The AI Black Box: A Three-Layer Verification Architecture for Accountable AI Agent Operations

We present a three-layer verification architecture for AI agent safety that unifies kernel-level observation (eBPF), policy-as-code evaluation (OPA/Rego), and formal mathematical verification (Z3 SMT solver) into a single pipeline. Each layer answers a distinct question: eBPF observes what the agent actually does at the system level, OPA evaluates whether the agent has permission, and Z3 proves whether the output is mathematically correct. We implement this architecture as substrate-guard, an open-source framework deployed in production on a 125-agent AI ecosystem operating continuously since February 2026. Evaluation on 2,788 real events from 1,646 pipeline traces and 1,142 agent runs shows zero violations at 0.18ms per event on ARM64 hardware. The HMAC-SHA256 tamper-evident audit chain ensures no event can be modified retroactively. We provide compliance evidence export for SOC 2, ISO 27001, and ISO/IEC 42001. To our knowledge, this is the first framework combining all three verification layers with experimental results on a production AI ecosystem.