Skip to main content
RAM Forensics · Canary Protocol · Minerve Protocol

Your LLM says it forgot.
We prove it.

Scanalis provides cryptographic proof that your AI system physically erased personal data after processing. SHA-256 sealed report, enforceable by regulators. GDPR Art.5(2) · AI Act Art.12 · DORA Art.25.

Request an audit → See the protocols
AMNESIA_CONFIRMED : Physical purge proven
AMNESIA_FAILED : Residues detected in RAM
8
cryptographic canary tokens injected per session
4
RAM zones scanned byte by byte
SHA-256
sealed report : enforceable by regulators and European courts
0
agent installed · Zero SSH · Zero source code access
Market context

The blind spot nobody audits yet

When an LLM processes personal data, it is decrypted and stored in plaintext in RAM during processing. The system then declares it purged. Nobody verifies.

⚖️

AI Act Art. 12 : August 2026

Full enforcement requires logging of events for high-risk AI systems. Documentation describes processes. It does not prove actual execution.

→ Scanalis produces this execution proof.

🔒

GDPR Art. 5(2) : Accountability

The burden of proof lies with the data controller. Your DPA contractually guarantees the purge. It does not prove it. The distinction is legally critical.

→ The Scanalis report is that proof.

🏦

DORA Art. 25 : ICT Resilience

Financial institutions must verify the ICT resilience of third-party providers. LLMs are now ICT providers. Their volatile memory has never been audited.

→ First LLM RAM forensic audit in finance.

💡

90% of AI funding applications rejected

AI project holders struggle to secure funding due to lack of technical compliance execution proof. The Canary report is the missing supporting document.

→ Documented ROI up to 1:143.

Positioning

Complementary to all existing tools

No tool covers what Scanalis audits. Zero direct competitor on LLM RAM forensic proof in France.

ToolWhat it coversPost-purge LLM RAM
LLM DLP
Blocks input before processing
Not covered ✗
Big Four / Audit
Verify declarations and policies
Not covered ✗
Pentesting
Finds entry points
Not covered ✗
ISO 27001 / HDS
Certify security governance
Not covered ✗
Scanalis
Proves physical RAM purge post-LLM session
Only tool ✓
Method

Two protocols. One binary verdict.

Non-intrusive by design : standard API only. Zero agent installed. Zero SSH. Zero access to source code or model weights.

Protocole Canary

Is the physical RAM purge effective?

Injection of 8 cryptographic tracer tokens into the LLM via its standard API. Purge triggered. Forensic scan of RAM byte by byte across 4 zones.

  • ABaseline memory fingerprint captured before injection
  • BInjection of 8 canaries via API : email, IBAN, health data, ID numbers, biometrics...
  • CDeclared purge triggered by the system
  • DScan: application heap · Linux page cache · swap · kernel buffers
AMNESIA_CONFIRMED AMNESIA_FAILED
Protocole Minerve

Did the model memorise data during training?

Before importing a model into a sensitive zone — know what it carries. 35+ probes across 7 PII categories. Based on Carlini et al. USENIX 2021 (arXiv:2012.07805). Not for retraining, for deciding, documenting and negotiating.

  • 1Import decision : GO / NO-GO documented before entry into isolated zone
  • 2Documented residual risk : GDPR Art.5(2) accountability without retraining
  • 3Vendor contractual argument : proof for negotiation or supplier change
  • 35+Forensic probes across 7 categories: identity, health, financial, professional, technical, behavioural, HR
MINERVE_EXPOSED MINERVE_NOT_DETECTED
Process

A mission in 5 steps

From contracting to the submission of the sealed report, everything is documented, traceable, and certified.

01
Contracting: comprehensive legal kit
5 documents signed before any exchange: service contract, DPA RGPD Art. 28, authorization for technical access (criminal shield Art. 323-1), bilateral NDA 5 years, certified destruction procedure.
5 comprehensive legal kit
02
Memory dump provided by the client
The client generates the dump via gcore or procdump on its infrastructure. Scanalis never accesses the system directly. Non-intrusive by design, zero additional display surfaces.
gcore / procdump generated by the client
03
Canary injection and purge trigger
8 cryptographic tokens injected via the LLM standard API. Declared purge triggered. Post-purge dump captured. No connection to client infrastructure.
Standard API · Zero SSH · Zero agent
04
Forensic scan: 4 memory areas
Byte-by-byte analysis of application heap, Linux page cache, swap zone and kernel buffers. EPE (Exposure Probability Index) calculation. Minerve extraction across 35+ probes if Offer 4.
Heap · Page cache · Swap · Kernel buffers
05
Sealed forensic report: handover and destruction
PDF report per offer. SHA-256 sealed. RSA-PSS 2048-bit signed (Offer 4). RFC3161 timestamped (Offer 4). Enforceable by regulators and European courts. Client data certified destroyed within 20 days.
SHA-256 · RSA-PSS · RFC3161 · shred -vfz -n 3
Pricing

4 offers. 1 engine. 0 label without proof.

People don't pay for more information. They pay for less confusion. Each offer produces a verifiable binary answer.

Offer 01 · Canary Protocol Report 13 page

Canary Diagnostic

AMNESIA_CONFIRMED / AMNESIA_FAILED

The first question. The binary answer. Full Canary Protocol on your LLM system. The missing piece in 90% of rejected AI funding applications.

2 500 €
Livrables
  • Complete Canary protocol : 8 canaris, 4 RAM zones
  • Basic GPU architectural assessment
  • 13 page report: sealed SHA-256
  • enforceable CNIL · GDPR Art.5(2) · Art.32
  • Non-intrusive: customer-generated dump
What you provide
  • Post-purge memory dump (gcore / procdump)
  • API endpoint + temporary token
  • Designated technical contact
contact@scanalis.fr →
Recommended : AI Act August 2026
Offer 02 · Canary + GPU + RFC3161 + Evidence Chain Report 25 page

Canary Audit

AMNESIA_CONFIRMED / AMNESIA_FAILED

Complete proof. Enforceable by regulators. Canary + v3.4 modules: GPU architectural assessment, RFC 3227 evidence chain, RFC3161 timestamp, WipeCertificate Verifier.

6 000€
Deliverables
  • Canary protocol complete
  • GPU/VRAM assessment : rated risks + ANSSI recommendations
  • RFC 3227 forensic evidence chain : 10 steps
  • RFC3161 timestamp : independent third-party TSA
  • WipeCertificate Verifier : dual proof on application side
  • 25-page report · SHA-256 + RSA-PSS 2048 bits
  • Gap analysis GDPR · AI Act · NIS2 · DORA by sector
What you provide
  • Post-purge memory dump (gcore / procdump)
  • API endpoint + temporary token + informations GPU
  • WipeCertificates JSONL if available (optional)
  • PII categories processed (to target the canaries)
Request an audit →
Offer 03 · Minerve Protocol only Report 15 page

Minerve Import

MINERVE_NOT_DETECTED / MINERVE_EXPOSED

Before importing a model into a sensitive zone, know what it carries. Not for retraining, for deciding, documenting and negotiating. Documented GO or NO-GO.

3 500 €
Livrables
  • Minerva protocol: 35 forensic probes
  • 7 PII categories analysed (identity, health, financial…)
  • Documented GO / NO-GO verdict for import
  • Report 15 page · SHA-256
  • Vendor contractual argument if MINERVE_EXPOSED
What you provide
  • API endpoint of the model to audit
  • Model name and version (model card if available)
  • Target import environment (defence / health / finance)
contact@scanalis.fr →
Offer 04 · Canary + Minerve + 4 phases Report 32 page + Certification

Amnesia Complet

AMNESIA_CONFIRMED · RSA-PSS · RFC3161

From blind spot to certification. We don't stop until AMNESIA_CONFIRMED. 4 phases: Diagnosis → Remediation → Documentation → Closure Certification.

25 000€
Deliverables phase by phase
  • Phase 1 : Canary + Minerve + GPU + Full regulatory gap analysis
  • Phase 2 : Technical remediation specifications by stack
  • Phase 3 : Regulatory file enforceable by regulators + team training
  • Phase 4 : Counter-audit + AMNESIA Certification (valid 6 months)
  • Sceau RSA-PSS 2048 bits + RFC3161 + Evidence Chain RFC 3227
  • Annual renewal: 40% of initial price
contact@scanalis.fr →
📏
The €6,500 rule
If the data your LLM processes in RAM represents more than €6,500 in damages in case of extraction, Scanalis pays for itself. A medical record, an IBAN, a contract, a trade secret. How much is it worth if it leaks? A GDPR fine on health data starts at €800,000.
Engine security

Scanalis audits others. Its engine is held to the same standard.

Red team completed. 18 vulnerabilities identified and fixed. 65 validation checks passed. DPIA completed. The code that verifies others' amnesia proves its own rigour.

Non-intrusive by architecture
Contractual guarantee · Document 3
Zero agents. Zero SSH. Zero source code access. The client generates its own dump (gcore / procdump). Scanalis analyzes on disconnected machine. It’s structural, not a promise.
Internal red team · 18 fixes
Engine v3.4 · 65/65 checks
Full offensive audit before production. SSRF, path traversal, mandatory RSA passphrase, token via environment variable, demo mode blocked in production. Result: 65 checks passed.
SHA-256 + RSA-PSS 2048 bits
Nominal signature · Encrypted key at rest
Every report is sealed and nominally signed by Mathilde De Roumilly. The RSA private key is encrypted (mandatory passphrase). The SHA-256 hash is verifiable offline by any third party with openssl in one command.
RFC3161 · TSA tierce
Independent timestamp · Verifiable offline
An independent third party certifies that the report existed in this exact state at this date. Cannot be backdated. Vérifiable : openssl ts -verify. Plus robuste qu'un simple SHA-256.
Evidence Chain · RFC 3227
Evidence chain · Chain of custody
Each step (dump received → hash verified → canaries injected → scan executed → verdict produced → seal generated) is timestamped and cryptographically linked to the previous. Modifying one step invalidates the entire chain.
DPIA completed · GDPR Art.35
DPA Art.28 · 5 legal documents
Data Protection Impact Assessment completed on Scanalis itself. Dumps destroyed within 15 days (shred -vfz -n 3 · DoD 5220.22-M). Hiscox Cyber Professional Liability. 5 inseparable contractual documents.
Field references

What those who dug deep say.

Not paid publishers. Not contractual partners. Independent experts who asked the hard questions and received honest answers.

🔬

Cybersecurity expert · MedTech network

« The choice to document limits in the report rather than erasing them from the commercial perimeter is exactly what differentiates a forensic tool from a marketing compliance tool. »

→ Chief AI Security Architect · Mai 2026

⚕️

DPO · Digital Health Sector

"Have you done an AIPD? A technical audit of the solution? That’s exactly what our prospects will ask for. The fact that you have the answers changes everything.”

→ GDPR Compliance Officer · May 2026

🛡️

CEO Deeptech security AI

"The company protects the models against extraction. Scanalis checks what the model retains after processing. These are two orthogonal surfaces, the complementarity is obvious.”

→ Partnership in progress · May 2026

💬

Senior Cybersecurity Expert · LinkedIn

«On RFC3161: the TSA qualified as eIDAS will better withstand a legal challenge. Curious to see what v3.3 gives in real conditions.»

→ Public comment · Objection integrated in v3.4

🏛️

Head of Sales · Tech agency · Cyber network

"The RAM purge in sovereign LLMs it is a real requirement for some defense actors, to be 100% sure that data will not get mixed up in a subsequent session."

→ Linkedin · 2026

🌐

Cybersecurity institution · Brittany

"In our network, no one today covers the post-purge forensic layer of LLMs. It’s not a competitor of what exists, it’s the missing link.”

→ Strategic meeting · May 2026

Regulation

Each report addresses specific obligations

Not recommendations. Legal articles. Obligations. Deadlines.

GDPR
Art. 5(1)(e) + Art. 5(2) + Art. 32
Storage limitation + accountability + state-of-the-art security measures
AI Act
Art. 10 + Art. 12 — Août 2026
Data governance + actual execution logging, full enforcement imminent
DORA
Art. 25 + Art. 28
ICT resilience of third-party providers, LLMs involved since 2024
NIS2
Art. 21
State-of-the-art 2026 security measures
HDS 2024
Hosting données de santé
HDS certifies the host. Not LLM amnesia. Scanalis fills this regulatory gap.
ANSSI
35 AI recommendations 2024
Rec. n°23: AI security audit before deployment and after major updates
Frequently asked questions

What DPOs, CISOs and CIOs ask

The Canary Protocol Scanalis injects 8 cryptographic tokens into the LLM via its standard API, triggers the declared purge, and then scans the random access memory (RAM) byte by byte in 4 areas (application heap, Linux cache page, swap area, kernel buffers). The verdict is binary: AMNESIA_CONFIRMED if the purge is physically effective, AMNESIA_FAILED if any residues of personal data are detected with their exact memory address and their hex dump.

Four memory zones can retain residues after declared purging: the application heap (Python/Node dynamic allocations), the Linux cache page (data maintained by the kernel to optimize I/Os) , the swap area (RAM expansion on disk during peak load), and the kernel buffers (system areas not accessible to the application but readable by the computer). These residues can persist for several tens of minutes after the session is closed.

Neither. Scanalis is a technical trusted third party which produces forensic evidence. Like a medical analysis laboratory: we produce the result, the result is the evidence. You interpret it with your DPO or your lawyer to establish GDPR compliance, Art. 5(2).

No. Scanalis is non-intrusive by design. Zero agents installed on your servers. Zero SSH access. Zero access to the source code or model weights. The memory dump is generated by your teams (gcore or procdump) and transmitted securely. Scanalis interacts only via your LLM’s standard API interface, just like your own application.

No. HDS certifies the host of health data. ISO 27001 certifies governance. None of these certifications specifies the forensic audit of post-session LLMs volatile memory; this concept did not exist when they were written. The AI Act Article 12 (August 2026) will create this obligation of proof of actual execution that neither HDS nor ISO 27001 cover.

Sovereign hosting covers the physical storage location, not what the software does with the data once inside. If your model is of American origin (GPT-4, Claude, Llama...), the Cloud Act applies regardless of the server location. And whatever the model, post-purge memory persistence is independent of geography: it’s physics, not law.

No. The DLPs block what come in the LLM before treatment. Scanalis checks what remains in RAM after processing. Two complementary layers. A system can have the best DLP on the market and keep personal data residues in post-purge RAM; these are two distinct problems on the processing chain.

Your report belongs to you, sealed SHA-256, any modification invalidates the hash, it is verifiable by any offline third party. Your customer data (memory dump, questionnaire) are destroyed within 20 calendar days via the shred -vfz -n 3 procedure (3 passes DoD 5220.22-M), with signed destruction certificate delivered with the report. Scanalis is insured RC Pro Cyber by Hiscox.

Three reasons. The LLMs in production are recent: 2022-2023. The regulation that creates the obligation has just entered into force: AI Act 2024, full application August 2026. And the RAM forensic skills combined with the operational mastery of LLMs in the same location are extremely rare. It’s not an oversight. It’s a window that just opened.

Does your LLM really forget?

Describe your system in a few lines. Scanalis assesses your exposure and guides you to the right audit level. No commitment.

Écrire à contact@scanalis.fr → LinkedIn Mathilde De Roumilly

3 slots per month · Mathilde scans · Mathilde signs