The verification and governance layer for AI outreach

A deterministic verifier decides what your AI outreach is allowed to send.

AI SDRs optimize for volume, and single-pass models ship stale-source, wrong-entity, and over-claimed statements intact. The Veracity Engine lets an LLM draft, then pure-Python checks strip every unproven claim, score what remains, and route it through a risk-calibrated policy gate. Agents advise, code decides.

100%

Sent integrity when a claim survives

Every claim in the sent email is source-backed

25/25

Verdict accuracy on the labeled golden set

Deterministic and reproducible (25-case benchmark)

3

Deterministic checks before send

Grounding, entity match, temporal validity

This is a runnable demo. Retrieval, CRM, and email send are simulated, and the leads are synthetic except Werner Enterprises, whose 10-K excerpts are real public record.

Volume without verification destroys more pipeline than it creates

The failure mode behind the well-publicized AI-SDR flameouts.

AI SDRs are built to send more. Single-pass LLMs hallucinate a measurable share of prospect-specific claims, and personalization tools never re-verify the resulting claim against a current, entity-correct source. So stale-source, wrong-entity, and over-claimed statements ship intact, and verification is bolted on after send or never happens at all.

The industry context is stark. Single-pass LLMs hallucinate 12 to 18% of prospect-specific claims (AI SDR Industry Report, 2026). Enterprise AI-SDR churn runs 50 to 70% annually (UserGems, 2026). 11x.ai raised $74M and collapsed in 2025 with 70 to 80% churn (TechCrunch). Only 7% of enterprises have agentic-specific governance (Deloitte, 2026), and Gartner projects that more than 40% of agentic-AI projects will be abandoned by 2027. Since November 2025, a spam rate above 0.3% triggers Gmail SMTP-level rejection and a 6 to 12 week domain recovery.

The real bug is not bad grammar. The grammar is perfect, which makes it worse. The danger is a claim that is correctly cited but misleadingly used: a true fact pulled from a stale source, a true fact about the wrong same-named company, or a vendor claim that the source contradicts. We call that contextual misuse, and better base models do not remove it. A perfect model still cannot prove to FINRA or GDPR which current source backed which claim.

How the Veracity Engine works

An LLM drafts. Deterministic code decides what ships. This is neurosymbolic: neural authorship, symbolic verification.

The pipeline runs Lead, then Research (a Fact Sheet where each fact is tied to a dated source), then Draft (a Writer LLM constrained to the Fact Sheet only), then Verify (deterministic checks), then a Policy Gate, then a signed audit receipt, then a simulated CRM write-back. The verification step is not an LLM judging an LLM. It is pure Python, so the same input yields the same verdict every run.

The three deterministic checks

Each factual claim is tested against its cited source. The first failing check wins, in priority order: unsourced, then contradicted, then entity mismatch, then stale.

1. Grounding

Is the claim entailed by a source snippet? Token overlap must be at least 0.5 of content tokens, and company-name tokens are excluded so a claim cannot score high just by repeating the company name.

2. Entity match

Is the source about this exact prospect, not a same-named other company? A source about a different firm with the same name fails, even when the words line up.

3. Temporal validity

If the claim uses recency language ("recently", "just", "now", "this week"), the source must be within 365 days. Older sources are marked stale, even when the fact is true.

Two further guards run alongside them: a vendor-contradiction check, and a sentence-faithfulness floor of 0.3 that stops a live LLM from riding a valid fact id on a hallucinated sentence. The verdict vocabulary drives the interface colors: supported (green) passes; stale (amber), entity_mismatch (red), contradicted (red), and unsourced (red) do not.

The policy gate

The gate strips every non-supported claim, then reports two numbers. The Veracity Score is supported claims divided by total factual claims in the draft, which is how much of what the AI wrote was actually true. Sent integrity is 100% whenever at least one claim survives, because the sent email then contains only source-backed claims. That is the design guarantee.

Routing follows risk. The email is revised if nothing safe survives or draft coverage falls below 0.5. It is sent to human review if it is high-value (regulated, or C-suite, or a deal of at least $100,000) even on a 100%-clean draft. Otherwise it is auto-eligible. The comparison mode, Standard AI SDR, researches, drafts, and sends with 0 claims verified before send; the app shows that as an after-the-fact shadow check of what already went out.

The catch, worked end to end

Three leads from the demo corpus (anchor date 2026-06-17). Every image below is a screenshot of the running app.

A true fact from a stale source is still the wrong thing to send

For the Northwind Logistics lead (a synthetic mid-market 3PL), the draft claims the company "recently expanded into APAC". The source is real Northwind APAC news, grounding overlap is 100%, and the entity is correct. But the source is dated 2019-03-14, which is 2,652 days old (about 7.3 years) against a 365-day recency window, so temporal validity fails and the claim is stripped. The Veracity Engine keeps the supported claims (led by a push to hire six Salesforce administrators, evidenced by a job posting dated 2026-06-09), catches the two bad claims, and sends an email that is 100% source-backed.

Veracity Engine result for the Northwind lead: 100% of the sent email source-backed, 60% of the draft verifiable, two claims caught and stripped with reasons shown inline.
Veracity Engine result: sent integrity 100%, draft verifiable 60%, two claims caught and struck through with reasons.
Evidence panel showing grounding at 100% and entity OK, but the temporal check failing: source age 2,652 days exceeds 365 days for a recency claim, so the verdict is stale.
The evidence panel: grounding passes, entity passes, temporal validity fails (source age 2,652 days over the 365-day window). Verdict: stale.

The same gap on a real SEC filing

Werner Enterprises, Inc. is a real public company, and sources W1 and W2 are verbatim excerpts from its FY2023 Form 10-K (SEC EDGAR, CIK 0000793074, filed 2024-02-26). The draft claim "recently growing your One-Way Truckload fleet to 2,735 trucks" is factually real, but the filing is more than two years old, so a "recently" framing is caught stale. This is the exact temporal-misuse gap that SEC-filing personalization tools leave open. (The contact and job posting in this lead are synthetic; only Werner and its 10-K excerpts are real.)

A real Werner Enterprises claim backed by its FY2023 SEC 10-K, caught stale because the filing is over two years old against the 365-day recency window.
A real Werner 10-K claim, factually accurate, caught stale on a recency framing.

A same-name entity collision

Back on the Northwind lead, the draft also claims a "$40M Series B". The cited source is real, but it is about "Northwind Inc.", an Austin cybersecurity startup, not "Northwind Logistics". The entity-match check fails and the claim is stripped before it can ship.

Evidence panel showing an entity-match failure: the cited funding source is about Northwind Inc., an Austin cybersecurity startup, not Northwind Logistics.
Entity mismatch: the funding source describes Northwind Inc., not Northwind Logistics.

Governance is about risk, not just correctness

Atlas Capital Markets is a synthetic FINRA-regulated broker-dealer, with a Chief Revenue Officer contact and a $220,000 deal. Even a 100%-clean, fully source-backed draft is forced to human review by the policy gate, because it is regulated, C-suite, and above the $100,000 threshold. A clean draft is not the same as a sendable one.

Atlas Capital Markets routed to human review because it is regulated, C-suite, and a $220,000 deal, even though the draft is fully source-backed.
Atlas routed to human review on a 100%-clean draft: regulated, C-suite, deal above $100,000.

A signed receipt, and a reproducible benchmark

Every email produces a downloadable JSON audit receipt: the model provider and version, the prospect and risk tier, the fact sheet, each claim's verdict with its source span and dates, the veracity score, the policy rule that fired, and the human approver. On a labeled golden set of 25 cases, the deterministic verifier scores 25/25 verdict accuracy: 10 of 10 hard or bad claims caught, 15 of 15 clean claims preserved. That reproducibility is what makes it certifiable, and an LLM judge is not. We attribute the 25/25 to this labeled benchmark, never as an open-world guarantee.

The downloadable JSON audit receipt with per-check trace, model version, verdicts, source spans, dates, and the policy rule that fired.
The signed JSON audit receipt, with the full per-check trace.
The 25-case labeled golden set scoring 25 out of 25 verdict accuracy, deterministic and reproducible.
The 25-case golden set: 25/25 verdict accuracy, same result every run.

Standard AI SDR versus the Veracity Engine

The same toggle the demo compares against, side by side.

Dimension Standard AI SDR Veracity Engine
Claims verified before send 0 Every factual claim, deterministically
Who decides what ships The LLM sends what it drafted Pure-Python checks, not an LLM
Stale-source catch None Temporal validity, 365-day window
Wrong same-named entity None Entity-match check
Audit trail None Signed JSON receipt per email
High-risk handling Sends anyway Routed to human review

What this demo does not do

  • ✓ It does not claim a hallucination rate of zero. The LLM still drafts; the guarantee is that unproven claims are stripped before send. Anyone claiming a zero hallucination rate is not being honest.
  • ✓ It does not use live connectors. EDGAR, LinkedIn, Greenhouse, news retrieval, CRM read and write, and email send are stubbed or simulated, and the Fact Sheet is pre-built.
  • ✓ It does not present Northwind or Atlas as real companies. They are synthetic. Only Werner Enterprises and its W1/W2 10-K excerpts are real public record.
  • ✓ It does not report the 12 to 18% hallucination range as this product's own measured result. That figure is market context; the demo's headline is provenance coverage and the auto-handled rate.
  • ✓ It does not carry customers, case studies, testimonials, or ROI figures. None exist yet. This is a demo that proves the mechanism, not a deployment.

Questions buyers actually ask

Is this just another AI SDR (like 11x)?

No. We do not add another AI SDR to the market. The Veracity Engine is a verification and governance layer that sits after the draft: a deterministic, pure-Python verifier checks each claim an AI wrote against a dated, entity-matched source, strips anything unproven, and writes a signed audit receipt before the email is allowed to send. AI SDRs optimize for volume; we decide what is safe to ship.

How do you verify AI-generated sales email claims before they send?

Every factual claim in the draft runs through three deterministic checks: grounding (is the claim entailed by a source snippet, at token overlap of at least 0.5), entity match (is the source about this exact prospect, not a same-named company), and temporal validity (if the claim uses recency language, the source must be within 365 days). Only claims that pass are marked supported and kept; everything else is stripped. The verifier is code, not an LLM judging an LLM, so the same input always yields the same verdict.

How does it catch a claim that is technically true but misleading?

That is the exact failure mode we built for, which the demo calls contextual misuse. In one worked lead the sentence "recently expanded into APAC" is grounded and about the right company, but the only source is dated 2019, so it is 2,652 days old against a 365-day recency window and is caught as stale and stripped. We show the same pattern on a real Werner Enterprises claim backed by its FY2023 SEC 10-K: factually accurate, but the filing is over two years old, so a "recently" framing fails temporal validity.

Can AI outreach be used in regulated industries like financial services / FINRA?

That is where a verification and governance layer matters most, because a hallucinated or misattributed claim carries regulatory consequence. In the demo, the policy gate routes any email that is regulated, sent to a C-suite contact, or tied to a deal of at least $100,000 to human review, even when the draft is fully source-backed. Governance here is a function of risk, not just correctness.

How do you prove which source backed a claim, for a compliance audit?

Each email produces a downloadable JSON audit receipt that records the model provider and version, the prospect and risk tier, the fact sheet, every claim's verdict with its source span and dates, the veracity score, the exact policy rule that fired, and the human approver. Any claim traces back to its source in seconds. A perfect model still cannot prove to an auditor which current source backed which claim; a receipt can.

Will a better/newer AI model just fix the hallucination problem?

No, and that is the durable point. Better base models still draft, and anyone claiming a zero hallucination rate is not being honest, so the need to prove provenance, keep an audit trail, and gate on risk does not go away. Provenance, audit receipts, and a policy gate are durable properties; a stronger writer does not remove the requirement to verify and govern what it writes.

Is this a live product or a demo?

It is a runnable demo that proves the mechanism, not a deployed pipeline. The retrieval sources (EDGAR, LinkedIn, Greenhouse, news), the CRM read and write, and the email send are simulated, and the fact sheet is pre-built; the leads are synthetic except Werner Enterprises, whose 10-K excerpts are real public record. The deterministic verifier, the policy gate, and the audit receipt are real and run exactly as shown.

Technical Research

The research behind this demo — the architecture, the verification design, and the enterprise blueprint.

Putting AI outreach in front of regulated buyers?

The verification and governance layer is the hard part. We build it.

If your team is wrestling with how to put AI outreach in front of regulated buyers without risking a hallucinated claim, we would genuinely like to hear how you are thinking about it. The problem is industry-wide and the answers will be too.

Verification assessment

  • ✓ Map where your AI outreach can ship an unproven claim
  • ✓ Define grounding, entity, and temporal rules for your data
  • ✓ Design the risk tiers and the human-review gate
  • ✓ Specify the audit receipt your compliance team needs

Build the layer

  • ✓ A deterministic verifier over your real sources
  • ✓ A policy gate calibrated to your regulated verticals
  • ✓ Signed, downloadable audit receipts per send
  • ✓ Model-swappable authorship (Anthropic, OpenAI, Gemini, Ollama)