Prepared for: Colin Tobias, Amanda Paolino | SemperVirens
Prepared by: Joe Braidwood, CEO
These responses incorporate learnings from JPM Healthcare Conference (~20 validated customer conversations), active design partner engagements, competitive intelligence from our incoming CPO (ex-Azure Principal PM), and direct partnership discussions with Credo AI leadership.
What exact question does GLACIS answer that no existing tool answers well today? Is it solely the attestation problem?
The question we answer:
"Can you prove your AI controls actually ran—not that they exist, but that they executed?"
This isn't just an "attestation problem"—it's the gap between governance theater and governance reality.
| Category | Players | What They Do | What They Can't Do |
|---|---|---|---|
| Guardrails | NeMo, Guardrails AI | Execute controls | Prove they executed |
| GRC Platforms | Credo AI, Vanta | Document policies | Prove they ran |
| Observability | Datadog, Arthur AI | Record what happened | Prevent modification |
GLACIS Uniquely Provides
Cryptographic receipts that are:
The insurance extension: Attestation receipts become parametric triggers for AI liability coverage. Your LP bench (UPMC, Cigna, Guardian, MetLife) would be the first carriers to price risk based on verifiable AI governance, not self-reported compliance.
What is the first healthcare use case where GLACIS is clearly non-optional?
Platform operators deploying multiple third-party AI models.
The clearest example is DeepC, who we met at JPM. They operate an AI model marketplace for hospitals—70+ vendor models across radiology, diagnostics, and administrative functions.
"Zero post-deployment visibility into vendor AI behavior."
— DeepC CEO, JPM Conference
| Driver | Impact |
|---|---|
| EU AI Act | Creates platform liability for AI they don't control |
| Hospital customers | Demand transparency they can't deliver |
| Auditors | Ask for proof that vendor self-reporting can't satisfy |
| Single incident | Exposes platform to liability across all customers |
The broader pattern: Any healthcare organization deploying AI from multiple vendors faces the same governance gap. Platform operators feel this most acutely because liability concentrates there.
Do you believe the digital health AI vendor market alone could be a standalone business?
The digital health AI vendor market alone could reach $50-100M ARR at maturity, but we see it as the wedge, not the ceiling.
Our market progression: Vendors → Platforms → Insurance Carriers. Each stage expands TAM by approximately 10x.
Who inside a health system champions GLACIS? What objections have been hardest to overcome?
| Role | Why They Champion |
|---|---|
| CMIO | Owns clinical AI safety, accountable for patient outcomes |
| VP of AI/ML | Blocked by governance, wants to ship faster |
| Chief Compliance Officer | Facing board AI questions without data to answer |
"Do you have HITRUST?"
Mayo Clinic wants to pilot but is blocked on this certification. It's a $50-150K investment with a 6-12 month timeline. We're planning certification post-CPO signing, which unlocks the budget.
Tactical workaround: Emphasize zero-egress architecture—GLACIS never sees PHI, only SHA-256 hashes. Some health systems accept this as a lower-risk pilot path.
Where does the proof get consumed? Who is the primary "user"?
| Consumer | Use Case | Timing | Frequency |
|---|---|---|---|
| Internal compliance | Continuous monitoring, board reporting | Ongoing | Daily |
| Customer security review | Vendor due diligence for enterprise sales | Deal-driven | Per deal |
| External auditors | HIPAA, SOC 2, ISO 42001 evidence | Annual | Periodic |
| Litigators | Discovery, duty of care defense | Event-driven | Rare but high-stakes |
Customer security review. Our design partners are blocked by their customers' security teams asking for governance proof.
Insurance carriers. Attestation receipts become parametric triggers for coverage—directly relevant to your LP bench.
Is value realized with "wrap OpenAI calls" only, or do they need deep hooks?
Both, with a clear progression:
pip install glacis # 3 lines of code
If AI attestation receipts become an open standard, does GLACIS become commodity or win as the network anchor?
Our thesis: We win as the network/trust anchor.
The analogy: Certificate Transparency (RFC 6962) for HTTPS.
| Element | HTTPS World | GLACIS World |
|---|---|---|
| Spec | Open (RFC 6962) | Open (GLACIS Attestation Profile 1.0) |
| Log operator | Google (canonical) | GLACIS (canonical) |
| Network effect | Browsers trust Google's log | Verifiers trust GLACIS log |
How do you avoid becoming a feature of other platforms?
Credo AI does "what policies should exist" (governance definition).
We do "prove policies executed" (runtime attestation).
The dynamic: We don't want to be a feature of Credo AI. We want to be the attestation layer that Credo AI requires to make their governance claims credible.
Where do you fit in the competitive landscape?
We occupy a new layer that doesn't exist in current competitive maps:
The evidence layer doesn't exist today. Competitors record (logs) but don't prove (cryptographic receipts). They execute (guardrails) but can't verify (third-party auditable).
Which competitor worries you most if they executed perfectly over 24 months?
Anthropic.
Not CalypsoAI. Not Credo AI. Not Datadog.
| Why Anthropic Worries Us | Why They Might Not Execute |
|---|---|
| Constitutional AI already creates internal governance proofs | Conflict of interest (auditing own models) |
| Actively pursuing healthcare and regulated industries | Multi-model world needs vendor-agnostic solution |
| "Claude Enterprise with built-in attestation" is compelling bundle | Model company, not infrastructure company |
| $8B+ funding means they can build anything | — |
Datadog pivoting from LLM Observability into LLM Attestation.
Hyperscalers. They're locked into single-cloud solutions and can't be the neutral third-party verifier enterprises need.
| Partner | Status | Evidence Category |
|---|---|---|
| nVoq | Compliance team in diligence | PHI/Data Loss Prevention |
| DeepC | Verbal commit (JPM) | Third-Party AI Governance |
| PraxisPro | LOI signed | Real-Time Decision Support |
| Mayo Clinic | Wants to pilot (blocked on HITRUST) | Regulatory Evidence |
Integrated Non-Egress Attestation (co-epoch binding)
Self-Stabilizing Control (verified receipts only)
Insurance Risk Pricing (parametric triggers)
Statistical Safety Signal Protocol (S3P)