AttestLayer

Press

Press kit

Factual material for journalists, analysts, and reviewers covering record-only evidence issuance.

AttestLayer is record-only. Public statements describe what AttestLayer issues and how it can be verified. They do not claim that any customer is compliant, secure, audited, or approved.

What AttestLayer is

AttestLayer is a record-only evidence issuance and verification rail. Customers submit records; AttestLayer issues a packet (binder, manifest, signed receipt, hash trail) that reviewers can independently verify offline.

Record-only

No installs, no scanners, no credential collection, no system access.

Verifier-friendly

Reviewers can verify integrity and issuance with the offline verifier and JWKS.

Boundaries

Not an auditor, not legal counsel, not a compliance certification, not buyer approval.

Approved language

"AttestLayer issues record-only evidence packets that reviewers can independently verify. AttestLayer does not certify compliance, replace audit work, provide legal advice, or guarantee buyer or reviewer acceptance."

Press contact

Email

press@attestlayer.com

Brand assets

Logo and brand assets will be published in an upcoming update.

Verification proof

Reviewers can verify a real sample kit at verify.attestlayer.com.

The AttestLayer trust model

AttestLayer’s trust model is intentionally narrow. It records what was submitted, what was accepted into scope, what was issued, and how the issued kit can be checked.

The model uses

  • SHA-256 artifact hashing
  • manifest-based evidence inventory
  • canonical receipt hashing
  • Ed25519 receipt signatures
  • JWKS public-key discovery
  • offline verification
  • fail-closed verification behavior

What it proves

  • files match the manifest
  • manifest matches the receipt
  • receipt key ID matches a public key
  • receipt signature verifies
  • the kit has not been modified since issuance

What it does not prove

  • company compliance status
  • company security status
  • controls are operating effectively
  • a buyer, auditor, insurer, bank, regulator, or PSP has accepted the packet
  • the evidence content is legally sufficient

Integrity and issuance evidence only. Not audit, certification, or compliance guarantee.