The AI Black Box: A Six-Layer Verification Architecture for Accountable AI Agent Operations

We present a six-layer verification architecture for AI agent safety that provides end-to-end accountability from kernel observation to legal compliance. Each layer answers a distinct question: (1) eBPF observes what the agent did; (2) OPA/Rego evaluates whether it was permitted; (3) Z3 SMT proves whether it was correct; (4) zero-knowledge semantic non-membership verifies whether it was legal; (5) Ed25519 device attestation confirms from which verified device; and (6) offline-first verification with SQLite and CRDT sync ensures operation without connectivity. All six layers are implemented: three are deployed in production across two independent ecosystems, three are prototyped with test suites. Evaluation on 16,683 real events from two ecosystems — a 133-agent AI research platform (3,285 events, 42 days, zero violations) and an autonomous AI ecosystem (13,398 events, 5 days, 71 violations detected) — demonstrates that the framework scales from 80 events per day to 2,700 events per day without degradation (0.15ms per event). To our knowledge, no existing framework addresses all six verification dimensions with production deployment on multiple ecosystems.