What is runtime assurance for AI agents?

Runtime assurance for AI agents is the discipline of making agent behavior visible inside the customer environment, enforcing controls at the inference, tool-call, and agent boundary, and preserving signed proof of which controls ran without exposing the underlying sensitive payload.

How does Glacis harden AI agents before enterprise security review?

Glacis runs an Agent Runtime Security and Evidence Sprint: surface mapping, prompt-injection and tool-misuse review, delegated-authority review, runtime control plan, evidence gap map, and a working signed-receipt and evidence-pack demonstration. The output is a customer-facing security review artifact ready for enterprise questionnaires and audits.

How does Glacis prove controls ran without exposing sensitive data?

Glacis runs inside the customer's infrastructure and generates signed runtime receipts when controls execute. Each receipt includes policy hash, model version, timestamp, control decision, and verification metadata. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the customer's stack.

How is Glacis different from scanners, GRC, observability, and guardrails?

Scanners find static issues. GRC documents that policies exist. Observability shows what happened in logs. Guardrails block or filter individual calls. Glacis is the runtime assurance layer above all of them: local controls execute at the inference, tool-call, and agent boundary, then signed receipts prove which controls ran. The output is portable, tamper-evident proof, not vendor-only logs.

How does zero sensitive-data egress work?

Glacis runs inside the customer's infrastructure. Controls execute locally. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the customer's stack. Glacis exports only verification metadata, signatures, hashes, and evidence artifacts designed to prove control execution without exposing sensitive payloads.

AI runtime security for systems that act

Runtime assurance infrastructure for AI systems that act.

For agents and AI workflows that use tools, credentials, customer data, code, or production systems, Glacis hardens runtime behavior locally and preserves signed evidence of which controls ran — without sensitive data leaving your stack.

See how runtime assurance works See a sample evidence pack

Local runtime controls. Signed evidence receipts. Zero sensitive-data egress.

Backed by Five institutional
pre‑seed investors.

AI2 IncubatorPaul Allen’s AI institute Mighty CapitalSan Francisco, CA Plug & PlaySunnyvale, CA Safe AI FundGeoff Ralston / SAIF SourdoughSeattle, WA

SOC 2 Type II trust.glacis.io →

The problem

AI agents are becoming your newest enterprise security risk.

AI systems now call tools, use credentials, touch customer data, generate code, update records, and trigger workflows. But when an enterprise buyer asks how those systems are controlled, most teams are still stuck assembling screenshots, logs, policy docs, and trust-us answers.

Agents have delegated authority.

They can call tools, access data, and take actions across systems your customers care about.

Security reviews are getting harder.

Enterprise buyers want to know how prompt injection, tool misuse, data leakage, unauthorized actions, and drift are controlled.

Logs are not proof.

A log may show that something happened. It does not prove which control ran, what decision was made, or whether the evidence can be verified later.

Your team does not have time.

Fast-growing AI companies need security depth before they have a mature security organization.

Glacis gives AI teams a way to harden the runtime and produce proof customers can actually use.

The assurance loop

See. Control. Prove. Improve.

Production AI rarely fails on the model itself — it fails at the boundary where it acts. Glacis instruments that boundary inside your stack, then assembles signed proof from what it sees.

See what happened.

Make AI behavior visible inside your environment across model calls, tool calls, control decisions, escalation paths, drift signals, and operating events.

Control what matters.

Apply runtime controls that allow, block, redact, restrict, escalate, or require review before risky behavior reaches a workflow, tool, record, or customer.

Prove what ran.

Generate signed, tamper-evident receipts showing which controls ran, what decision was made, and when — without exposing the sensitive payload.

Improve what comes next.

Use incidents, drift, near misses, and control outcomes to strengthen policies, monitoring, model-change records, and operating procedures.

The offer

Start with an Agent Runtime Security & Evidence Sprint.

We help your team map one high-risk AI workflow, identify the runtime control gaps, harden the agent or model boundary, and produce an evidence pack you can use with enterprise customers, security reviewers, auditors, and internal leadership.

Not a generic scanner. A focused runtime security and evidence review for AI systems that act.

Book the Agent Runtime Security Sprint See a sample evidence pack

Surface mapping: Agent, tool-call, credential, and data-access boundaries inventoried.
Prompt-injection & tool-misuse review: Adversarial probes against the agent boundary.
Delegated-authority review: What the agent can do, on whose behalf, with what scope.
Runtime control plan: Allow, block, redact, restrict, escalate, or require review.
Evidence gap map: Where proof is missing and which receipts to instrument.
Local instrumentation recommendations: Lightest-touch placement for assurance signals inside your stack.
Signed receipt & evidence-pack demonstration: A working artifact built on your real workflow.
Customer-facing security review artifact: Review-ready pack for enterprise questionnaires and audits.

The artifact

From runtime controls to customer-ready proof.

A receipt proves the relevant runtime event, control decision, outcome, timestamp, policy version, and verification metadata — without exposing the sensitive payload.

An evidence pack turns many receipts into a review-ready artifact: what was assessed, what controls exist, what ran, what was blocked or escalated, and what remains to improve.

Receipts prove the moment. Evidence packs tell the defensible story.

Sample evidence object zero sensitive-data egress

Workflow	Agent tool call, model update, clinical summarization, or production AI decision.
Control	Tool permission, prompt-injection guard, PHI boundary, model-change rule, or escalation policy.
Decision	Allowed, blocked, escalated, redacted, or sent for review.
Receipt	Signed evidence receipt with policy hash, model version, timestamp, and OVERT-compatible verification metadata.
Evidence Pack	Customer security review artifact, regulatory evidence, audit trail, or internal incident review.

Receipts prove control execution without exposing the underlying sensitive content.

Buyer routing

One platform. Three entry points.

Same runtime assurance loop, three pressures it answers to: an enterprise security review on the agentic side, a regulator or PCCP on the clinical side, an SRE who needs to prove what happened when AI acted in production.

Agentic AI security

Runtime controls and signed proof for agents that act.

Harden agents that use tools, credentials, customer data, and delegated authority before enterprise security review.

Harden an agent

Regulated clinical AI

Evidence infrastructure for clinical AI and AI-enabled medical products.

Generate runtime evidence for PCCP-ready change records, post-market monitoring, drift review, and control-execution proof — without moving sensitive data out of your environment.

Assess clinical AI evidence readiness

AI Operations & Observability

AI observability with proof that controls executed.

Move beyond logs with runtime evidence that shows what happened, what controlled it, and how the system improved afterward.

See the assurance loop

Verification

Portable proof, not vendor-only logs.

OVERT is the evidence receipt layer behind Glacis. It gives teams a structured way to preserve runtime proof: which controls ran, what decision was made, when it happened, and how the evidence can be verified.

Runtime controls create the assurance. Signed receipts preserve the proof. OVERT makes that proof portable, tamper-evident, and review-ready.

Read the standard See a sample evidence pack

receipt.type: runtime_control
decision: escalated
policy_hash: 9e41...a12
model_version: clinical-scribe-4.2
signature: ed25519:7f3e...d24b

Bring us one AI workflow.

We’ll map the agent surface, identify the runtime control gaps, and show what proof your customers will expect before they trust it.