Annexo

The assurance ladder

From supervised to insurable.

In insurance, a human sits in the loop on every claim and price — not because the AI can't do the work, but because 99% isn't enough to carry the liability of running unsupervised. Each rung of independent assurance lets you take more of the human out of the loop, safely.

HUMAN IN THE LOOPon every decisionout of the loop01VerifyLIVE02MonitorLIVE03RatifyFORWARD TIER04InsureHORIZONMORE AUTONOMY, SAFELY →
live today the direction, not a current offering
01Verify· TESTlive

Independent live probes fired at the agent — its behaviour mapped to the specific obligations a claims or underwriting risk owner has to sign.

You can switch it on at all — proof you can demonstrate, not trust you assert.

02Monitor· MONITORlive

Continuous verification and drift detection as the model, prompts and traffic change underneath you.

You can keep it on — catch the moment a guardrail or a disclosure quietly changes.

03Ratify· ATTESTforward tier

An independent attestation of how the agent behaves, issued by a party with no incentive to pass.

Your board, the regulator and the buyer accept it — because you cannot sign your own homework.

04Insure· INSUREhorizon

Independent, continuous assurance makes the residual risk measurable and monitored — the precondition for it to become insurable.

The human can come out of the loop: the claim runs touchless, with the residual risk carried rather than absorbed.

The moat is the same at every rung: independence. The platform that built your agent can't grade it, and you can't self-certify it — so the proof has to come from a party with no incentive to pass.

Verify and Monitor are live today. Ratify and Insure describe the direction of the product, not a current offering — Annexo is not an insurer and not a notified body, and nothing here is a guarantee or legal advice. The probes report observed behaviour at a point in time.

Why it matters

The insurance endgame →

The liability tax these rungs unlock value against.

The proof

A sample assurance report →

Exactly what rung one puts in front of a risk owner.

Start at rung one — verify your agent →Scope a pilotTalk to us

About Annexo

Annexo is the independent trust layer for AI agents: it verifies how a third party’s AI agent actually behaves with live tests, watches it for drift, and produces audit-ready evidence for buyers, regulators and insurers. Every result is observed behaviour at the time of testing — never a certification, conformity assessment, guarantee, or legal advice. Annexo is not a notified body.

Frequently asked questions

What is Annexo?
Annexo is an independent trust layer for AI agents. It verifies how a third party’s AI agent actually behaves with live behavioural probes, watches it for drift over time, and produces audit-ready assurance evidence a buyer, regulator or insurer can rely on. The thesis is simple: a builder cannot credibly grade its own homework, so verification has to be independent.
Who is Annexo for?
EU and DACH enterprises deploying AI agents in regulated settings — insurance, banking, industrial — and the consultancies that build agents for them. Later, insurers underwriting agent risk.
How does Annexo verify an AI agent?
Point the verify console at your own AI agent endpoint or run a built-in sample agent. A live probe battery runs against it — prompt injection, tool poisoning, guardrails under pressure, AI disclosure, PII handling, request logging — and resolves into an evidence dashboard. Your agent’s API key is held in memory for that one request only and is never stored.
Does Annexo certify or guarantee that an AI agent is compliant?
No. Annexo is not a notified body and does not certify, guarantee, or give legal advice. Every result is observed behaviour at the time of testing, reported as a status — holding, watch, or surfaced — never a pass/fail verdict or a conformity assessment.
What about EU regulations like the EU AI Act, GDPR, DORA and NIS2?
Annexo also produces done-for-you EU conformity dossiers — the evidence and technical documentation mapped to the EU AI Act, GDPR, DORA and NIS2, produced from your system and audit-ready. It is the deliverable, not a substitute for your own counsel or a conformity assessment body.
Where is Annexo’s data processed?
In the EU. Compute runs in the Frankfurt (fra1) region and persisted data uses an EU-region store, in line with EU data-residency expectations.