When your AI agent modifies production systems, eventually someone's going to ask you to prove what it actually did. Maybe it's a regulator, maybe it's an incident reviewer, maybe it's two years from now when nobody remembers the context. The problem is most telemetry lives in process memory or unsigned spans—worthless as evidence. A new tool called Akmon solves this by creating portable, cryptographically signed audit records that any third party can verify with nothing more than openssl and a public key.

What Akmon Actually Does

Akmon sits on top of whatever AI agent you already run—whether that's your own setup or anything emitting OpenTelemetry traces. It captures sessions into AGEF (Agent Evidence Format) bundles, which are content-addressed artifacts containing the full session record. The killer feature: once signed with an Ed25519 key, anyone can verify that bundle's integrity and authorship offline using standard openssl commands, no Akmon installation required. The tool implements AGEF v0.1.3 and ships as a Rust binary installable via cargo or Homebrew for macOS/Linux users.

The Trust Toolchain in Practice

The workflow is straightforward: generate an Ed25519 signing key with akmon bundle keygen, import any OpenTelemetry trace (supports both v1.37 structured form and the older v1.36 message-event format), export to a portable bundle, then sign it. Verification runs through akmon bundle verify or the standalone agef-verify binary for auditors who shouldn't need full Akmon access. For pure openssl verification without any Akmon involvement at all, run akmon bundle prove-openssl to extract statement.bin, signature.bin, and pubkey.pem into a directory, then verify with openssl pkeyutl -verify -pubin. The catch: macOS ships with LibreSSL which can't handle Ed25519—install openssl@3 via Homebrew first.

Capture Levels and Honest Metadata

Akmon explicitly distinguishes between full capture (from its own agent, enabling deterministic replay) and structural capture (from imported OTEL traces, giving you shape and metadata but not byte-for-byte reproduction). This matters because the tool signs the capture level directly into the manifest—nobody can quietly overstate what a record actually contains. Structural captures will fail akmon bundle verify --require-capture full by design, keeping that line crystal clear.

Compliance Context

With EU AI Act high-risk logging obligations kicking in August 2, 2026 (Article 12 and Annex IV), organizations need evidence they can actually defend. Akmon maps to these requirements plus NIST AI RMF MEASURE 2.8 and SOC 2 CC7.x/CC8.1—though the project explicitly notes it's not a compliance certification, just tooling to help produce defensible records. The bundled agent includes typed permission checks for file writes, shell, and network operations if you want Akmon as your reference producer for full-capture sessions.

How It Compares to Microsoft

The documentation draws a direct comparison: Microsoft's Agent Governance Toolkit (open-source since April 2026) uses HMAC-based tamper-evidence without asymmetric signatures. Azure Confidential Ledger offers solid signed Merkle receipts but ties verification to Azure infrastructure. Akmon's differentiator is portability—you get one self-contained artifact checkable by anyone with openssl, no vendor dependencies. The project isn't trying to replace Microsoft's distribution advantages (Purview, Copilot Control System) or standards body presence; it's meant to complement them—seal what Purview captures, verify what Foundry traces produce.

Installation and Availability

Grab prebuilt binaries from GitHub releases for Linux x86_64 or macOS (arm64 for Apple Silicon, x86_64 for Intel), each accompanied by SHA256SUMS for integrity checking. Source builds via cargo install work on any platform Rust supports. The project is Apache-2.0 licensed with full documentation at radotsvetkov.github.io/akmon including a walkthrough from raw OTEL trace to standalone openssl proof.

Key Takeaways

  • Third-party verification works offline using only OpenSSL 3.x—no Akmon installation needed
  • Ed25519 asymmetric signatures make records attributable and independently verifiable
  • Capture level honesty is baked into the format; structural imports can't masquerade as full recordings
  • EU AI Act high-risk obligations activate August 2, 2026—tools like this are becoming compliance necessities

The Bottom Line

Akmon fills a real gap: portable, vendor-independent audit evidence for AI agents that stands up to adversarial scrutiny. If you're running autonomous agents in regulated environments or just want defensible records of what your AI actually touched, this is the kind of tooling the ecosystem has been missing. Kudos to radotsvetkov for shipping something genuinely useful instead of another wrapper library.