Your AI says it forgot.
We check the bytes.
Your AI processed sensitive data. It claims to have purged it. Scanalis verifies this physically : byte by byte. RAM · Memorization · Anonymization. GDPR Art.5(2) · AI Act Art.12 · DORA Art.25.
The blind spot nobody audits yet
When an LLM processes personal data, it is decrypted and placed in plaintext in volatile memory. The system then declares it has purged. Nobody verifies.
AI Act Art. 12: August 2026
Full enforcement requires event logging for high-risk AI systems. Documentation describes processes. It does not document actual physical execution. The gap is operationally critical.
→ Scanalis documents this actual execution.
GDPR Art. 5(2): Accountability
The burden of proof lies with the data controller. Your DPA contractually guarantees purge. It does not document actual execution. The distinction is operationally critical.
→ The Scanalis report documents this actual execution.
DORA Art. 25: ICT Resilience
Financial institutions must verify the ICT resilience of their third-party providers. LLMs are now ICT providers. Their volatile memory has never been audited.
→ First forensic RAM audit for LLMs in finance.
90% of AI funding applications rejected
AI project holders struggle to secure funding without technical proof of compliance execution. The Canary Report is the missing justification document.
→ Documented ROI up to x143.
Complementary to every existing tool
No tool covers what Scanalis audits. Zero direct competitor on forensic RAM proof for LLMs in France.
What Scanalis can verify, and what it cannot
Transparency about limits is the foundation of trust.
Direct scope
Self-hosted LLM (Ollama, vLLM, llama.cpp), dedicated VPC, private cloud, on-premise. Anywhere your technical team can generate a memory dump of the process.
→ Full Canary Protocol: direct forensic verdict.
Partial scope
Third-party SaaS cloud (OpenAI, Anthropic, Mistral API). Scan covers the client-side orchestration layer: middleware, RAG, application cache, vector store.
→ Minerva Protocol via API + architectural assessment.
Out of scope
The SaaS provider's server memory, the vendor's GPU buffers, their internal logs and retention mechanisms. This perimeter is explicitly documented in every report.
→ Every report documents its limits. That's a guarantee, not a gap.
3 protocols. 3 verdicts. 0 declarations.
Each protocol answers a precise question. Every verdict is binary, cryptographically sealed, offline-verifiable.
Has data physically disappeared from memory?
Injection of 8 cryptographic tokens via standard API. Purge triggered. RAM scanned byte by byte, application heap, Linux page cache, swap space, kernel buffers. No agent installed. No SSH access. You generate the dump. Scanalis scans.
- ABaseline fingerprint before injection : cryptographic reference
- B8 canary tokens injected via API : email, IBAN, health PII, company ID, biometrics...
- CClient purge triggered : Scanalis observes without intervening
- D4-zone scan · Aho-Corasick engine · under 90 seconds
openssl dgst -sha256Does the model carry data it should not know?
35 behavioral forensic probes via standard API. Behavioral profile by GDPR category. Variance score 0–100 (biased training detection). Not to retrain, to decide, document, negotiate.
- 1Documented GO/NO-GO before import into sensitive zone
- 2Behavioral profile : 7 detailed GDPR categories
- 3Behavioral integrity score : variance 0-100
Your pipeline pseudonymizes "John Smith" to "J*** S*****" before the LLM call. Scanalis verifies that "John Smith" does not appear anywhere in RAM after processing.
The 5-step workflow
From contract to report delivery, every step is documented, traceable, and offline-verifiable.
One mission. Your perimeter. Tailored.
Every AI system is different. Every Scanalis mission is built with you, scope, stack, criticality level, applicable regulations.
Does your LLM actually forget?
Scanalis produces the forensic documentation that your AI system has physically erased data after processing. SHA-256 sealed report, offline-verifiable.
- ✓Canary Protocol: post-session RAM scan, 4 zones, binary verdict
- ✓Forensic transparency score: your model's auditability / 5
- ✓GPU/VRAM architectural assessment: documented risks
- ✓RFC 3227 evidence chain: every step timestamped
- ✓Sealed report: SHA-256 + RSA-PSS + RFC3161
- ✓"Explicit verdict limits" section: page 1 of every report
- ✓Legal kit : 5 documents: NDA, DPA Art.28, Technical Authorization
- →Post-purge memory dump (gcore / procdump), generated by your team
- →API endpoint + temporary token
- →Designated technical contact
Minerva Protocol
Before importing a model into a sensitive zone, know what it carries. 35 forensic probes, 7 GDPR categories, behavioral profile, variance score. Documented GO / NO-GO.
Verdict → MINERVE_EXPOSED / NOT_DETECTED
Anonymized dataset certification
Before training or fine-tuning an LLM on sensitive data, forensically certify that the anonymized dataset is clean and the model has not re-memorized identifying patterns.
5 phases · Phases A→E · Forensic attestation
Annual surveillance contract
Every model update or new deployment triggers a new audit. Forensic attestation renewal. Monthly regulatory monitoring. 48h technical hotline.
Quarterly · Structural recurrence
Each mission is quoted based on perimeter, number of LLMs, data criticality, and activated options. Describe your system in a few lines, I'll respond within 48h with a tailored proposal.
Scanalis audits others. Its engine is held to the same standard.
Red team completed. 18 vulnerabilities identified and corrected. 65 validation checks passed. DPIA completed. The code that verifies others' amnesia proves its own rigor.
openssl ts -verify. More robust than SHA-256 alone.What those who dug deep have to say.
Not paid editors. Not contractual partners. Independent experts who asked the hard questions and received honest answers.
Cybersecurity expert · MedTech network
"What sets Scanalis apart: the verdict's limits are documented on page 1 of every report. A CISO or ANSSI auditor recognizes that posture immediately."
→ Chief AI Security Architect · May 2026
DPO · Digital health sector
"Have you done a DPIA? A technical audit of the solution? That's exactly what our prospects will ask. The fact that you have the answers changes everything."
→ GDPR Compliance Officer · May 2026
CEO AI security deeptech
"Our company protects models against extraction. Scanalis verifies what the model retains after processing. These are two orthogonal surfaces, the complementarity is obvious."
→ Partnership in progress · May 2026
Senior cybersecurity expert · LinkedIn
"On RFC3161: a qualified eIDAS TSA will hold up better under legal challenge. Curious to see what v3.5 delivers in real conditions."
→ Public comment · Feedback integrated in v3.5
Head of Sales · Tech agency · Cyber network
"RAM purge in sovereign LLMs is a real requirement for certain Defense actors, to be 100% certain that data won't bleed across sessions."
→ LinkedIn · 2026
Institutional cybersecurity · Brittany
"In our network, nobody covers the forensic post-purge layer for LLMs today. This isn't a competitor to what exists, it's the missing link."
→ Strategic meeting · May 2026
B2B SaaS product strategy expert
"I find the topic serious and differentiated. The key challenge is pedagogy and clarifying the exact scope of the solution."
→ UX/positioning audit integrated in this version · May 2026
What CISOs, DPOs, and CTOs must prove
Not recommendations. Laws with your name on them. Deadlines that are coming.
What DPOs, CISOs, and CTOs ask
Scanalis's Canary Protocol injects 8 cryptographic canary tokens into the LLM via its standard API, triggers the declared purge, then scans volatile memory byte by byte across 4 zones (application heap, Linux page cache, swap space, kernel buffers). The verdict is binary: AMNESIA_CONFIRMED if physical erasure is effective, AMNESIA_FAILED if personal data residues are detected with their exact memory address and hex dump.
Four memory zones can retain residues after declared purge: the application heap (Python/Node dynamic allocations), the Linux page cache (data maintained by the kernel for I/O optimization), the swap space (RAM extension on disk during load peaks), and kernel buffers (system zones not accessible to the application but forensically readable). These residues can persist for tens of minutes after session close.
Neither. Scanalis is a technical trusted third party that produces verifiable forensic documentation. Like a testing laboratory: we produce the technical result, you interpret it with your DPO or legal counsel. The report documents the actual execution of the purge, it does not certify regulatory compliance.
No. Scanalis is non-intrusive by design. No agent installed on your servers. No SSH access. No access to source code or model weights. The memory dump is generated by your teams (gcore or procdump) and transmitted securely. Scanalis interacts only via your LLM's standard API, exactly like your own application.
No. HDS certifies the health data host. ISO 27001 certifies governance. Neither specifies forensic audit of the volatile memory of LLMs post-session, this concept did not exist when they were written. AI Act Art. 12 (August 2026) will create this obligation for actual execution proof that neither HDS nor ISO 27001 covers.
Sovereign hosting covers the physical storage location, not what the software does with data once inside. If your model is of American origin (GPT-4, Claude, Llama...), the CLOUD Act applies regardless of server location. And regardless of the model, RAM persistence post-purge is independent of geography: it's physics, not law.
No. DLPs block what enters the LLM before processing. Scanalis verifies what remains in RAM after processing. Two complementary layers. A system can have the best DLP on the market and still retain personal data residues in volatile memory post-purge, these are two distinct problems on the processing chain.
Your report belongs to you, SHA-256 sealed, any modification invalidates the hash, verifiable by any third party with openssl in 30 seconds. Your client data (memory dump, questionnaire) is destroyed within 20 calendar days via shred -vfz -n 3 (3-pass NIST SP 800-88 Rev.1), with a signed destruction attestation delivered with the report. Scanalis holds Cyber Professional Liability insurance from Hiscox SA.
Partially. For SaaS LLMs hosted by the vendor (OpenAI, Anthropic, Mistral cloud), Scanalis cannot scan the vendor's server RAM, nobody can. However, the Minerva Protocol applies via the public API to detect what the model memorized during training. And the Canary scan applies to the client-side orchestration layer middleware, local RAG, application cache, vector store. Every report explicitly documents this scope and its limits. That's a guarantee, not a gap.
ISO 27001 certifies governance. HDS certifies the host. Scanalis verifies physical execution. These certifications describe what you planned to do. Scanalis documents what actually happened in volatile memory after processing, a layer that neither ISO 27001 nor HDS specifies, because this concept didn't exist when they were written.
Scanalis doesn't do anonymization, it verifies that yours works at the physical level. Your pipeline transforms "John Smith" to "J*** S*****" before the LLM call. Scanalis verifies that "John Smith" doesn't appear in plaintext in volatile memory after processing, even if only the pseudonymized version was sent to the model. Three possible verdicts: ANON_VERIFIED (no leak), ANON_LEAK (original data in RAM), ANON_PARTIAL (leak in the pseudonymization pipeline itself, before the LLM).
Three reasons. Production LLMs are recent: 2022–2023. The regulation creating the obligation just came into force: AI Act 2024, full enforcement August 2026. And combining forensic RAM expertise with operational LLM mastery in the same place is exceptionally rare. This isn't an oversight. It's a window that just opened.
The proof your DLP cannot produce.
Three questions. Which LLM? What data? What proof level do you need internal DPO / regulator / investor? I'll respond within 48h with a tailored proposal.
3 audit slots per month · Mathilde runs every scan · Mathilde signs every report