What is runtime assurance for AI agents?

Runtime assurance for AI agents is the discipline of making agent behavior visible inside the customer environment, enforcing controls at the inference, tool-call, and agent boundary, and preserving signed proof of which controls ran without exposing the underlying sensitive payload.

How does Glacis harden AI agents before enterprise security review?

Glacis runs an Agent Runtime Security and Evidence Sprint: surface mapping, prompt-injection and tool-misuse review, delegated-authority review, runtime control plan, evidence gap map, and a working signed-receipt and evidence-pack demonstration. The output is a customer-facing security review artifact ready for enterprise questionnaires and audits.

How does Glacis prove controls ran without exposing sensitive data?

Glacis runs inside the customer's infrastructure and generates signed runtime receipts when controls execute. Each receipt includes policy hash, model version, timestamp, control decision, and verification metadata. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the customer's stack.

What is an AI runtime evidence pack?

An evidence pack is a review-ready artifact assembled from signed runtime receipts. It shows what was assessed, what controls exist, what ran, what was blocked or escalated, and what remains to improve. Evidence packs are used for enterprise security reviews, audits, customer trust, insurance, regulatory evidence, and internal assurance.

How is Glacis different from scanners, GRC, observability, and guardrails?

Scanners find static issues. GRC documents that policies exist. Observability shows what happened in logs. Guardrails block or filter individual calls. Glacis is the runtime assurance layer above all of them: local controls execute at the inference, tool-call, and agent boundary, then signed receipts prove which controls ran. The output is portable, tamper-evident proof, not vendor-only logs.

How does zero sensitive-data egress work?

Glacis runs inside the customer's infrastructure. Controls execute locally. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the customer's stack. Glacis exports only verification metadata, signatures, hashes, and evidence artifacts designed to prove control execution without exposing sensitive payloads.

AI runtime security for systems that act

Harden and verify agentic systems in production.

One Rust kernel that probes, blocks, and signs every agent action — at the boundary, in your stack.

Talk to the team See a sample evidence pack

Backed by Five institutional
pre‑seed investors.

AI2 IncubatorPaul Allen’s AI institute Mighty CapitalSan Francisco, CA Plug & PlaySunnyvale, CA Safe AI FundGeoff Ralston / SAIF SourdoughSeattle, WA

SOC 2 Type II trust.glacis.io →

The problem

AI agents are your newest security risk.

AI systems now call tools, use credentials, touch customer data, generate code, update records, and trigger workflows.

Agents have delegated authority.

They can call tools, access data, and take actions across systems your customers care about.

Security reviews are getting harder.

Enterprise buyers want to know how prompt injection, tool misuse, data leakage, unauthorized actions, and drift are controlled.

Logs are not proof.

A log may show that something happened. It does not prove which control ran, what decision was made, or whether the evidence can be verified later.

Classification via API leaks the data you’re trying to protect.

Most AI safety tools send your inference data to their cloud classifier to decide whether it should be sent anywhere. The trust boundary fails before the check runs.

Your team does not have time.

Fast-growing AI companies need security depth before they have a mature security organization.

Glacis gives AI teams a way to harden the runtime and produce proof customers can actually use.

The runtime trio

Probe. Block. Sign.

Production AI fails at the boundary where it acts. GLACIS probes that boundary inside your stack, blocks unsafe actions at runtime, and signs every decision the agent makes.

Probe what’s exposed.

Authorized adversarial probing against your APIs, tools, agents, and workflows. Every finding lands with the request that proves it — exploitable, not theoretical.

Block what matters.

Runtime controls at the action boundary — backed by classifiers running on your own hardware, not a vendor API. Tool allowlists, parameter checks, approval gates, regression tests in CI.

Sign every decision.

Every probe, block, and controlled action emits an OVERT receipt. Signed at runtime, tamper−evident, verifiable offline — independent of GLACIS.

The artifact

From runtime controls to customer-ready proof.

A receipt carries the runtime event, control decision, timestamp, policy version, and verification metadata — without the sensitive payload.

An evidence pack assembles receipts into a review-ready artifact for buyers, auditors, and regulators.

See the anatomy →

The role

We’re not the dashboard. We’re the instrumentation underneath it.

Glacis is software that runs in your environment and produces evidence your team uses. We don’t replace your auditors, regulators, or compliance tooling — we give them something they can verify independently.

Under the hood. Scanner, enforcer, local classifier, notary.

Four parts that ship together in your environment.

scanner
enforcer
local classifier
notary

The offer

Two paths, one runtime proof layer.

Glacis runs in your environment whichever door you walk through. Pick the one that fits where the work is.

Start with discovery when the surface is unclear.

Two to four weeks. We map your inference surface, identify the gaps in your trust posture, and produce a written recommendation with the next step. If you proceed within sixty days, the discovery fee credits toward the install.

Start with a proof sprint when the workflow is known.

We wrap one high-risk workflow, generate receipts, verify them offline, reproduce a finding, and deliver the evidence bundle. Designed to convert to annual.

Talk to the team See a sample evidence pack

Surface mapping: Agent, tool-call, credential, and data-access boundaries inventoried.
Prompt-injection & tool-misuse review: Adversarial probes against the agent boundary.
Delegated-authority review: What the agent can do, on whose behalf, with what scope.
Runtime control plan: Allow, block, redact, restrict, escalate, or require review.
Evidence gap map: Where proof is missing and which receipts to instrument.
Local instrumentation recommendations: Lightest-touch placement for assurance signals inside your stack.
Signed receipt & evidence-pack demonstration: A working artifact built on your real workflow.
Customer-facing security review artifact: Review-ready pack for enterprise questionnaires and audits.

Buyer routing

One platform. Three entry points.

Same runtime assurance loop, three pressures it answers to: an enterprise security review on the agentic side, a regulator on the clinical side, an SRE who needs to prove what happened when AI acted in production.

Agentic AI security

Runtime controls and signed proof for agents that act.

Harden agents that use tools, credentials, customer data, and delegated authority before enterprise security review.

Harden an agent

Regulated clinical AI

Evidence infrastructure for clinical AI and AI-enabled medical products.

Generate runtime evidence for change-record reviews, post-market monitoring, drift review, and control-execution proof — without moving sensitive data out of your environment.

Assess clinical AI evidence readiness

AI Operations & Observability

AI observability with proof that controls executed.

Move beyond logs with runtime evidence that shows what happened, what controlled it, and how the system improved afterward.

See the assurance loop

Verification

Portable proof, not vendor-only logs.

OVERT is the evidence receipt layer behind Glacis: signed receipts preserve which controls ran, what decision was made, when it happened, and how the proof can be verified — portable, tamper-evident, and review-ready.

Read the standard See a sample evidence pack

receipt.type: runtime_control
decision: escalated
policy_hash: 9e41...a12
model_version: clinical-scribe-4.2
signature: ed25519:7f3e...d24b

Bring us one AI workflow.

We’ll map the agent surface and show what proof your customers will expect.

Talk to the team See a sample evidence pack

Navigate

Solutions

Evidence

Harden and verify agentic systems in production.

AI agents are your newest security risk.

Agents have delegated authority.

Security reviews are getting harder.

Logs are not proof.

Classification via API leaks the data you’re trying to protect.

Your team does not have time.

Probe. Block. Sign.

From runtime controls to customer-ready proof.

We’re not the dashboard. We’re the instrumentation underneath it.

Under the hood. Scanner, enforcer, local classifier, notary.

Two paths, one runtime proof layer.

Start with discovery when the surface is unclear.

Start with a proof sprint when the workflow is known.

One platform. Three entry points.

Runtime controls and signed proof for agents that act.

Evidence infrastructure for clinical AI and AI-enabled medical products.

AI observability with proof that controls executed.

Portable proof, not vendor-only logs.

Bring us one AI workflow.