The verification and governance layer for AI outreach
AI SDRs optimize for volume, and single-pass models ship stale-source, wrong-entity, and over-claimed statements intact. The Veracity Engine lets an LLM draft, then pure-Python checks strip every unproven claim, score what remains, and route it through a risk-calibrated policy gate. Agents advise, code decides.
100%
Sent integrity when a claim survives
Every claim in the sent email is source-backed
25/25
Verdict accuracy on the labeled golden set
Deterministic and reproducible (25-case benchmark)
3
Deterministic checks before send
Grounding, entity match, temporal validity
This is a runnable demo. Retrieval, CRM, and email send are simulated, and the leads are synthetic except Werner Enterprises, whose 10-K excerpts are real public record.
The failure mode behind the well-publicized AI-SDR flameouts.
AI SDRs are built to send more. Single-pass LLMs hallucinate a measurable share of prospect-specific claims, and personalization tools never re-verify the resulting claim against a current, entity-correct source. So stale-source, wrong-entity, and over-claimed statements ship intact, and verification is bolted on after send or never happens at all.
The industry context is stark. Single-pass LLMs hallucinate 12 to 18% of prospect-specific claims (AI SDR Industry Report, 2026). Enterprise AI-SDR churn runs 50 to 70% annually (UserGems, 2026). 11x.ai raised $74M and collapsed in 2025 with 70 to 80% churn (TechCrunch). Only 7% of enterprises have agentic-specific governance (Deloitte, 2026), and Gartner projects that more than 40% of agentic-AI projects will be abandoned by 2027. Since November 2025, a spam rate above 0.3% triggers Gmail SMTP-level rejection and a 6 to 12 week domain recovery.
The real bug is not bad grammar. The grammar is perfect, which makes it worse. The danger is a claim that is correctly cited but misleadingly used: a true fact pulled from a stale source, a true fact about the wrong same-named company, or a vendor claim that the source contradicts. We call that contextual misuse, and better base models do not remove it. A perfect model still cannot prove to FINRA or GDPR which current source backed which claim.
An LLM drafts. Deterministic code decides what ships. This is neurosymbolic: neural authorship, symbolic verification.
The pipeline runs Lead, then Research (a Fact Sheet where each fact is tied to a dated source), then Draft (a Writer LLM constrained to the Fact Sheet only), then Verify (deterministic checks), then a Policy Gate, then a signed audit receipt, then a simulated CRM write-back. The verification step is not an LLM judging an LLM. It is pure Python, so the same input yields the same verdict every run.
Each factual claim is tested against its cited source. The first failing check wins, in priority order: unsourced, then contradicted, then entity mismatch, then stale.
Is the claim entailed by a source snippet? Token overlap must be at least 0.5 of content tokens, and company-name tokens are excluded so a claim cannot score high just by repeating the company name.
Is the source about this exact prospect, not a same-named other company? A source about a different firm with the same name fails, even when the words line up.
If the claim uses recency language ("recently", "just", "now", "this week"), the source must be within 365 days. Older sources are marked stale, even when the fact is true.
Two further guards run alongside them: a vendor-contradiction check, and a sentence-faithfulness floor of 0.3 that stops a live LLM from riding a valid fact id on a hallucinated sentence. The verdict vocabulary drives the interface colors: supported (green) passes; stale (amber), entity_mismatch (red), contradicted (red), and unsourced (red) do not.
The gate strips every non-supported claim, then reports two numbers. The Veracity Score is supported claims divided by total factual claims in the draft, which is how much of what the AI wrote was actually true. Sent integrity is 100% whenever at least one claim survives, because the sent email then contains only source-backed claims. That is the design guarantee.
Routing follows risk. The email is revised if nothing safe survives or draft coverage falls below 0.5. It is sent to human review if it is high-value (regulated, or C-suite, or a deal of at least $100,000) even on a 100%-clean draft. Otherwise it is auto-eligible. The comparison mode, Standard AI SDR, researches, drafts, and sends with 0 claims verified before send; the app shows that as an after-the-fact shadow check of what already went out.
Three leads from the demo corpus (anchor date 2026-06-17). Every image below is a screenshot of the running app.
For the Northwind Logistics lead (a synthetic mid-market 3PL), the draft claims the company "recently expanded into APAC". The source is real Northwind APAC news, grounding overlap is 100%, and the entity is correct. But the source is dated 2019-03-14, which is 2,652 days old (about 7.3 years) against a 365-day recency window, so temporal validity fails and the claim is stripped. The Veracity Engine keeps the supported claims (led by a push to hire six Salesforce administrators, evidenced by a job posting dated 2026-06-09), catches the two bad claims, and sends an email that is 100% source-backed.
Werner Enterprises, Inc. is a real public company, and sources W1 and W2 are verbatim excerpts from its FY2023 Form 10-K (SEC EDGAR, CIK 0000793074, filed 2024-02-26). The draft claim "recently growing your One-Way Truckload fleet to 2,735 trucks" is factually real, but the filing is more than two years old, so a "recently" framing is caught stale. This is the exact temporal-misuse gap that SEC-filing personalization tools leave open. (The contact and job posting in this lead are synthetic; only Werner and its 10-K excerpts are real.)
Back on the Northwind lead, the draft also claims a "$40M Series B". The cited source is real, but it is about "Northwind Inc.", an Austin cybersecurity startup, not "Northwind Logistics". The entity-match check fails and the claim is stripped before it can ship.
Atlas Capital Markets is a synthetic FINRA-regulated broker-dealer, with a Chief Revenue Officer contact and a $220,000 deal. Even a 100%-clean, fully source-backed draft is forced to human review by the policy gate, because it is regulated, C-suite, and above the $100,000 threshold. A clean draft is not the same as a sendable one.
Every email produces a downloadable JSON audit receipt: the model provider and version, the prospect and risk tier, the fact sheet, each claim's verdict with its source span and dates, the veracity score, the policy rule that fired, and the human approver. On a labeled golden set of 25 cases, the deterministic verifier scores 25/25 verdict accuracy: 10 of 10 hard or bad claims caught, 15 of 15 clean claims preserved. That reproducibility is what makes it certifiable, and an LLM judge is not. We attribute the 25/25 to this labeled benchmark, never as an open-world guarantee.
The same toggle the demo compares against, side by side.
| Dimension | Standard AI SDR | Veracity Engine |
|---|---|---|
| Claims verified before send | 0 | Every factual claim, deterministically |
| Who decides what ships | The LLM sends what it drafted | Pure-Python checks, not an LLM |
| Stale-source catch | None | Temporal validity, 365-day window |
| Wrong same-named entity | None | Entity-match check |
| Audit trail | None | Signed JSON receipt per email |
| High-risk handling | Sends anyway | Routed to human review |
No. We do not add another AI SDR to the market. The Veracity Engine is a verification and governance layer that sits after the draft: a deterministic, pure-Python verifier checks each claim an AI wrote against a dated, entity-matched source, strips anything unproven, and writes a signed audit receipt before the email is allowed to send. AI SDRs optimize for volume; we decide what is safe to ship.
Every factual claim in the draft runs through three deterministic checks: grounding (is the claim entailed by a source snippet, at token overlap of at least 0.5), entity match (is the source about this exact prospect, not a same-named company), and temporal validity (if the claim uses recency language, the source must be within 365 days). Only claims that pass are marked supported and kept; everything else is stripped. The verifier is code, not an LLM judging an LLM, so the same input always yields the same verdict.
That is the exact failure mode we built for, which the demo calls contextual misuse. In one worked lead the sentence "recently expanded into APAC" is grounded and about the right company, but the only source is dated 2019, so it is 2,652 days old against a 365-day recency window and is caught as stale and stripped. We show the same pattern on a real Werner Enterprises claim backed by its FY2023 SEC 10-K: factually accurate, but the filing is over two years old, so a "recently" framing fails temporal validity.
That is where a verification and governance layer matters most, because a hallucinated or misattributed claim carries regulatory consequence. In the demo, the policy gate routes any email that is regulated, sent to a C-suite contact, or tied to a deal of at least $100,000 to human review, even when the draft is fully source-backed. Governance here is a function of risk, not just correctness.
Each email produces a downloadable JSON audit receipt that records the model provider and version, the prospect and risk tier, the fact sheet, every claim's verdict with its source span and dates, the veracity score, the exact policy rule that fired, and the human approver. Any claim traces back to its source in seconds. A perfect model still cannot prove to an auditor which current source backed which claim; a receipt can.
No, and that is the durable point. Better base models still draft, and anyone claiming a zero hallucination rate is not being honest, so the need to prove provenance, keep an audit trail, and gate on risk does not go away. Provenance, audit receipts, and a policy gate are durable properties; a stronger writer does not remove the requirement to verify and govern what it writes.
It is a runnable demo that proves the mechanism, not a deployed pipeline. The retrieval sources (EDGAR, LinkedIn, Greenhouse, news), the CRM read and write, and the email send are simulated, and the fact sheet is pre-built; the leads are synthetic except Werner Enterprises, whose 10-K excerpts are real public record. The deterministic verifier, the policy gate, and the audit receipt are real and run exactly as shown.
The research behind this demo — the architecture, the verification design, and the enterprise blueprint.
The verification and governance layer is the hard part. We build it.
If your team is wrestling with how to put AI outreach in front of regulated buyers without risking a hallucinated claim, we would genuinely like to hear how you are thinking about it. The problem is industry-wide and the answers will be too.