Texas & Illinois enforcing now · Colorado in days
AI compliance you can prove,
not compliance you claim
AI compliance legislation is already live in Texas and Illinois. Colorado enforcement hits June 30. EU AI Act high-risk requirements begin August 2. Your policies say what should happen. GLACIS proves what actually did — cryptographic evidence, zero egress, ready for auditors.
“Your AI Needs an Alibi”
Washington State’s Chief Privacy Officer told a room full of healthcare builders what’s coming. A CMIO overseeing 12 hospitals asked us to build exactly what we’re building. A Medicare payer described our product without knowing it exists.
“We have to get certification from vendors that they’re using an AI governance program like NIST AI Risk Management Framework… In healthcare, you’re almost always walking into the high-risk space.”
KATY RUCKLE — Chief Privacy Officer, Washington State
The challenge
The Proof Gap in AI
Today, there’s no standard way to enforce AI governance controls inline at the point of inference AND prove they executed. Policies describe intent. Dashboards show configuration. But neither enforces at runtime with independent evidence.
Documentation Isn’t Proof
Policies and procedures describe what should happen. They don’t verify what did happen when the model ran.
Observability Isn’t Evidence
Dashboards and logs are useful for debugging. But self-maintained records lack the independence needed for compliance and liability.
Inline Enforcement + Independent Attestation
GLACIS sits in the request path, evaluates every interaction against your governance policy, and generates witnessed evidence of every decision. Enforcement and evidence, inseparable.
Why this matters now
When Sharp HealthCare faced a class action over their AI scribe in November 2025, the core issue was evidence: they needed to demonstrate what the AI actually did. As AI systems take on more responsibility in regulated industries, the ability to prove control execution — not just assert it — becomes essential.
Already on Vanta or Drata?
Policies vs. Proof
Vanta proves you have AI policies. GLACIS proves you followed them. Together, you're covered.
| Capability | Vanta / Drata | GLACIS |
|---|---|---|
| Policy documentation | Documents what you say you do | Also documents policies |
| SOC 2 / ISO 27001 | Core strength | Maps to these + AI frameworks |
| AI-specific frameworks NIST AI RMF, ISO 42001 |
Limited or manual | Native mapping, automated evidence |
| Runtime evidence | No visibility into what AI actually did | Cryptographic proof per inference |
| Real-time monitoring | Point-in-time audits | Continuous attestation |
| Third-party witnessed proof | Self-maintained logs | Independent witness network |
| Zero-egress architecture | N/A | Only hashes cross trust boundary |
| Colorado safe harbor activation | Policies alone don't qualify | Evidence of NIST compliance activates defense |
| Survives cross-examination | Policy PDFs are exhibits, not proof | Tamper-proof cryptographic evidence |
How it works
Zero-Egress Enforcement & Evidence
The GLACIS arbiter sits inline in your AI request path. Every request is evaluated against your active governance policy — permit, deny, escalate, or flag. Every enforcement decision generates a cryptographic receipt, hashed locally and anchored to an independent witness network. Sensitive payloads never leave your environment.
See it in action
Watch Governance Enforced in Real Time
An AI request arrives...
Integration
Add proof in 5 lines of code
Install the Python SDK, wrap your AI calls, and every prompt, response, tool call, and policy decision gets sealed with a tamper-proof receipt — witnessed by our live attestation service.
pip install glacis
·
SDK available now
Zero Egress
Data stays local
Inline enforcement
Shadow to enforce
Tamper-proof
Crypto signatures
~5ms
Zero slowdown
What this unlocks
Evidence for buyers and auditors
Evidence Pack Sprint
A focused engagement that produces the compliance evidence buyers and auditors request — controls mapping, attestation reports, and board-ready deliverables.
Learn moreContinuous Attestation
Continuous inline enforcement of your AI governance policies, with independent attestation of every decision. Define controls, deploy in shadow mode, transition to enforcement — every step cryptographically witnessed.
Learn moreWho we help
AI teams in regulated industries
Healthcare AI Builders
HIPAA, BAA, & patient safety
Health Systems
Vendor evaluation & risk
Financial Services
SR 11-7 & model risk
EU AI Act
High-risk AI compliance
"We would never accept this for any other critical system. Financial systems have audit trails. Medical devices have mandated records. Aircraft have flight recorders. AI systems need the same level of verifiable evidence."
As seen in
FAQ
Common questions
We already have SOC 2 / are working toward HITRUST
Great — those cover IT controls. AI-specific assurance addresses model behavior, decision audit trails, and content safety risks that SOC 2 and HITRUST don’t cover. They’re complementary.
How is this different from our existing documentation?
Documentation describes what should happen. GLACIS provides cryptographic proof of what actually happened — third-party witnessed evidence that your controls executed, not just that policies exist. Beyond evidence, GLACIS also enforces your governance policies at runtime — it doesn’t just prove what happened, it ensures the right thing happens in the first place.
What industries do you work with?
We work with AI teams in regulated industries including healthcare, financial services, insurance, and enterprise. The common thread is needing to prove AI controls work, not just that policies exist.
What if we’re not ready for a full compliance program?
That’s fine. We offer focused engagements for teams who need to unblock deals now. Start with what you need, expand later.
Does GLACIS just monitor, or does it actually enforce?
Both. You define your governance policies declaratively — which controls to enforce, at what confidence thresholds, with what failure modes. The GLACIS arbiter evaluates every AI request against your active policy and makes real-time permit/deny decisions. Every enforcement decision is independently attested. You start in shadow mode (observe only) and transition to enforcement when ready. The transition itself is attested.
Don't wait for the deadline
Against $20K per violation per transaction in Colorado, $500/month is the easiest budget conversation in history.
Compliance Assessment
5-minute wizard. Personalized gap analysis, deadline exposure, and penalty math.
Start Free Assessment →Self-Serve
NIST AI RMF dashboard, attestation receipts, and evidence export. Start immediately.
View Pricing →Talk to Us
Unlimited systems, zero-egress sidecar, dedicated support, Evidence Pack Sprint.
Schedule a Call →