Asqav Delivers Quantum‑Safe Audit Trails for AI Agents

Asqav launched as an open-source Python SDK (MIT license) that attaches a cryptographic signature to each AI agent action and links entries into a hash chain, producing tamper-evident audit trails with RFC 3161 timestamps. The project markets itself as a governance layer for autonomous agents, shipping a PyPI package (0.2.6) and companion tools, including CI/CD compliance scanners and an MCP server for centralized policy enforcement.

Autonomous agent frameworks (LangChain, AutoGen, CrewAI, Azure AI Foundry Agent Service) make multi-step, cross-system automation straightforward — but leave sparse, non‑cryptographic logs that are easy to alter or forge. Asqav addresses that gap by using ML-DSA-65, a signing algorithm standardized under FIPS 204 and described as quantum‑safe, so signatures remain verifiable even against future quantum threats. Each signature carries an RFC 3161 timestamp, and the SDK exposes verification hooks, OTEL export, content scanning, behavioral monitoring, and compliance reporting features.

The SDK focuses on practical integration points for production agent stacks: signing and signature verification, export to observability pipelines, policy enforcement via an MCP server, and CI/CD scanning to catch governance regressions on pull requests. The maintainer/founder (João André Marques) has published project materials on asqav.com, PyPI, GitHub, and community channels highlighting three-line integrations and developer-first ergonomics.

Governance is rapidly becoming a production requirement as agents execute financial transactions, code, and infrastructure changes autonomously. Cryptographic, tamper-evident audit trails materially raise the bar for forensic integrity, compliance (e.g., evidence for auditors), and incident response. The quantum‑safe claim (ML-DSA-65 / FIPS 204) anticipates long‑term evidence preservation requirements for regulated industries.

adoption across popular agent frameworks (native integrations for LangChain/AutoGen), third‑party audits of ML-DSA-65 implementations, interoperability with enterprise SIEM/OTEL pipelines, and alignment with evolving regulation (EU AI Act, DORA). Evaluate performance/latency costs of signing in high‑throughput agent loops and validate the cryptographic primitives used.