What is runtime assurance for AI agents?

Runtime assurance for AI agents is the discipline of making agent behavior visible inside the customer environment, enforcing controls at the inference, tool-call, and agent boundary, and preserving signed proof of which controls ran without exposing the underlying sensitive payload.

How does Glacis harden AI agents before enterprise security review?

Glacis runs an Agent Runtime Security and Evidence Sprint: surface mapping, prompt-injection and tool-misuse review, delegated-authority review, runtime control plan, evidence gap map, and a working signed-receipt and evidence-pack demonstration. The output is a customer-facing security review artifact ready for enterprise questionnaires and audits.

How does Glacis prove controls ran without exposing sensitive data?

Glacis runs inside the customer's infrastructure and generates signed runtime receipts when controls execute. Each receipt includes policy hash, model version, timestamp, control decision, and verification metadata. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the customer's stack.

What is an AI runtime evidence pack?

An evidence pack is a review-ready artifact assembled from signed runtime receipts. It shows what was assessed, what controls exist, what ran, what was blocked or escalated, and what remains to improve. Evidence packs are used for enterprise security reviews, audits, customer trust, insurance, regulatory evidence, and internal assurance.

How is Glacis different from scanners, GRC, observability, and guardrails?

Scanners find static issues. GRC documents that policies exist. Observability shows what happened in logs. Guardrails block or filter individual calls. Glacis is the runtime assurance layer above all of them: local controls execute at the inference, tool-call, and agent boundary, then signed receipts prove which controls ran. The output is portable, tamper-evident proof, not vendor-only logs.

How does zero sensitive-data egress work?

Glacis runs inside the customer's infrastructure. Controls execute locally. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the customer's stack. Glacis exports only verification metadata, signatures, hashes, and evidence artifacts designed to prove control execution without exposing sensitive payloads.

Runtime assurance for AI systems

Every AI operation deserves a receipt.

GLACIS sits inline at the inference boundary. We enforce what runs, block what shouldn’t, and emit signed proof your auditors, customers, and insurers can verify themselves.

Book the Sprint Verify a receipt →

30-day sprint OVERT receipts, we steward the standard Zero-egress option

Runtime event stream

simulation · arbiter-01 · us-east

14:02:11 claims-agent → policy.lookup allow
14:02:14 claims-agent → vector.search witnessed
14:02:18 claims-agent → payments.transfer · out-of-scope blocked
14:02:19 receipt emitted · witness countersigned signed

OVERT receipt · #4f2c…a081 ✓Verified

Action: payments.transfer (denied)
Policy: claims/v3 · clause 2.4
Witness: witness.glacis.io · sig 0x9f1c…
Hash chain: a081 ← 4f2c ← 1d9a ← …

Simulated for illustration · the verification is real Verify a real receipt →

Backed by & running with

AI2 Incubator SOC 2 Type II

The defense layer

One control plane. Three guarantees.

A runtime arbiter that sits inline in your AI request path. Observes every action. Enforces every boundary. Signs proof of both.

See

Every inference. Every tool call. Every decision.

Causal chains across models, agents, and tools — not log dumps. Tamper-evident at the event level.

events / day2.4M

causal chainswitnessed

retentiontamper-evident

Simulated stream for illustration

Control

Block what shouldn’t run. Allow what should.

Inline at the inference boundary. Deterministic, policy-driven, model-agnostic. No retraining, no swap.

actionpayments.transfer

policy hitclaims/v3

outcomedenied · receipted

Prove

Signed. Witnessed. Portable.

Every decision becomes an OVERT receipt, countersigned by an independent witness. Verifiable without a GLACIS account.

formatOVERT · open spec

witnessoperator + witness signed

replaydeterministic

Receipt chain

What an auditable AI decision looks like.

Every action becomes a receipt. Hash-chained to the previous. Countersigned by an independent witness. Tamper one, the chain breaks — and the verifier shows where.

Tamper a receipt · chain breaks · verifier names the gap

Simulated for illustration

What the buyer asks for

The audit perimeter is moving.

Insurers are starting to ask. Regulators are starting to require. Customers are starting to demand. The artifact they all want is the same one — and until OVERT, it didn’t exist as something portable enough to send.

InsuranceE&O carriers are carving out autonomous-agent action. The carve-out closes when you can hand them runtime evidence.
RegulationFrom EU AI Act post-deployment monitoring to Colorado’s new automated-decision-making transparency rules, regulators are converging on exactly what a receipt is — the disclosable record of a consequential decision.
ProcurementEnterprise AI vendor reviews now ask for runtime audit artifacts a third party can verify — not a SOC 2 report.

Verify it yourself

Don’t take the receipt on trust. Check it.

This is a real signed receipt. Verification runs in your browser; nothing is sent anywhere.

Where GLACIS fits

Not a governance tool. Not an eval suite. Not another log.

Adjacent categories solve adjacent problems. GLACIS is the layer that stops an AI action in flight and produces proof a regulator, customer, or insurer can verify themselves.

	Runtime enforcement	Signed evidence	Portable proof
Governance platforms OneTrust · Credo · etc.	— policy only	— PDF reports	— vendor-locked
Model evals Patronus · Galileo · etc.	— pre-prod only	— eval scores	— vendor-locked
LLM observability LangSmith · Helicone · etc.	— log only	— unsigned	— vendor-locked
GLACIS	✓ inline arbiter	✓ OVERT receipts	✓ independent witness

Open standard

Glacis is the steward of OVERT.

Observable Verification Evidence for Runtime Trust: the open standard for runtime evidence that independent parties can verify without protected‑content egress. Published under a royalty‑free covenant. Every receipt on this site carries it.

Read the primer·overt.is

Standard: OVERT 1.1
Status: Published 11 June 2026
License: Royalty‑free covenant
Read: overt.is

The question that matters

Can you prove it?

A 30-day sprint. One high-risk AI workflow. Live arbiter, signed receipts, and an evidence pack the regulator, customer, or insurer can verify themselves by the end.