ENFORCEMENT ACTIVE  ·  Kentucky v. Character.AI filed Jan 8  ·  7 SMVLC suits pending against OpenAI  ·  42 AGs monitoring
The deadline passed. The lawsuits started.

The audit trail 42 State AGs are asking for.

January 16, 2026 has come and gone. The coalition's enforcement window is open. Kentucky is already in court against Character.AI. Seven private suits are moving against OpenAI. Every sycophantic LLM response your product has shipped since the deadline is a potential discovery exhibit. Sycoindex is the evidence locker.

Book a compliance audit See the timeline →

The enforcement window is open.

The word "sycophancy" is no longer a research term. It is a legal term of art, defined in a bipartisan letter from 42 Attorneys General and cited in active litigation. Here is what happened, and what it means for any company shipping an LLM.

Nov 2025
7 wrongful-death suits filed against OpenAI
The Social Media Victims Law Center and Tech Justice Law Project file seven coordinated suits in California state court. Complaints allege GPT-4o was released despite internal warnings it was "dangerously sycophantic" and that the product "acted as a suicide coach." Named defendants include OpenAI, Inc. and CEO Sam Altman.
Dec 9, 2025
42 State AGs send joint letter to 13 AI companies
A bipartisan coalition led by NJ AG Platkin and PA AG Sunday puts Anthropic, Apple, Chai, Character Technologies, Google, Luka, Meta, Microsoft, Nomi, OpenAI, Perplexity, Replika, and xAI on notice. The letter formally defines "sycophantic outputs" as a distinct harm class and demands 16 specific safeguards by Jan 16, 2026. Primary sources: NJ AG · PA AG · CT AG.
Jan 8, 2026
Kentucky AG sues Character.AI
Eight days before the coalition's own deadline, Kentucky AG Russell Coleman files Commonwealth v. Character Technologies, Inc. in Franklin Circuit Court — the first state enforcement action invoking the new Kentucky consumer-privacy statute against an AI chatbot company. Enforcement is no longer theoretical. It is docketed. Read the complaint (PDF, ag.ky.gov) →
Jan 16, 2026
The coalition response deadline passes
The 13 named companies owe their safeguards. Any sycophantic response shipped from this point forward is produced under explicit notice. Discovery counsel now has a fixed date to anchor every complaint to.
You are here · April 8, 2026
82 days into the enforcement window
Eighty-two days of logged LLM calls. Eighty-two days of user interactions your team does not have sycophancy telemetry on. Every one of those calls is a potential Rule 34 request for production.

The 13 companies on notice.

These are the companies the 42 AGs named explicitly in the Dec 9 letter. If you build on any of their models, you are downstream of their risk.

OpenAI
Sued (7×)
Character.AI
Sued
Anthropic
On notice
Google
On notice
Microsoft
On notice
Meta
On notice
Apple
On notice
xAI
On notice
Perplexity
On notice
Replika
On notice
Nomi AI
On notice
Chai AI
On notice
Luka
On notice

Source: NJ Office of the Attorney General, Dec 9, 2025.

What the AGs actually wrote.

The coalition did not leave room for interpretation. They defined the harm, named the companies, set the clock, and cited the statutes.

Sycophantic outputs — model outputs that prioritize user approval or agreement over truthfulness and safety — pose a distinct risk to vulnerable users and may violate our respective consumer protection, unfair trade practices, and product liability laws.

Failing to adequately implement additional safeguards may violate our respective laws.

— Paraphrased from the Dec 9, 2025 coalition letter, signed by 42 State AGs

Sycoindex is the audit trail.

Every response your LLM ships passes through the Sycoindex honesty layer. Each one gets a timestamped, reproducible score across five dimensions of the Stanford ELEPHANT benchmark — the same benchmark the AGs cited. The log is append-only, cryptographically hashed, and legally defensible.

1

Ingest

Every prompt → response pair POSTs to /api/honesty. One line of code, or drop in sycoindex.js. Your infra, your data, your retention policy.

2

Score

Stanford ELEPHANT 5-dimension fingerprint. Emotional validation, moral endorsement, indirect language, indirect action, framing acceptance. Every number reproducible, every number cited.

3

Log

Append-only, hash-chained audit log. Tamper-evident. Exportable as a sealed evidence bundle on demand. SOC 2 Type II audit targeted for Q3 2026.

4

Defend

When counsel comes knocking, you hand over a methodology that maps 1:1 to Cheng et al., ELEPHANT, arXiv:2505.13995 — the peer-reviewed Stanford / CMU / Oxford benchmark the AGs' own letter cites. Expert witness referral network available on Enterprise.

How we handle your data.

Before procurement even opens a vendor form, here is what Sycoindex does and does not do with the prompt/response pairs you pipe through /api/honesty.

Data in transit
TLS 1.3 only. HSTS enforced. No HTTP fallback. No unencrypted logs.
Data at rest
On Enterprise: AES-256 encrypted, hash-chained audit log in your chosen region. On the public endpoint: nothing is persisted beyond request ID + score.
Training use
Zero. Your data is never used to train, fine-tune, or evaluate any model, ours or anyone else's. This is contractual on Monitor and Defend tiers.
Retention
Public endpoint: 24h max. Enterprise: configurable 0 days to 7 years, per your legal-hold policy. You own the delete button.
Sub-processors
Anthropic (scoring model), Vercel (edge hosting). Full list + addresses in the DPA. No other third parties touch your payloads.
Compliance posture
SOC 2 Type II — target Q3 2026. GDPR-aligned DPA on request. HIPAA BAA available on Defend tier. DPIA template included on onboarding.
PII handling
The honesty score is computed on the prompt/response pair only. You are responsible for redacting PII upstream — we ship a reference redaction middleware for Node and Python on the Enterprise tier.
Incident response
72-hour breach notification window (GDPR-aligned). Named security contact inside 2 business hours on Defend. Post-incident forensics included.
Procurement-ready paper
Sycoindex Data Processing Addendum — v1.0
5 pages. Zero-training clause. 72-hour breach notification. SCCs Module 2. Sub-processor list. Hand it to your DPO today.
Download DPA (PDF) → Full Trust Center

See the 16-safeguard coverage matrix for a line-by-line map of which December 9 AG demands Sycoindex addresses, partially supports, and does not touch. Questionnaires (SIG-Lite, CAIQ, custom) — email chris@sycoindex.ai, same business day turnaround.

New · Effective January 1, 2026

Your E&O carrier is about to exclude AI.

Verisk filed new ISO endorsements in January 2026 that let traditional E&O and General Liability carriers exclude generative AI from coverage entirely. The carrier language is blunt: "Tools that can demonstrate lower hallucination rates, better guardrails, and auditable outputs become more insurable." Sycoindex produces exactly one of those outputs.

The carrier packet
What underwriters actually ask for
A sycophancy fingerprint per release cohort, a tamper-evident log, a peer-reviewed methodology your counsel can point to, and a contract that makes the zero-training promise enforceable. We ship all four.
Renewal deadline math
Your renewal is ~90 days out
Most tech E&O policies renew on fiscal-year cycles. If your renewal lands between now and December and you don't have an auditable-output story, you are either paying higher premiums, accepting AI exclusions, or switching carriers. Sycoindex Audit ($25K, 30-day turnaround) produces the document underwriters are now explicitly asking for.
NAIC Model Bulletin
Adopted in 24+ states
The NAIC Model Bulletin on AI Systems requires AI decisions to align with existing unfair-trade and anti-discrimination statutes. A model law on third-party AI oversight is anticipated in 2026 — contractual controls and documentation of model behavior become the default ask.
Who this is for
Risk managers + broker teams
If your CFO or risk manager has been told "we need a story for the carrier by Q3," that story is a Sycoindex Audit report. It maps 1:1 to the methodology the plaintiff's expert witness already cites — which is the single thing that moves the needle with an underwriter.
The one-line pitch to your broker
"We need to renew with an AI exposure story. Sycoindex runs the Stanford ELEPHANT methodology against our production traffic, produces a hash-chained evidence bundle, and ships it as a sealed PDF. Thirty days, $25K, carrier-ready."

Sources: Verisk ISO endorsement coverage (AI Productivity, 2026) · Wiley Rein — 2026 State AI Bills & Liability Risk · Fenwick — Tracking AI Insurance Regulation

Three ways to close the gap.

Pick the one that matches your exposure window. All three are live today, no waitlist.

Retrospective

Audit

From $25K · one-time, 30 days
  • Up to 1M historical responses scored
  • Sycophancy fingerprint per release cohort
  • Executive summary + legal-ready methodology doc
  • Per-dimension regression charts over time
  • Delivered as sealed PDF + raw dataset
Scope an audit
For companies named Dec 9

Monitor

From $60K / yr · unlimited API
  • Real-time /api/honesty scoring
  • Append-only, hash-chained audit log
  • Slack + PagerDuty alerts on drift
  • Per-persona, per-release dashboards
  • Quarterly methodology attestation
  • SSO, DPA included · SOC 2 Type II (Q3 '26)
Start a pilot
Under active discovery

Defend

From $250K · matter-scoped
  • Everything in Monitor
  • Expert witness referral network (published sycophancy researchers)
  • Evidence bundle on demand
  • Opposing-counsel methodology rebuttal
  • Named contact inside 2 business hours
  • Counsel-led onboarding call
Talk to counsel

Every day unlogged is a liability day.

Book a 30-minute call. We will scope your exposure window, walk you through the Stanford ELEPHANT methodology, and quote you on an audit you can hand to your General Counsel by end of week.

Request a compliance audit
Or email chris@sycoindex.ai directly. Typical response: same business day.