Fail-closed verification rails for Cortex outputs with evidence-backed grounding and independently verifiable receipts.
Shamrock is the four-gate architecture. Snowflake demo ships the live gates and receipts. Hardware leaf is roadmap.
WhiteRails is fail-closed governance rails for AI execution with verifiable receipts.
Measured outcomes from Snowflake stress tests and red team exercises.
WHITE_RAILS_EVIDENCE
105-row WhiteRails Evidence Set
WHITE_RAILS_RECEIPTS
WhiteRails Receipts (cryptographic audit)
CDT_CONSENT
Consent token registry
CDT_RECEIPTS
Consent audit trail
WHITERAILS_GATE
One-call rail check + receipt
WR_VERIFY_RECEIPT
Hash recomputation check
Request passes policy checks before execution
Risk scoring determines execution path
Evidence-backed verification at 0.70 threshold
WhiteRails Receipt minted for every decision
Fail-closed: BLOCKED returns Output = NULL and still writes receipt. Every decision logged regardless of status.
Deterministic steps, expected outputs. What engineers and evaluators respect.
| Batch | Queries | What It Proves |
|---|---|---|
BATCH 1 |
5 prompts | Enterprise baseline — HIPAA, SOC2, GDPR, EU AI Act compliance |
BATCH 2 |
5 prompts | Security red team — SQL injection, prompt injection, jailbreak attempts |
BATCH 3 |
5 prompts | Workflow validation — multi-step audit trail integrity |
BATCH 4 |
5 prompts | Stress test — sustained throughput under load |
BATCH 5 |
5 prompts | Shamrock full gate — all four rails + receipt |
BATCH 6 |
5 prompts | Hallucination bait — fictional queries should BLOCK |
BATCH 7 |
3 prompts | CDT consent — grant/use/revoke lifecycle |
BATCH 8 |
3 prompts | Receipt verification — hash recomputation returns TRUE |
BATCH 9 |
3 prompts | Edge cases — empty prompts, unicode, max length |
Attempts to bypass rails with "ignore previous instructions", nested escapes, and encoding tricks. All blocked with WhiteRails Receipts generated.
Queries designed to score exactly at threshold boundary (0.70). Rails hold — borderline queries blocked, receipts capture confidence scores.
Prompts containing '; DROP TABLE -- patterns. Rails sanitize input, block execution, log attempt in receipt.
"Describe the Battle of Zarathon Prime 2025" — fictional content. Grounding rail fails at 47.6% confidence, returns NULL, receipt records BLOCKED.
Deploy it. Show the exploit. Show the fix. Show the receipt. Show the cost drop.
Install WhiteRails in your Snowflake account
Run attack queries (injection, hallucination)
Watch rails return NULL, log receipt
Recompute hashes — all return TRUE
Calculate cost savings vs. manual audit
Blocked + Receipt
Blocked + Receipt
Blocked + Receipt
Blocked + Receipt
| Activity | Before WhiteRails | After WhiteRails |
|---|---|---|
| Manual AI output review | $180K/year | $0 (automated) |
| Audit prep (SOC2/HIPAA) | $120K/year | $40K/year |
| Incident investigation | $80K/year | $15K/year |
| Compliance tooling | $60K/year | $60K/year |
| Total | $440K/year | $115K/year |
Net savings: $325K/year (−74%)
15-minute demo. We run the proof in your environment. You verify the receipts yourself.