Close AI compliance gaps without adding another dashboard.
The evidence rail for AI.
GLACIS turns ISO 42001, NIST AI RMF, and sector controls into cryptographically verifiable receipts at runtime. Embed once at the inference and tool boundary. Start with an Evidence Pack for procurement and audit, then add continuous runtime assurance as you scale.
“Your AI Needs an Alibi”
Washington State’s Chief Privacy Officer told a room full of healthcare builders what’s coming. A CMIO overseeing 12 hospitals asked us to build exactly what we’re building. A Medicare payer described our product without knowing it exists.
“We have to get certification from vendors that they’re using an AI governance program like NIST AI Risk Management Framework… In healthcare, you’re almost always walking into the high-risk space.”
KATY RUCKLE — Chief Privacy Officer, Washington State
The problem
You’re grading your own homework
Your AI vendor says their controls are working. Your documentation says the right policies are in place. But when an auditor, regulator, or plaintiff’s attorney asks for proof — actual evidence that controls executed on a specific interaction — nobody has it.
Documentation Isn’t Proof
Policies and procedures describe what should happen. They don’t verify what did happen when the model ran.
Observability Isn’t Evidence
Dashboards and logs are useful for debugging. But self-maintained records lack the independence needed for regulatory defense and liability protection.
Independent Receipts That Controls Ran
GLACIS enforces controls at the inference and tool boundary and emits third-party witnessed receipts for every consequential decision. Like a flight data recorder — neither the operator nor the auditor has to trust your app logs.
This is already happening
When Sharp HealthCare faced a class action over their AI scribe in November 2025, the core question was evidence: could they demonstrate what the AI actually did? Meanwhile, Colorado’s AI Act creates a safe harbor for organizations that can prove reasonable care — but only with evidence of control execution, not just policies on paper.
Better together
GRC Platforms + Runtime Proof
GRC platforms like Vanta and Drata help you document AI policies. GLACIS gives those policies a verifier-ready runtime trail. Together, your compliance story is complete — and it fits in your existing budget.
| Capability | GRC Platforms | GLACIS |
|---|---|---|
| Policy documentation | Documents what you say you do | Also documents policies |
| SOC 2 / ISO 27001 | Core strength | Maps to these + AI frameworks |
| AI-specific frameworks NIST AI RMF, ISO 42001 |
Limited or manual | Native mapping, automated evidence |
| Runtime evidence | Not in scope | Cryptographic proof per inference |
| Real-time monitoring | Point-in-time audits | Continuous attestation |
| Third-party witnessed proof | Internal audit logs | Independent witness network |
| Zero-egress architecture | Not applicable | Only hashes cross trust boundary |
| Colorado safe harbor activation | Policies necessary, not sufficient | Evidence of NIST AI RMF adherence activates safe harbor |
| Survives cross-examination | Policy documentation | Tamper-proof cryptographic evidence |
How it works
Every AI Decision, Proved
GLACIS evaluates every AI request against your governance policy — permit, deny, escalate, or flag. Every decision generates independently witnessed evidence. Your data never leaves your environment. Only cryptographic proof crosses the trust boundary.
See it in action
Watch Governance Enforced in Real Time
An AI request arrives...
Integration
Add proof in 5 lines of code
Install the Python SDK, wrap your AI calls, and every prompt, response, tool call, and policy decision gets sealed with a tamper-proof receipt — witnessed by our live attestation service.
pip install glacis
·
SDK available now
Zero Egress
Data stays local
Inline enforcement
Shadow to enforce
Tamper-proof
Crypto signatures
~5ms
Zero slowdown
What this unlocks
From framework gaps to safe harbor
Evidence Pack
Map controls, surface missing runtime evidence, and walk into procurement or audit with a defensible packet.
Learn moreRuntime Assurance
Independent receipts show which guardrails ran, on which interaction, under which configuration, with exports your verifier can check.
Learn moreZero-Egress Deployment
Embed once at the inference and tool boundary. The GLACIS sidecar attests AI decisions locally — only cryptographic commitments cross the trust boundary.
Learn moreWho we help
Evidence for every stakeholder in your AI pipeline
Healthcare AI Vendors
Get through procurement faster with proof
Health Systems
Evidence for discovery — before you need it
Financial Services
SR 11-7 model risk with cryptographic proof
EU AI Act
Article 12 & 14 evidence, continuously proved
“We would never accept this for any other critical system. Financial systems have audit trails. Medical devices have mandated records. Aircraft have flight recorders. AI systems need the same level of verifiable evidence.”
As seen in
FAQ
Common questions
We already have SOC 2 / are working toward HITRUST
Great — those cover IT controls. AI-specific assurance addresses model behavior, decision audit trails, and content safety risks that SOC 2 and HITRUST don’t cover. They’re complementary.
How is this different from our existing documentation?
Documentation describes what should happen. GLACIS provides independent proof of what actually happened — verifier-ready receipts that your controls executed, not just that policies exist. Beyond evidence, GLACIS also enforces runtime controls — it doesn’t just prove what happened, it ensures the right thing happens in the first place.
What industries do you work with?
We work with AI teams in regulated industries including healthcare, financial services, insurance, and enterprise. The common thread is needing to prove AI controls work, not just that policies exist.
What if we’re not ready for a full attestation program?
That’s fine. We offer focused engagements for teams who need to unblock deals now. Start with what you need, expand later.
Does GLACIS just monitor, or does it actually enforce?
Both. You define controls declaratively — which guardrails to enforce, at what confidence thresholds, with what failure modes. The GLACIS arbiter evaluates every AI request against your active policy and makes real-time permit/deny decisions. Every enforcement decision is independently attested. You start in shadow mode (observe only) and transition to enforcement when ready. The transition itself is attested.
Proof, not promises
Colorado’s safe harbor requires evidence of reasonable care. At $20K per violation, $500/month is the easiest budget conversation you’ll have.
Evidence Pack
Show security, legal, and procurement exactly where proof exists and where it doesn’t.
See the Pack →Runtime Assurance
Continuous receipts for every consequential interaction. Proof-of-Guardrail when reviews turn into investigations.
View Runtime Assurance →Zero-Egress Deployment
Attest AI without moving data. Zero-egress sidecar, unlimited systems, dedicated support.
Learn More →