plane, the govern-in-place safety, audit, and governance layer you wrap around your existing AI agents, implements Evidence-by-Default: every safety check, human approval, tool call, and model input is captured automatically, stripped of personal data, and sealed into a tamper-evident record the moment it happens. By the time an auditor asks, the evidence already exists.

How the Pipeline Works

Evidence flows through four stages, from raw telemetry to a portable, verifiable artifact. Each stage hardens the record a little more.

flowchart LR
  A["Telemetry spans"] --> B["KLA Collector<br/>PII redaction"]
  B --> C["ImmuDB ledger<br/>Merkle proofs"]
  C --> D["Sealed Evidence Bundle"]
  1. Telemetry spans. Your instrumented agents emit activity as standard OpenTelemetry spans, the open standard for distributed traces. KLA enriches each span with GenAI semantic attributes so the what, why, and cost of every step are first-class data.
  2. KLA Collector. The Collector redacts personally identifiable information (PII) before anything is stored or transmitted, so sensitive content never reaches the ledger.
  3. ImmuDB ledger. Each record is hashed and written to an append-only cryptographic ledger that produces Merkle proofs: mathematical fingerprints that make tampering detectable.
  4. Sealed Evidence Bundle. On export from the Evidence Room, KLA packages the relevant records with their proofs into a self-contained, independently verifiable file.
ℹ️ Note
A **Lineage Record** is KLA's name for a single end-to-end trace of an agent run. The Evidence-by-Default pipeline turns each Lineage Record into durable, provable evidence without any extra steps from your team.

Semantic Attributes for GenAI

KLA extends OpenTelemetry with attributes purpose-built for governing AI agents. These make a trace readable to a compliance officer, not just a developer.

Attribute Captures
genai.agent.name The agent instance that took the action
genai.system.instructions The system prompt that shaped the agent's behavior
genai.tool.name The tool, database, or API the agent invoked
genai.tool.parameters The exact parameters passed to that tool
genai.cost.usd The dollar cost attributed to the step
genai.token.usage Tokens consumed, for budget and threshold checks

Because these are standard OpenTelemetry attributes, you are never locked into a proprietary format. The same spans can feed your own observability stack.

PII Redaction at the Edge

Sensitive data is masked before it leaves your environment, not after it lands somewhere. When redaction is enabled, the SDK and Collector cooperate to keep regulated content out of the evidence trail:

  • Inputs and outputs are scanned for common PII patterns (emails, payment card numbers, national identifiers), and matches are replaced with placeholders such as [REDACTED_EMAIL].
  • Secret-bearing tool parameters (passwords, tokens, JWTs) are masked directly inside genai.tool.parameters.
  • Redaction happens prior to network transmission, so unmasked values are never stored in the ledger.
collector:
  redaction:
    enabled: true
    patterns: [email, credit_card, national_id]
    secret_fields: [password, token, authorization]
🛡️ Important
Redaction preserves *structure*, not *secrets*. A reviewer can confirm that an agent queried a customer record without ever seeing the customer's actual data, satisfying minimization requirements while keeping the trace useful.

Cryptographic Anchoring with ImmuDB

To guarantee that evidence cannot be quietly altered after it is written, KLA commits each record to ImmuDB, a high-performance cryptographic ledger database.

  • Append-only ledger. Records are written into a Merkle tree structure. Existing entries cannot be deleted, edited, or reordered without invalidating the proof chain.
  • Merkle proofs. Each record carries a hash that rolls up into a published root hash. Anyone can recompute the chain to confirm a record's exact position and content.
  • Sealed Evidence Bundles. When you export from the Evidence Room, KLA attaches the Merkle proof for every included trace, producing a portable, third-party-verifiable artifact.

Verification does not depend on trusting KLA. An auditor recomputes the Merkle proofs in a Sealed Evidence Bundle against the published root hash and confirms the evidence is authentic and unmodified entirely on their own. Independent verification is the point.

curl https://api.kla.digital/v1/evidence.bundle?lineageId=ln_9f2c \
  -H "Authorization: Bearer $KLA_ACCESS_TOKEN" \
  -H "x-tenant-id: acme-prod" \
  -o evidence-bundle.zip
💡 Tip
Bundle a Lineage Record together with the policy decision that governed it (`allow`, `warn`, `require_approval`, or `block`) and any Decision Desk approval, to produce a complete, defensible story for a single agent run in one file.
PreviousPolicy-Gated Execution
NextSecurity & Compliance
Evidence-by-Default | Developer Docs | KLA Control Plane