Sentinel Core + Sentinel Guard
Technical Briefing
Start Presentation
Click anywhere or press any key

Sentinel Core +
Sentinel Guard

AI interaction audit custody — built for OSFI E-23. Guard surfaces what your employees are doing with AI. Core proves it.

◈ Sentinel Core ◆ Sentinel Guard

Sentinel Core Overview v3.0 — Technical Briefing — April 2026

The Regulatory Obligation

OSFI E-23 takes effect May 1, 2027

Every federally regulated financial institution must produce runtime evidence of AI model lifecycle governance — not a policy document, not a risk framework. Evidence.

1

Recorded at the time it occurs

Every AI interaction captured the moment it happens.

2

Tamper-evident

Unalterable after the fact. Cryptographically chained, Merkle-anchored, externally timestamped.

3

Independently verifiable

On demand by an examiner, auditor, or board — no OAIS involvement required.

Two Products. One Audit Chain.

Guard surfaces it. Core proves it.

◈ Sentinel Core

SDK Wrapper — Developer Integration

Every programmatic AI API call. Supports Anthropic, OpenAI, Azure OpenAI, Gemini, Bedrock. No network changes. No CA installation. No admin rights.

◆ Sentinel Guard

Browser Extension — IT Deployment

Every web-based AI interaction — ChatGPT, Claude.ai, Gemini, Copilot. Deployed via Intune or Chrome Enterprise Policy. No code change. No user action.

Together: a single verifiable audit record covering both your systems and your employees — including shadow AI.

◈ Sentinel Core

What Core does on its own

Core is a standalone SDK wrapper. No browser extension. No IT deployment. One integration — full AI audit custody.

🔍 Capture Every AI Call

Wraps your existing AI client — Anthropic, OpenAI, Azure OpenAI, Gemini, Bedrock. Every prompt, response, and token count captured at execution.

🔒 Tamper-Evident Audit Chain

HMAC-hashed, Ed25519-signed, Merkle-anchored, RFC 3161 timestamped. Immutable. Independently verifiable. No trust in OAIS required.

📈 Model Intelligence

Track which models your systems use, token spend across providers. Optimize model selection, detect drift — all from captured interaction data.

Who needs Core alone? Teams running AI in production pipelines, agents, or backend systems — where there is no browser to monitor.

IT Admin View

Two deployment paths. Same audit chain.

◆ Sentinel Guard Enterprise / MDM
1. Admin configures policy
Set DLP rules, AI provider restrictions, and escalation workflows in the Guard dashboard.
📤
2. IT pushes extension silently
Deploy via Microsoft Intune or Chrome Enterprise Policy. No user action required.
3. Employees see nothing change
Guard icon appears in browser toolbar. AI interactions are monitored and governed automatically. Zero end-user friction.
◈ Sentinel Core Developer / CLI
ai-engine — onboarding
◈ Core Captures & proves every AI interaction
+
◆ Guard Adds DLP enforcement & browser policy
Each works standalone. Together they cover every AI interaction surface.
◆ Sentinel Guard

DLP Dashboard — Configure. Enforce. Audit.

◆ SENTINEL GUARD
Rules Generate Escalations 1 Users Audit
User: admin
⚙ Settings
0
Total Rules
0
Block
0
Escalate
0
Active
◆ Sentinel Guard

Extension activation — Connect. Enforce. Protect.

🔒 claude.ai
△ Guard Inactive
🛡
Sentinel Guard
Connect to your organization
Organization Domain
Sign in with SSO

In managed environments, administrators push the extension silently via Intune or Chrome Enterprise Policy — users never need to authenticate manually. AI provider access can be blocked entirely unless Guard is active.

◆ Sentinel Guard

Real-time DLP — Block. Hash. Audit.

🔒 claude.ai/chat
△ Guard Active
Claude
How can I help you today?
🛡
Sentinel Guard — Data Blocked
PCI DSS: Credit Card Number Detected
4532 8921 0044 7891 ↓ SHA-256 Hash 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
Message blocked per DLP policy. Card number hashed for audit trail.
✖ Block & Log
↑ Elevate for Approval
[14:32:07] BLOCKED PCI_CREDIT_CARD in claude.ai — SHA-256: 9f86d08...Policy: BLOCK+HASH | Elevate: available

Data Sovereignty

What you see vs. what OAIS receives

💚 Your System (Client Environment)

RAW CONTENT — STAYS IN YOUR ENVIRONMENT
INPUT:
"Recommend top 3 extended warranty products for 2024 Honda CR-V, customer profile: young family, 60k km/yr, budget tier mid..."

OUTPUT:
"Based on the profile, I recommend: 1) Premium Shield Plus (comprehensive, $1,840/4yr), 2) DriveGuard (powertrain, $1,290/4yr), 3) Essential..."
HMAC
SHA3-256
hashes
only

🔒 OAIS Registry (What We Receive)

IRREVERSIBLE HASHES ONLY
input_hash:
waiting...

output_hash:
waiting...

model_id: claude-sonnet-4-6
gate_decision: ALLOW
signature: waiting...
◆ Sentinel Guard

Browser-level enforcement. Real-time.

🔒 claude.ai/chat
△ Guard Active
Employee using Claude for claims analysis
You
Review claim #4419: policyholder Jane Doe, SIN 904-271-638, policy EW-2024-88412...
BLOCKED Sentinel Guard — Sensitive Data Detected
Social Insurance Number detected (904-***-***)
Policy number pattern detected
Prompt blocked before leaving browser. Metadata record transmitted to Sentinel chain. Raw content never leaves the endpoint.

Chrome & Edge. Deployed via Intune or Chrome Enterprise Policy. Captures AI tools adopted without IT approval.

Sentinel Dashboard

Live interaction monitoring

△ SENTINEL REGISTRY
Tenant: Your Organization
● LIVE
0
Total Interactions
0
Allowed
0
Flagged
0
Blocked
Interactions — Last 7 Days
Recent Interactions

Audit Readiness

OSFI examiner requests evidence. You're ready.

📩

Request Received

OSFI examiner requests AI interaction evidence

📦

Export Bundle

Records, Merkle proofs, TSA tokens packaged

🔎

Chain Verification

verify_chain.py — no OAIS dependency

🕒

TSA Validation

Sectigo RFC 3161 timestamps confirmed

Verdict

VERIFIED — independently, permanently

OSFI examiner workstation — no OAIS access required

Coverage

What Sentinel captures today — and next

SurfaceStatusCoverage
Programmatic AI API callsLIVEPython systems, agents, pipelines — Anthropic, OpenAI, Azure OpenAI, Gemini, Bedrock
Browser-based AI toolsLIVEAll web-based AI in Chrome/Edge — including shadow AI
M365 Copilot (Purview)Q2 2026Purview audit logs via Graph API. Word, Excel, Teams, Outlook, PowerPoint. ~2 weeks to deploy.
VS Code ExtensionQ2 2026GitHub Copilot, Cursor, Codeium — AI code suggestions
Additional SDK WrappersROADMAPNode.js, Java, .NET

Data Sovereignty

Your content never leaves. Only hashes do.

Your content is hashed using a secret that lives in your infrastructure. OAIS never holds this key, never transmits it, and cannot retrieve it. This applies to both Core and Guard — regardless of which product you deploy.

🔒 What OAIS holds

  • Cryptographic hash values
  • Ed25519 public keys
  • Merkle proofs
  • RFC 3161 TSA tokens

🚫 What OAIS never holds

  • Your HMAC secret key
  • Your raw AI inputs or outputs
  • Any reversible content data
  • Your AI interaction history

The system is live. Let's start.

709
Real AI interactions
in verified chain
287
Automated tests
7 build phases
0
Chain gaps
since deployment
1
Technical walkthrough with your engineering team
Review AI systems, confirm SDK compatibility, plan Guard rollout.
2
Pilot deployment — Core + Guard on live traffic
Hashes flowing. Merkle anchoring. Guard capturing browser usage.
3
Proof of concept — tamper-evident audit record
Independently verifiable. OSFI-ready. Permanently anchored.

Business continuity: Third-party escrow. Full export within 30 days of any cessation event. RFC 3161 tokens verify independently and permanently.

info@oais.ai  |  OAIS.ai  |  Ontario, Canada

Choosing Your Path

Which product is right for you?

All options share the same data sovereignty model — your content never leaves your environment.

◈ Sentinel Core

Core Only

For teams running AI in production pipelines, agents, or backend systems.

  • Full audit custody of programmatic AI calls
  • Model intelligence & token spend analytics
  • Tamper-evident chain (HMAC + Ed25519 + Merkle)
  • Drift detection & optimization insights
◈ Core ◆ Guard

Core + Guard COMPLETE COVERAGE

Cover every AI interaction surface — programmatic and browser-based — in one audit chain.

  • Everything in Core
  • Browser-level DLP enforcement
  • Shadow AI detection & governance
  • Silent MDM deployment (Intune / Chrome Policy)
◆ Sentinel Guard

Guard Only

Browser AI control is your primary concern — block, flag, or escalate at the browser level.

  • Real-time DLP for browser-based AI tools
  • Shadow AI visibility & blocking
  • Silent enterprise deployment
  • Audit chain for all browser AI interactions

Data sovereignty across all options — your HMAC key stays in your infrastructure. O.A.I.S. receives only irreversible hashes.

Narration Script
0:00
TTS
01 / 16