CYBER · CRIME / FIDELITY · AGENTIC-AI RISK

Verifiable proof a human authorized the transfer.

Name: EMILIA Protocol
Availability: InStock
Author: EMILIA Protocol

Your policies make dual authorization and out-of-band verification of wires and payment-instruction changes conditions precedent to funds-transfer-fraud cover. You deny claims and rescind policies when those controls were not followed - yet the proof today is ad hoc, reconstructed forensically after a loss. There is no machine-checkable artifact that a specific human authorized a specific transfer.

EMILIA turns that control into a cryptographic, offline-verifiable authorization receipt - and a two-person rule a cloned voice cannot defeat.

Scope an observe-mode pilot Read the one-pager (PDF)

TWO THINGS JUST BROKE THE OLD CONTROL

The callback you require no longer proves authorization.

Deepfakes defeat the callback

The out-of-band call-back was the gold-standard proof of authorization. Now the "known number" can reach a voice-cloned executive (the Arup $25.6M case). The control you mandate no longer proves a real human authorized anything.

AI agents break attribution

Autonomous agents move money at machine speed. "The AI did it" is foreclosed (California AB 316 pins liability on the deployer) exactly when the deployer can least prove who authorized the action. Underwriters cannot audit a model the way they audit a firewall.

WHAT EMILIA PROVIDES

An authorization receipt.

Before a transfer or instruction change executes, a named human approves the exact action - amount, payee, account - on their own device (passkey / Face ID), producing a signed artifact anyone can verify offline, with no account and no trust in the insured’s systems. Alter one byte and it fails. EP-QUORUM binds two distinct, device-bound humans to the action - cryptographic dual control that a cloned voice cannot defeat. The portable receipt is the claims-ready artifact you reconstruct by hand today, verifiable years later without the insured’s cooperation.

Try it in 30 seconds, offline, no account: npx @emilia-protocol/crash-test

THE PILOT

Observe one workflow. Prove the control.

For the insured

Run EMILIA in observe mode on one workflow (vendor bank-account changes over a threshold). Every flagged action emits a receipt your underwriter - or the insured’s auditor - verifies offline. The attestation becomes provable, claims-ready evidence.

For the carrier

Accept EMILIA receipts as proof the dual-authorization / verification control was followed - a premium credit or coverage condition that is, for the first time, machine-auditable rather than reconstructed forensically, and that survives the deepfake failure mode your actuaries are now pricing.

Start a conversation

FREQUENTLY ASKED

How is this different from our existing dual-authorization requirement?

It is the same control, made provable. Instead of reconstructing whether a callback happened from recorded calls and emails after a loss, you get a cryptographic receipt: a named human signed the exact action (amount, payee, account) on their own device, verifiable offline by anyone.

Why is it deepfake-proof?

The approval is a hardware-held signature over the exact action, not a phone conversation. A cloned voice cannot produce the signature, so EP-QUORUM (the two-person rule) cannot be defeated the way a callback can.

Is it vendor lock-in?

No. EMILIA Protocol is an open standard (Apache-2.0) published as IETF Internet-Drafts, with independent verifiers in three languages. Carrier and insured can verify receipts with open-source code, with no account and no trust in EMILIA.

EMILIA proves a named human (or quorum) authorized this exact action before it executed. It does not prove the decision was correct, nor establish real-world identity beyond the enrollment layer. Open standard (Apache-2.0), IETF Internet-Drafts; no production deployment claim implied.