Attested AIVerify Sample

What is Selective Interception?

Selective Interception (also called the "non-vacuum principle") is the guarantee that the governance system observes ONLY the specific selectors declared in the Policy Artifact—nothing more.

The Non-Vacuum Contract

We do NOT:

  • Scan arbitrary files
  • Crawl the filesystem
  • Capture arbitrary network packets
  • Collect OS-wide telemetry
  • Vacuum up data for later analysis

How Selection Rules Work

The Policy Artifact contains explicit selection rules that define exactly what will be measured. These rules are sealed at build time and cannot be expanded at runtime.

"selection_rules": [
  {
    "type": "FILE_DIGEST",
    "path": "model_weights.bin",
    "normalize": { "encoding": "binary" }
  },
  {
    "type": "FILE_DIGEST",
    "path": "config.yaml",
    "normalize": { "line_endings": "LF" }
  }
]

Why It Matters

  • Privacy by Design: Only declared subjects are observed
  • Minimal Attack Surface: No arbitrary data collection
  • Deterministic Scope: Observable scope is sealed at policy mint time
  • Audit Clarity: Verifiers know exactly what was and wasn't measured

Comparison to Traditional Monitoring

Traditional Monitoring

  • Collects everything, filters later
  • Scope expands over time
  • Privacy concerns
  • Storage/processing overhead

Selective Interception

  • Collects only declared items
  • Scope sealed at build time
  • Privacy preserved by design
  • Minimal resource usage

Related Terms

Policy ArtifactEvidence BundleContinuity ChainSelective InterceptionOffline Verification

See It In Action

Download a sample Evidence Bundle and verify it offline with our CLI tool.

Download Sample Bundle