Most AI systems can tell you what they did. Very few can prove it. The gap between the two is where cryptographic AI receipts live.
When a model returns an answer, a routing layer picks a provider, or an agent decides to spend, the record of that event usually lands in a log or a database row the operator controls. That record is a claim. The operator can edit it, lose it, or reconstruct it after the fact, and you have no way to tell. For a demo, that is fine. For anything a buyer, an auditor, or a regulator will later question, a claim is not enough. You need proof.
A receipt is a signed record, not a log line
A cryptographic AI receipt captures the conditions of an AI event — the model, the inputs, the decision, the timing — and binds them into a single record signed with a private key. Anyone holding the matching public key can confirm two things at once: the record was produced by the claimed signer, and it has not been altered by so much as a byte since. Change one character and verification fails.
Three properties make it proof rather than record-keeping:
- Signed. Hive receipts are signed with post-quantum ML-DSA-65 (NIST FIPS 204), not stored in a table you have to trust the operator not to touch.
- Verifiable offline. Verification needs only the receipt and the public key. It runs anywhere, any time, with nothing from Hive at check time.
- Third-party checkable. A counterparty confirms the receipt on their own, without your cooperation and without a login.
Why post-quantum, and why offline
Signatures are only as durable as the math under them. A record you might have to defend in three, five, or ten years should not rest on a scheme a future quantum computer could forge retroactively. ML-DSA-65 is the NIST-standardized post-quantum signature (FIPS 204); signing with it today means a receipt minted now still verifies — and still means something — later.
Offline verification matters for the same reason. If checking a receipt required calling the platform that made it, the platform would still be the arbiter of its own truth. A receipt you can verify with the public key alone removes that dependency entirely. The proof stands on its own.
What a receipt does not claim
A receipt is honest about its scope. It attests what happened — this model, these inputs, this decision, at this time — not whether the output was correct. It will not tell you an answer was true or a decision was wise. It tells you, verifiably, that the event occurred as described and has not been tampered with. That narrow, honest claim is exactly what makes it trustworthy: it never overreaches.
Where receipts start: inference
Inference is the natural first surface, because it is where AI systems make claims most often and prove them least. Hive's AFiR mints a cryptographic receipt for signed AI inference — and for each sub-step of it — so a model call can be verified after the fact by anyone. From there the same primitive extends to agent actions and to human-origin data, all sharing one verifiable record format.
If you want the full map of the three surfaces — inference, agents, and human data — the Cryptographic AI Receipts overview is the one-page explainer.
Start with the overview, then watch AFiR sign a live inference call and verify it in your browser.