VAP: A Universal Framework for AI Flight Recorders
Source: Dev.to
Introduction
On May 6 , 2010, the Dow Jones plunged 1,000 points in minutes—erasing $1 trillion in market value. When regulators investigated, they faced a fundamental problem: there was no tamper‑proof record of what the algorithms had actually done.
Fast forward to today. AI systems make millions of consequential decisions every second—trading algorithms, medical diagnoses, autonomous vehicles, credit scoring. Almost none of them have what airplanes have had since 1956: a flight recorder.
We’re building VAP (Verifiable AI Provenance Framework) to change that.
Every AI system has logs.
But those logs share a fatal flaw: they can be modified after the fact. A database entry can be changed. A timestamp can be adjusted. A record can be deleted. When something goes wrong—and something always goes wrong—how do we know the logs actually reflect what happened?
The answer, in most cases, is we don’t.
We trust. We trust that the company providing the logs hasn’t modified them. We trust that timestamps are accurate. We trust that nothing has been omitted.
But trust isn’t proof. In a world where AI systems operate faster than human comprehension, trust isn’t enough.
What is VAP?
VAP (Verifiable AI Provenance Framework) is a cross‑domain meta‑standard for cryptographically verifiable AI decision trails. Think of VAP as the abstract specification that defines what an AI flight recorder must do—regardless of whether it’s recording trading algorithms, autonomous vehicles, or medical AI systems.
┌─────────────────────────────────────────────────────────────┐
│ VAP (Verifiable AI Provenance Framework) │
│ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━─ │
│ Cross-domain meta-standard │
│ Defines: what constitutes verifiable AI provenance │
│ │
│ │ │
│ │ maintained by │
│ ▼ │
│ │
│ VSO (VeritasChain Standards Organization) │
│ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━── │
│ Standards body (like W3C for web, IETF for networking) │
│ │
│ │ │
│ │ publishes domain profiles │
│ ▼ │
│ │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │ VCP │ │ DVP │ │ MAP │ │ EIP │ ... │
│ │ Finance │ │ Auto │ │ Medical │ │ Energy │ │
│ └─────────┘ └─────────┘ └─────────┘ └─────────┘ │
└─────────────────────────────────────────────────────────────┘VAP itself is domain‑agnostic. The domain‑specific implementations are called Profiles.
| Profile | Domain | Use Case |
|---|---|---|
| VCP (VeritasChain Protocol) | Finance | Algorithmic trading audit trails |
| DVP (Driving Vehicle Protocol) | Automotive | Autonomous vehicle decision logs |
| MAP (Medical AI Protocol) | Healthcare | Diagnostic AI explainability |
| PAP (Public Administration Protocol) | Government | AI‑assisted policy decisions |
| EIP (Energy Infrastructure Protocol) | Energy | Smart‑grid AI monitoring |
Mandatory Layers
VAP defines five mandatory layers that every compliant implementation must support. The base layer ensures tamper‑evidence through proven cryptographic primitives:
| Algorithm | Purpose | Status | PQ‑Safe? |
|---|---|---|---|
| SHA3‑256 | Hash | REQUIRED | Yes |
| Ed25519 | Signature | REQUIRED | No |
| DILITHIUM2 | Signature | FUTURE | Yes |
| UUIDv7 | Time‑ordered ID | REQUIRED | N/A |
Crypto agility is a core requirement—all VAP implementations MUST support algorithm migration for the inevitable post‑quantum transition.
Decision‑Context Layer (Domain‑Agnostic)
{
"provenance": {
"actor": {
"type": "AI_MODEL",
"identifier": "algo-v2.3.1-prod",
"version": "2.3.1",
"hash": "sha3-256:8f14e45f..."
},
"input": {
"sources": ["market_data_feed", "risk_params_v4"],
"timestamp": 1702900800000,
"hash": "sha3-256:2c26b46b..."
},
"context": {
"parameters": { "max_position": 10000, "risk_limit": 0.02 },
"constraints": { "trading_hours": true, "circuit_breaker": false }
},
"action": {
"type": "ORDER_DECISION",
"decision": { "action": "BUY", "symbol": "AAPL", "quantity": 100 },
"confidence": "0.87",
"explainability": {
"method": "SHAP",
"factors": ["momentum_signal", "volume_surge", "sector_correlation"]
}
},
"outcome": {
"result": { "order_id": "ORD-123456", "status": "FILLED" },
"timestamp": 1702900800050,
"status": "SUCCESS"
}
}
}Mapping to Domain‑Specific Implementations
| VAP Abstract | VCP (Finance) | DVP (Automotive) | MAP (Medical) |
|---|---|---|---|
| actor | Algorithm/Trader | AutonomousSystem | DiagnosticAI |
| input | MarketData | SensorData/LIDAR | PatientData/Imaging |
| context | RiskParameters | EnvironmentConditions | PatientHistory |
| action | TradeDecision | DrivingAction | Diagnosis |
| outcome | Execution | VehicleState | Treatment |
Integrity Layer
Any modification is mathematically detectable. The diagram below illustrates chained events:
Event N‑1 Event N Event N+1
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ event_id │ │ event_id │ │ event_id │
│ prev_hash │──────► │ prev_hash │──────► │ prev_hash │
│ payload_hash │ │ payload_hash │ │ payload_hash │
│ signature │ │ signature │ │ signature │
└─────────────────┘ └─────────────────┘ └─────────────────┘Each event stores the hash of the previous event (prev_hash). Changing any earlier event breaks the chain, making tampering evident.
Bottom Line
VAP provides a standardised, cryptographically verifiable “flight recorder” for AI across any industry. By adopting VAP, organisations can move from trust‑based logging to proof‑based provenance, ensuring accountability, auditability, and resilience in the age of autonomous decision‑making.
VAP Overview
sh ──────┼────────►│ prev_hash ──────┼────────►│ prev_hash │
│ payload │ │ payload │ │ payload │
│ signature │ │ signature │ │ signature │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│ │ │
└───────────────────────────┼───────────────────────────┘
▼
┌─────────────┐
│ Merkle Root │
│ (Anchored) │
└─────────────┘- Hash chains link every event to its predecessor.
- Merkle trees enable efficient batch verification.
- External anchoring provides independent timestamp proof.
High‑frequency timing (sub‑millisecond precision)
{
"timing": {
"event_time": 1702900800123456789,
"clock_source": "PTP",
"uncertainty_ns": 100,
"sync_status": "LOCKED"
}
}VAP Time‑Precision Tiers
| Tier | Source | Precision | Use Case |
|---|---|---|---|
| 1 | GPS/PTP | ≤ 1 µs | HFT, Autonomous Vehicles |
| 2 | NTP | ≤ 10 ms | General Enterprise |
| 3 | System Clock | Best Effort | Development / Testing |
GDPR‑Compliant Crypto‑Shredding
{
"retention": {
"policy_id": "GDPR-STANDARD-7Y",
"retention_period_days": 2555,
"deletion_method": "CRYPTO_SHRED",
"key_escrow": "HSM_CLUSTER_EU"
}
}When data must be deleted, destroy the encryption key instead of the records. The data becomes mathematically unrecoverable while the hash chain stays intact for audit purposes.
- EU AI Act Art. 12 – requires tamper‑resistant logging for high‑risk AI systems (implementation 2026‑2027).
- MiFID II – mandates detailed records for algorithmic trading; VAP proves those records are immutable.
- GDPR Art. 17 – “Right to Erasure” conflicts with immutable logs; VAP’s crypto‑shredding resolves the tension.
“When AI systems cause harm, the first defense is always: ‘We don’t know exactly what happened.’
VAP eliminates this excuse. Every decision, input, and output is cryptographically linked and independently verifiable.
A single provenance language lets a trading firm, a hospital, and an autonomous‑vehicle manufacturer speak the same audit‑ready dialect, enabling:
- Cross‑domain audit tooling
- Regulatory frameworks that reference a single standard
- Insurance and liability systems with verifiable evidence
Minimal VAP‑Compliant Event Generator
import hashlib
import json
import uuid
from datetime import datetime
from typing import Optional
class VAPEvent:
def __init__(
self,
event_type: str,
actor_id: str,
payload: dict,
prev_hash: Optional[str] = None,
):
self.event_id = str(uuid.uuid7()) # RFC 9562 time‑ordered UUID
self.timestamp = datetime.utcnow().isoformat() + "Z"
self.event_type = event_type
self.actor_id = actor_id
self.payload = payload
self.prev_hash = prev_hash or "GENESIS"
self.hash = self._compute_hash()
def _compute_hash(self) -> str:
# RFC 8785 canonical JSON
canonical = json.dumps(
{
"event_id": self.event_id,
"timestamp": self.timestamp,
"event_type": self.event_type,
"actor_id": self.actor_id,
"payload": self.payload,
"prev_hash": self.prev_hash,
},
sort_keys=True,
separators=(",", ":"),
)
return hashlib.sha3_256(canonical.encode()).hexdigest()
def to_dict(self) -> dict:
return {
"event_id": self.event_id,
"timestamp": self.timestamp,
"event_type": self.event_type,
"actor_id": self.actor_id,
"payload": self.payload,
"prev_hash": self.prev_hash,
"hash": self.hash,
}
class VAPChain:
def __init__(self):
self.events = []
self.last_hash = None
def append(self, event_type: str, actor_id: str, payload: dict) -> VAPEvent:
event = VAPEvent(
event_type=event_type,
actor_id=actor_id,
payload=payload,
prev_hash=self.last_hash,
)
self.events.append(event)
self.last_hash = event.hash
return event
def verify_integrity(self) -> bool:
"""Verify entire chain integrity."""
for i, event in enumerate(self.events):
# Re‑compute hash
if event._compute_hash() != event.hash:
return False
# Verify linkage
if i > 0 and event.prev_hash != self.events[i - 1].hash:
return False
return True
# ----------------------------------------------------------------------
# Usage Example
# ----------------------------------------------------------------------
if __name__ == "__main__":
chain = VAPChain()
# AI decision event
chain.append(
event_type="AI_DECISION",
actor_id="trading-algo-v2",
payload={
"input_hash": "sha3-256:abc123...",
"decision": "BUY",
"confidence": 0.87,
"factors": ["momentum", "volume"],
},
)
# Execution event
chain.append(
event_type="EXECUTION",
actor_id="broker-gateway",
payload={
"order_id": "ORD-12345",
"status": "FILLED",
"price": 150.25,
"quantity": 100,
},
)
# Verify chain
print(f"Chain valid: {chain.verify_integrity()}")
# Tamper detection demo
chain.events[0].payload["decision"] = "SELL" # Tamper!
print(f"Chain valid after tampering: {chain.verify_integrity()}")VAP Standardization Roadmap
| Target | Timeline | Status |
|---|---|---|
| IETF Internet‑Draft | 2025 Q3 | Planned |
| ISO/TC 68 (Financial Services) | 2026 | Planned |
ISO/IEC JTC 1/SC 42 (AI)
2026‑2027 – Planned
IEEE Standards Association
2027+ – Under consideration
VeritasChain (VAP) – Open Source (CC BY 4.0)
We’re looking for contributors in the following areas:
- Domain experts – help write profile specifications (medical, automotive, energy)
- Cryptographers – review post‑quantum migration paths
- Developers – build SDKs in additional languages
- Regulators – provide feedback on compliance alignment
Website:
GitHub:
Technical contact:
Standards contact:
Final Thought
Every critical infrastructure eventually gets its flight recorder—but only after catastrophe teaches us we need one.
- Aviation learned through 128 deaths in the 1956 Grand Canyon collision.
- Nuclear power learned through Three Mile Island and Chernobyl.
Our generation is building AI systems that make decisions faster than humans can think, at scales affecting billions of lives.
We can wait for the AI equivalent of a plane crash, or we can build the flight recorder now.
The choice is ours.