Glossary

Tamper-evident

A record whose integrity can be proven — any change to it is detectable after the fact.

category ▸ Data & Provenance

audit/verify
#101hash ✓#102hash ✓#103hash ✓#104hash ✓#105hash ✓
head 0x9f3a…c1ok: true
verifyChain ▸ chained SHA-256 · signed receipts
What it means

Tamper-evident, in plain language.

Tamper-evident means that while a record might be alterable in principle, any alteration leaves a mark you can detect. It is a weaker but more practical guarantee than tamper-proof (which claims change is impossible): tamper-evidence accepts that storage can be touched, and focuses on making sure no touch goes unnoticed.

For evidence, tamper-evidence is what matters. The question an auditor cares about is not "could anyone have edited this?" but "can you prove this was not edited?" A tamper-evident record answers the second question with mathematics rather than trust.

In Cortex

How Cortex implements it.

This term isn't abstract here — it maps to a real capability in the runtime. Here is exactly how Cortex enforces or relates to it.

Data & Provenance

Cortex makes the audit log itself tamper-evident: the hash chain plus signed receipts let verifyChain prove a range of records was not altered, returning hashOk:false and the broken sequence if it was. The integrity of the evidence, not just its presence, is provable.

This is the property that strengthens a SOC 2 or recordkeeping claim — a Type II sample finds operating controls whose log a privileged insider could not have quietly edited.

See Tamper-evident enforced, not just defined.

Book a walkthrough and watch the controls in this glossary return real verdicts, seal real evidence, and trace every fact back to its source.