Sentinel Core +
Sentinel Guard

AI interaction audit custody — built for OSFI E-23. Guard surfaces what your employees are doing with AI. Core proves it.

◈ Sentinel Core ◆ Sentinel Guard

Sentinel Core Overview v3.0 — LGM Technical Briefing — April 2026

The Regulatory Obligation

OSFI E-23 takes effect May 1, 2027

Every federally regulated financial institution must produce runtime evidence of AI model lifecycle governance — not a policy document, not a risk framework. Evidence.

1

Recorded at the time it occurs

Every AI interaction captured the moment it happens.

2

Tamper-evident

Unalterable after the fact. Cryptographically chained, Merkle-anchored, externally timestamped.

3

Independently verifiable

On demand by an examiner, auditor, or board — no OAIS involvement required.

Two Products. One Audit Chain.

Guard surfaces it. Core proves it.

◈ Sentinel Core

SDK Wrapper — Developer Integration

Every programmatic AI API call. Supports Anthropic, OpenAI, Azure OpenAI, Gemini, Bedrock. No network changes. No CA installation. No admin rights.

◆ Sentinel Guard

Browser Extension — IT Deployment

Every web-based AI interaction — ChatGPT, Claude.ai, Gemini, Copilot. Deployed via Intune or Chrome Enterprise Policy. No code change. No user action.

Together: a single verifiable audit record covering both your systems and your employees — including shadow AI.

◈ Sentinel Core

Live onboarding — three commands

lgm-rec-engine — onboarding

Data Sovereignty

What you see vs. what OAIS receives

💚 Your System (LGM Environment)

RAW CONTENT — STAYS IN YOUR ENVIRONMENT

INPUT:
"Recommend top 3 extended warranty products for 2024 Honda CR-V, customer profile: young family, 60k km/yr, budget tier mid..."

OUTPUT:
"Based on the profile, I recommend: 1) LGM Shield Plus (comprehensive, $1,840/4yr), 2) LGM DriveGuard (powertrain, $1,290/4yr), 3) LGM Essential..."

HMAC
SHA3-256

hashes
only

🔒 OAIS Registry (What We Receive)

IRREVERSIBLE HASHES ONLY

input_hash:
waiting...

output_hash:
waiting...

model_id: claude-sonnet-4-6
gate_decision: ALLOW
signature: waiting...

◆ Sentinel Guard

Browser-level enforcement. Real-time.

🔒 claude.ai/chat

△ Guard Active

LGM employee using Claude for claims analysis

You

Review claim #4419: policyholder Jane Doe, SIN 904-271-638, policy LGM-EW-2024-88412...

BLOCKED Sentinel Guard — Sensitive Data Detected

● Social Insurance Number detected (904-***-***)
● Policy number pattern detected
Prompt blocked before leaving browser. Metadata record transmitted to Sentinel chain. Raw content never leaves the endpoint.

Chrome & Edge. Deployed via Intune or Chrome Enterprise Policy. Captures AI tools adopted without IT approval.

Sentinel Dashboard

Live interaction monitoring

0

Total Interactions

0

Allowed

0

Flagged

0

Blocked

Interactions — Last 7 Days

Recent Interactions

Audit Readiness

OSFI examiner requests evidence. You're ready.

📩

Request Received

OSFI examiner requests AI interaction evidence

📦

Export Bundle

Records, Merkle proofs, TSA tokens packaged

🔎

Chain Verification

verify_chain.py — no OAIS dependency

🕒

TSA Validation

Sectigo RFC 3161 timestamps confirmed

✅

Verdict

VERIFIED — independently, permanently

OSFI examiner workstation — no OAIS access required

Coverage

What Sentinel captures today — and next

Surface	Status	Coverage
Programmatic AI API calls	LIVE	Python systems, agents, pipelines — Anthropic, OpenAI, Azure OpenAI, Gemini, Bedrock
Browser-based AI tools	LIVE	All web-based AI in Chrome/Edge — including shadow AI
M365 Copilot (Purview)	Q2 2026	Purview audit logs via Graph API. Word, Excel, Teams, Outlook, PowerPoint. ~2 weeks to deploy.
VS Code Extension	Q2 2026	GitHub Copilot, Cursor, Codeium — AI code suggestions
Additional SDK Wrappers	ROADMAP	Node.js, Java, .NET

Data Sovereignty

Your content never leaves. Only hashes do.

Your content is hashed using a secret that lives in your infrastructure. OAIS never holds this key, never transmits it, and cannot retrieve it.

🔒 What OAIS holds

✓ Cryptographic hash values
✓ Ed25519 public keys
✓ Merkle proofs
✓ RFC 3161 TSA tokens

🚫 What OAIS never holds

✗ Your HMAC secret key
✗ Your raw AI inputs or outputs
✗ Any reversible content data
✗ Your AI interaction history

The system is live. Let's start.

705

Real AI interactions
in verified chain

287

Automated tests
7 build phases

97%+

Branch coverage
every phase

0

Chain gaps
since deployment

1

Technical walkthrough with LGM engineering
Review AI systems, confirm SDK compatibility, plan Guard rollout.

2

Pilot deployment — Core + Guard on live traffic
Hashes flowing. Merkle anchoring. Guard capturing browser usage.

3

Proof of concept — tamper-evident audit record
Independently verifiable. OSFI-ready. Permanently anchored.

Business continuity: Third-party escrow. Full export within 30 days of any cessation event. RFC 3161 tokens verify independently and permanently. Contractual — in the MSA.

info@oais.ai | OAIS.ai | Ontario, Canada

Sentinel Core +Sentinel Guard

The Regulatory Obligation

OSFI E-23 takes effect May 1, 2027

Recorded at the time it occurs

Tamper-evident

Independently verifiable

Two Products. One Audit Chain.

Guard surfaces it. Core proves it.

SDK Wrapper — Developer Integration

Browser Extension — IT Deployment

Live onboarding — three commands

Data Sovereignty

What you see vs. what OAIS receives

💚 Your System (LGM Environment)

🔒 OAIS Registry (What We Receive)

Browser-level enforcement. Real-time.

Sentinel Dashboard

Live interaction monitoring

Audit Readiness

OSFI examiner requests evidence. You're ready.

Request Received

Export Bundle

Chain Verification

TSA Validation

Verdict

Coverage

What Sentinel captures today — and next

Data Sovereignty

Your content never leaves. Only hashes do.

🔒 What OAIS holds

🚫 What OAIS never holds

The system is live. Let's start.

Sentinel Core +
Sentinel Guard