AI accountability infrastructure

The hardening layer for production AI.

AI moves faster than human review can keep up. GLACIS is the hardening layer that watches every call inside your trust boundary, opens the pull request that fixes what it finds, and signs a cryptographic receipt for every action — so trust becomes portable, not borrowed.

Start your free scan Read the OVERT standard
Backed by Five institutional
pre‑seed investors.
AI2 IncubatorPaul Allen’s AI institute Mighty CapitalSan Francisco, CA Plug & PlaySunnyvale, CA Safe AI FundGeoff Ralston / SAIF SourdoughSeattle, WA
SOC 2 Type II trust.glacis.io →

Three stages. Every attack sharpens the next defense.

Probe your AI for weakness. Enforce what it’s allowed to do in production. Seal every decision into evidence an auditor can read.

i. Scanmanaged · first scan free

Scan

Finds what’s broken — in your code and in your AI.

  • Code, cloud, and API. Dependencies, source (SAST), infrastructure‑as‑code, live cloud posture, container images, secrets (tested against the real API), and your running API surface. Continuous, not point‑in‑time.
  • AI systems. Model and agent red‑teaming — jailbreaks, prompt injection, data leakage, tool abuse, agent‑path attacks. Optional, off by default, one flag per target.

The first scan is free. Everything found is receipted.

Start your scan
ii. Enforceruntime infrastructure

Enforce

Fixes what’s fixable. Blocks what isn’t.

  • In your pipeline. For vulnerable dependencies, GLACIS opens a PR on a dedicated branch, runs the test suite, and posts the passing check. You merge. Done. For SAST, IaC, secrets, cloud, and container findings, line‑by‑line annotations inline in the PR review you were already doing.
  • At the AI decision point. A purpose‑built SLM runs inside your environment, inspects every model call, and stops unsafe prompts, outputs, or tool calls before they reach a user or a downstream system. Nothing leaves your environment except a tamper‑proof fingerprint. <8ms overhead.

Your policies, not ours. Map to NIST AI RMF, ISO 42001, EU AI Act, SOC 2 — or your own internal governance.

Read architecture
iii. Notarizeverifiable evidence

Notarize

Every fix. Every decision. Signed.

  • Every PR GLACIS opens, every model call the witness inspects, every scan finding and remediation ships with a cryptographically signed receipt written to the OVERT 1.0 open standard.
  • Chained — tampering is detectable. Externally verifiable — any third party can check a receipt without GLACIS in the loop. Exportable — your SOC 2 and ISO 42001 evidence builds itself.

Proof is not a screenshot. It’s a signed chain.

See a sample evidence pack
Scan Enforce Notarize Two surfaces. One evidence layer. Defense that sharpens itself.

Policy onboarding that meets you where you are.

GLACIS ingests whatever governance you already have — model card constraints, acceptable‑use rules, risk tiers, internal SOPs — and makes them enforceable at the point of inference. If you don’t have them yet, we work with your team to define them, starting from the frameworks you already report against (NIST AI RMF, ISO 42001, HIPAA, EU AI Act).

An open ledger sealed with a brass signet ring and wax — GLACIS codifies AI governance policies and seals each enforcement as verifiable evidence.
Fig. III — the codified rule, sealed and made enforceable.

Two surfaces. One evidence layer.

A CI and cloud scanner walks your repo on every change. A purpose-built SLM sits beside every model call, observes the decision, and seals it into an OVERT 1.0 receipt — no payload leaves your perimeter. Two panels feeding one chained, signed, third‑party‑verifiable ledger.

  1. i.

    Zero egress by default

    Runs entirely inside your perimeter. Nothing about your users, prompts, or outputs leaves it — only a cryptographic witness hash.

  2. ii.

    Continuous, not annual

    A compliance report is a photograph. A GLACIS trace is the film. Evidence with every call, not once a year.

  3. iii.

    Open standard, not vendor format

    Vendor lock‑in is a compliance risk. Receipts are written to OVERT 1.0, a public spec at overt.is — any third party can verify them without GLACIS in the loop.

  4. iv.

    Proof builds itself

    Every receipt feeds the next scan. Proof isn’t unlocked by an upgrade — it’s written by the runtime. The paid layer is curated evidence: regulator-ready bundles.

Start with the scan. The receipts follow.

Scan your AI now

Free, under 60 minutes, no commitment. First OVERT 1.0 receipts in the readout.