Research
GeraWitness is building the audit and safety layer for agentic systems: tamper-evident logs, real-time anomaly detection, and the regulatory tooling needed to prove that an autonomous AI acted within its authorised scope. As AI agents begin spending money, making medical referrals, and signing contracts, the need for accountable, machine-readable audit trails becomes a first-order infrastructure requirement. Our research addresses that gap.
Research Themes
- Tamper-evident audit architecture. GeraWitness research develops Merkle-tree-based log structures for agent action sequences — where each logged action references the previous, making retrospective tampering detectable without requiring a trusted third party. We evaluate the performance and storage trade-offs of hash-chained logs at the transaction volumes expected in the Gera ecosystem.
- Prompt injection detection and defence. When an AI agent processes user-supplied content (emails, documents, web pages) as part of a task, adversarial actors can embed instructions that hijack the agent's behaviour. We research detection models, sandboxing architectures, and instruction-hierarchy enforcement mechanisms that prevent prompt injection without eliminating the agent's ability to use context from its environment.
- Agent scope enforcement. An agent authorised to book a restaurant should not be able to initiate a bank transfer. GeraWitness research defines a formal capability model for agents, implements runtime scope checks, and analyses the attack surface created when multi-step agent chains combine individually safe capabilities into dangerous compound actions.
- Regulatory design for the agent economy. Existing consumer protection, financial services, and data protection law does not clearly assign liability when an autonomous agent causes harm. We contribute policy analysis on how the EU AI Act's accountability obligations, the UK's proposed AI liability framework, and the US NIST AI RMF can be operationalised through standardised audit logs — and where new statutory instruments are needed.
First Articles — Q3 2026
The GeraWitness research series launches in Q3 2026. First articles include a technical design document for Merkle-based agent audit logs, a taxonomy of prompt injection attack patterns observed in production agentic systems, and a comparative analysis of AI liability frameworks across the UK, EU, and US.
To be notified when new research is published, join the GeraWitness waitlist. You can also explore our current thinking in the GeraWitness blog.