Authorized Traffic Manifest: Cryptographic Proof of Secure AI Routing
Authorized Traffic Manifest: Cryptographic Proof of Secure AI Routing
When the next MCP exfiltration backdoor lands on Hacker News at 3am, can your CISO answer — by 9am the same morning — exactly which of your AI integrations were exposed, and prove it to the board with a cryptographic signature rather than a hopeful email? Under EU AI Act Article 11, vague reassurances stop counting as technical documentation.
The primary security risk in enterprise AI is no longer the LLM itself. It is the destinations to which intercepted traffic is routed. With 36% of community AI skills containing critical flaws — prompt injection vectors, exfiltration backdoors, hardcoded secrets — your interceptor must communicate only with vetted endpoints.
Unvetted Traffic Destinations
Three failure patterns dominate enterprise AI security:
- The shadow endpoint crisis. Without a central interceptor, employees wire corporate data to unscreened third-party APIs that bypass existing security protocols.
- The visibility lag. When a vulnerability drops — like the April 2026 MCP STDIO flaw exposing 7,000+ servers — IT teams cannot verify exposure without days of manual auditing.
- Paper-only trust. A vendor’s “list of integrations” is a marketing claim. A list is a claim; a manifest is a proof.
Manifest-Driven Routing
The NordClaw Edge Proxy — running on Sovereign Container Infrastructure in Frankfurt — acts as the technical policy enforcement point for the organisation’s Walled Garden of authorised destinations.
Cryptographic provenance
Every destination the interceptor is allowed to reach is hashed (SHA-256) and signed with a hardware key (YubiKey). The interceptor verifies this fingerprint before permitting a single byte of data to leave the EU perimeter:
{
"destination": "api.deepseek.com",
"hash_sha256": "e3b0c44298fc1c149afb...",
"approved_at": "2026-05-15T10:00:00Z",
"next_review_date": "2026-08-15",
"data_residency": "CN",
"zdr_contract": true
}Three-layer screening
Before any destination joins the manifest, it must pass:
- Repo forensics. Static analysis for prompt-injection vectors and hardcoded secrets in the integration’s source.
- Binary hash verification. Production code must exactly match the audited source — preventing supply-chain tampering.
- Runtime sandboxing. Integration workflows run inside isolated, rootless containers with explicit egress-deny networking, preventing lateral exfiltration.
Real-time revocation
The manifest is self-revoking. Each entry carries a next_review_date. If a destination fails its scheduled re-review, the CI pipeline removes it automatically, and the Edge Proxy drops all traffic to that endpoint — no manual intervention.
Every Routed Byte Is Accounted For
Every intercepted request is written to our Dedicated PostgreSQL 15 Cluster in Frankfurt. The audit_logs table captures:
- The upstream model endpoint that received the sanitised request
- The
token_map_hash(SHA-256) proving PII was redacted before forwarding - The
response_statusandresponse_latency_msconfirming the transaction completed - The
tenant_idanduser_idfrom the OIDC SSO JWT, linking the routing event to a named human
A complete, immutable chain of custody — from the user’s initial request, through PII redaction, to the authorised destination, back to the user’s screen. The full Article 26 logging architecture is covered in our immutable audit trails deep dive.
Technical Reality vs. Marketing Claims
| Capability | Paper-list approach | NordClaw manifest |
|---|---|---|
| Destination proof | Vendor marketing copy | SHA-256 signed manifest entry |
| Integration vetting | Self-reported by vendor | 3-layer screening + sandbox |
| Revocation speed | Manual IT ticket (days) | Automated CI pipeline (seconds) |
| Audit evidence | None | Immutable ledger per routed request |
| Article 11 compliance | Not satisfied | Machine-readable versioned record |
The Authorized Traffic Manifest satisfies EU AI Act Article 11 (Technical Documentation) by providing a machine-readable, versioned record of every vetted endpoint. The CISO can export a signed PDF at any time and hand it to a national market surveillance authority.
This becomes particularly critical for high-risk HR workflows where downstream destination integrity is itself a compliance obligation.
Early access · MVP cohort
Be audit-ready before August 2, 2026.
NordClaw is onboarding a limited cohort of enterprise partners ahead of the EU AI Act enforcement deadline. Reserve your seat and shape the compliance infrastructure your DPO, CISO, and CFO will rely on.
Sign up for early access →
A Signed Proof, Not a Signed Promise
The question is not whether your organisation needs an authorised list of destinations. It is whether that list provides a signed proof of security or a marketing claim.
NordClaw’s Authorized Traffic Manifest moves the conversation from “we trust these vendors” to “we have cryptographically verified these vendors and can prove it to any regulator.” That is the only evidence that will matter in a post-August 2026 audit.