What is runtime assurance for AI agents?

Runtime assurance for AI agents is the discipline of making agent behavior visible inside the customer environment, enforcing controls at the inference, tool-call, and agent boundary, and preserving signed proof of which controls ran without exposing the underlying sensitive payload.

How does Glacis harden AI agents before enterprise security review?

Glacis runs an Agent Runtime Security and Evidence Sprint: surface mapping, prompt-injection and tool-misuse review, delegated-authority review, runtime control plan, evidence gap map, and a working signed-receipt and evidence-pack demonstration. The output is a customer-facing security review artifact ready for enterprise questionnaires and audits.

How does Glacis prove controls ran without exposing sensitive data?

Glacis runs inside the customer's infrastructure and generates signed runtime receipts when controls execute. Each receipt includes policy hash, model version, timestamp, control decision, and verification metadata. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the customer's stack.

What is an AI runtime evidence pack?

An evidence pack is a review-ready artifact assembled from signed runtime receipts. It shows what was assessed, what controls exist, what ran, what was blocked or escalated, and what remains to improve. Evidence packs are used for enterprise security reviews, audits, customer trust, insurance, regulatory evidence, and internal assurance.

How is Glacis different from scanners, GRC, observability, and guardrails?

Scanners find static issues. GRC documents that policies exist. Observability shows what happened in logs. Guardrails block or filter individual calls. Glacis is the runtime assurance layer above all of them: local controls execute at the inference, tool-call, and agent boundary, then signed receipts prove which controls ran. The output is portable, tamper-evident proof, not vendor-only logs.

How does zero sensitive-data egress work?

Glacis runs inside the customer's infrastructure. Controls execute locally. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the customer's stack. Glacis exports only verification metadata, signatures, hashes, and evidence artifacts designed to prove control execution without exposing sensitive payloads.

Runtime assurance for AI systems

AI inference is the new endpoint.
We defend it.

GLACIS sits inline at the inference boundary. We enforce what runs, block what shouldn’t, and emit signed proof your auditors, customers, and insurers can verify themselves.

Get a runtime assessment See a signed evidence pack →

30-day sprint OVERT-format receipts Zero-egress option

Runtime event stream

arbiter-01 · us-east

14:02:11 claims-agent → policy.lookup allow
14:02:14 claims-agent → vector.search witnessed
14:02:18 claims-agent → payments.transfer · out-of-scope blocked
14:02:19 receipt emitted · witness countersigned signed

OVERT receipt · #4f2c…a081 ✓Verified

Action: payments.transfer (denied)
Policy: claims/v3 · clause 2.4
Witness: witness.glacis.io · sig 0x9f1c…
Hash chain: a081 ← 4f2c ← 1d9a ← …

Independently verifiable · no GLACIS account required Open in verifier →

Backed by & running with

Cloudflare Launchpad ISO 42001 aligned NIST AI RMF OSCAL export

The defense layer

One control plane. Three guarantees.

A runtime arbiter that sits inline in your AI request path. Observes every action. Enforces every boundary. Signs proof of both.

See

Every inference. Every tool call. Every decision.

Causal chains across models, agents, and tools — not log dumps. Tamper-evident at the event level.

events / day2.4M

causal chainswitnessed

retentiontamper-evident

Control

Block what shouldn’t run. Allow what should.

Inline at the inference boundary. Deterministic, policy-driven, model-agnostic. No retraining, no swap.

actionpayments.transfer

policy hitclaims/v3

outcomedenied · receipted

Prove

Signed. Witnessed. Portable.

Every decision becomes an OVERT receipt, countersigned by an independent witness. Verifiable without a GLACIS account.

formatOVERT · open spec

witness2-of-3 signed

replaydeterministic

Receipt chain

What an auditable AI decision looks like.

Every action becomes a receipt. Hash-chained to the previous. Countersigned by an independent witness. Tamper one, the chain breaks — and the verifier shows where.

Tamper a receipt · chain breaks · verifier names the gap

What the buyer asks for

The audit perimeter is moving.

Insurers are starting to ask. Regulators are starting to require. Customers are starting to demand. The artifact they all want is the same one — and until OVERT, it didn’t exist as something portable enough to send.

InsuranceE&O carriers are carving out autonomous-agent action. The carve-out closes when you can hand them runtime evidence.
RegulationEU AI Act post-deployment monitoring and Colorado AI Act consequential-decision logging both require what a receipt is.
ProcurementEnterprise AI vendor reviews now ask for runtime audit artifacts a third party can verify — not a SOC 2 report.

Where GLACIS fits

Not a governance tool. Not an eval suite. Not another log.

Adjacent categories solve adjacent problems. GLACIS is the only layer that stops an AI action in flight and produces proof a regulator, customer, or insurer can verify themselves.

	Runtime enforcement	Signed evidence	Portable proof
Governance platforms OneTrust · Credo · etc.	— policy only	— PDF reports	— vendor-locked
Model evals Patronus · Galileo · etc.	— pre-prod only	— eval scores	— vendor-locked
LLM observability LangSmith · Helicone · etc.	— log only	— unsigned	— vendor-locked
GLACIS	✓ inline arbiter	✓ OVERT receipts	✓ independent witness

Install the layer serious companies put under their AI.

A 30-day sprint. One high-risk AI workflow. Live arbiter, signed receipts, and an evidence pack the regulator, customer, or insurer can verify themselves — by the end.

Talk to the team See the evidence pack →

Navigate

Solutions

Evidence

AI inference is the new endpoint.
We defend it.

One control plane. Three guarantees.

Every inference. Every tool call. Every decision.

Block what shouldn’t run. Allow what should.

Signed. Witnessed. Portable.

What an auditable AI decision looks like.

The audit perimeter is moving.

Not a governance tool. Not an eval suite. Not another log.

Install the layer serious companies put under their AI.

AI inference is the new endpoint. We defend it.

One control plane. Three guarantees.

Every inference. Every tool call. Every decision.

Block what shouldn’t run. Allow what should.

Signed. Witnessed. Portable.

What an auditable AI decision looks like.

The audit perimeter is moving.

Not a governance tool. Not an eval suite. Not another log.

Install the layer serious companies put under their AI.

AI inference is the new endpoint.
We defend it.