What is runtime evidence for AI?

Runtime evidence is a signed, verifiable record of every decision an AI system made and every control that ran. It is the artifact a customer's security team, an auditor, a regulator, or an underwriter can verify offline — without trusting the vendor.

How does GLACIS prove controls ran without exposing sensitive data?

GLACIS runs inside your infrastructure. Controls execute locally. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside your stack. GLACIS exports only verification metadata, signatures, hashes, and evidence artifacts designed to prove control execution without exposing sensitive payloads.

OVERT is an open specification for runtime evidence receipts: the schema, the signing rules, and the verification logic. Any conformant verifier — including ones built by competitors — can check a GLACIS receipt without GLACIS in the loop.

How is GLACIS different from scanners, GRC, observability, and guardrails?

Scanners find static issues. GRC documents that policies exist. Observability shows what happened in logs. Guardrails block or filter individual calls. GLACIS is the runtime assurance layer above all of them: local controls execute at the action boundary, then signed receipts prove which controls ran. The output is portable, tamper-evident proof — not vendor-only logs.

Your AI, audit‑ready.

Runtime controls and signed audit trails for the AI behind your enterprise contract. Installed inside your stack, in days — not quarters.

Talk to our team Read the docs

Or inspect a sample audit packet →

Backed by

AI2 IncubatorPaul Allen’s AI institute Mighty CapitalSan Francisco Plug & PlaySunnyvale Safe AI FundGeoff Ralston SourdoughSeattle

The Loop

Four primitives. One installed runtime.

The questions an enterprise reviewer asks — can it be tricked, what stops it, did the controls fire, what evidence can we show our auditor — map to four primitives that ship as one runtime.

01 / SEE

Adversarial testing

Continuous probing across 19 attack categories. OWASP LLM Top 10 + MITRE ATLAS, against your live agent stack.

QUESTIONNAIRE · “How do you test for prompt injection and tool misuse?”

02 / CONTROL

Runtime controls

Tool allowlists, parameter validation, approval gates, redaction. Enforced at the action boundary, before the agent calls a tool.

QUESTIONNAIRE · “What controls run between the model and your systems?”

03 / PROVE

Signed audit trail

Every test, every blocked attempt, every controlled action signed on the OVERT 1.0 standard. Verifiable offline, without GLACIS in the loop.

QUESTIONNAIRE · “Can you prove the controls fired in production?”

04 / IMPROVE

Continuous regression

Findings flow back into the next testing run. Every fix becomes a regression test. The threat model can’t decay between releases.

QUESTIONNAIRE · “How do you keep up with new attack classes?”

Install in your stack

Five lines on the agent. One artifact for the auditor.

The runtime drops in beside your agent. The output is a signed evidence packet your customer’s security team, your auditor, your regulator, or your underwriter can verify offline.

SDK · TypeScriptWrap a tool call.

import { attest } from '@glacis/runtime';

const receipt = await attest({
  workflow: 'refund.issue',
  policy:   'acme.support.refund.v3',
  decision: 'BLOCK',
  rules:    ['amount.exceeds_threshold'],
});

// → signed OVERT receipt, verifiable offline