Auditor Lifecycle Phases

Lucid Auditors are Phase-Aware. Security logic is enforced across the entire lifecycle of an AI request, from build-time verification to runtime response filtering.

Cryptographic Evidence

Each phase contributes a signed unit of evidence. These are bundled into the AI Passport, providing a verifiable record that the workload followed the Security Policy in a secure TEE.

The Four Phases

Lucid's protection spans four distinct lifecycle phases. Each phase can host multiple auditors specialized for different safety or compliance tasks.

Phase 1: Build & Deploy

SDK Hook: @builder.on_artifact

Verified at weight-loading or container-init time. If an auditor in this phase fails, the TEE enclave will refuse to transition to a "Ready" state.

Integrity Watchdog

Ensures that the binary and model weights match the cryptographically signed hashes in the registry.

Artifact IntegritySLSA

SBOM Verifier

Scans the Software Bill of Materials (SBOM) for critical CVEs before allowing deployment.

Supply ChainNIST

Model Card Validator

Validates model transparency metadata against regulatory schemas (e.g., EU AI Act).

EU AI ActTransparency

Phase 2: Input Gate

SDK Hook: @builder.on_request

Intercepts and cleanses data before it reachers the model's high-privilege processing context.

PII Sanitizer

Detects and redacts sensitive identifiers (SSNs, emails, phone numbers) from user prompts.

GDPRCCPA

Injection Shield

Scans for adversarial prompt structures and "jailbreak" patterns designed to bypass safety filters.

OWASP Top 10LLM-01

Geo-Fencer

Enforces data residency by checking request origin against sovereignty-aware access policies.

Data SovereigntyCompliance

Phase 3: Runtime Mirror

SDK Hook: @builder.on_execution

Observes the model's internal behavior and execution environment during active inference.

Token Economist

Tracks token usage and latency in real-time to detect cost anomalies and SLA breaches.

FinOpsSLA Monitoring

Loop Breaker

Detects recursive tool-calling patterns in agentic workflows to stop infinite loops.

Agentic SafetyResilience

MCP Firewall

Restricts Model Context Protocol (MCP) tool usage to only approved external domains.

IAMNetwork Security

Phase 4: Output Gate

SDK Hook: @builder.on_response

The final safety check before data is cryptographically released from the TEE to the user.

Truth Proxy

Cross-references model outputs against RAG sources to detect and flag hallucinations.

AccuracyRAG Quality

Fairness Judge

Calculates bias and disparate impact metrics on model responses across demographics.

Ethical AIBias Detection

Toxicity Audit

Filters responses for harmful, toxic, or non-compliant language before release.

Content SafetyBrand Prep

Auditor Lifecycle

graph TD
    A[Build Time] -->|Verify Hash| B[Deployment]
    B --> C{Request Hook}
    C -->|Allow/Redact| D[Model Execution]
    C -->|Deny| E[Error Response]
    D -->|Telemetry| F{Response Hook}
    F -->|Verified| G[Release + AI Passport]
    F -->|Blocked| H[Redacted/Error Response]

🚀 What's Next?

Learn how to implement these phases using the SDK Reference.
Understand the Hardware Underpinnings that make these phases tamper-proof.
See the Glossary for a recap of audit terminology.