AI2 Incubator · Cloudflare Launchpad

AI Assurance You Can Prove

Security teams don't trust policy documents. They trust evidence. We help AI teams generate proof their controls actually ran.

[email protected] · glacis.io

What We Do

Proof, not just documentation

We generate verifiable proof that safety controls executed — timestamped, cryptographically signed, and mapped to the frameworks buyers recognize.

Consent captured

Guardrails executed

PHI properly handled

Model version locked

Not logs. Receipts. Cryptographically signed, independently verifiable. When the auditor or attorney asks "prove it"—you can.

The Problem

When things go wrong, no one can prove what happened

NOV 2025 Sharp HealthCare Class Action

~100,000 patients. Allegation: ambient scribe hallucinated consent. Sharp can't cryptographically prove otherwise.

DEC 2025 Health System Blocks AI Deal

Major health system's AI Governance Committee blocked scribe vendor deal over data ownership concerns.

The most safety-conscious AI vendors face the same exposure. When the lawsuit comes, good intentions don't hold up. Cryptographic proof does.

Vendors — can't definitively answer questionnaires

Buyers — don't trust vendor dashboards

The Gap — no independent verification

Why Now

Regulatory deadlines create urgency

NOW

HIPAA + AI

Every AI interaction touching PHI needs auditable proof

JUN 2026

Colorado AI Act

Affirmative defense for NIST AI RMF. $20K/violation

AUG 2026

EU AI Act

Healthcare AI = "high-risk." Continuous traceability required

JAN 2027

California CPPA

ADMT opt-out. Risk assessments for healthcare decisions

The thesis: In 18 months, regulated AI without cryptographic proof will be uninsurable and unprocurable.

Standard of care precedes law. NIST AI RMF and ISO 42001 are already the de facto duty of care.

How It Works

Cloud-Native. Zero Data Egress. Sub-50ms.

Your Cloud Environment

Your App

Serverless / Containers

GLACIS

SIDECAR

Attest → Hash → Sign

<50ms • 0 bytes PHI out

Witness Network

Hashes only

Merkle anchor

Zero-Egress = No BAA

No PHI or proprietary data leaves customer boundary. Eliminates months of legal review.

Third-Party Verifiable

Ed25519 signatures + RFC 6962 Merkle trees. Independent verification.

Drop-In Deployment

Lambda layer or container sidecar. Works with any LLM provider.

The Platform

Production-Ready. Shipping Now.

Live at app.glacis.io — governance platform, attestation feed, and witness network operational.

Cryptographic Attestations

Merkle-anchored receipts with HIPAA identifiers

Governance Topology Engine

NIST AI RMF • ISO 42001 • EU AI Act • Colorado

Sidecar deployed

Witness network live

Research lab active

The SSL Analogy

SSL certs prove identity without dictating what you serve. GLACIS receipts prove enforcement of policies and guardrails at inference—without dictating your models.

Positioning

Platform, Not Product

What We Don't Do

Build PHI detection models

Compete with Comprehend/Macie

Own the guardrail logic

What We Do

Attest models and guardrails

Ship strong defaults (open source)

Prove execution, not policy

Comprehend, Macie, open source models—we attest them all. At scale, we become the neutral trust layer for AI governance across the ecosystem.

The SSL Analogy

SSL certs prove identity without dictating what you serve. GLACIS receipts prove enforcement of policies and guardrails at inference—without dictating your models.

Competitive Landscape

No one else proves execution

Competitors offer guardrails or governance. We provide cryptographic proof that both executed.

	Cloudflare AI Gateway	AWS Bedrock	Vanta GRC	Credo AI Governance	Alinia Guardrails	GLACIS
Runtime guardrails	✓	✓	—	—	✓	✓
Compliance frameworks	—	—	✓	✓	—	✓
Cryptographic proof	—	—	—	—	—	✓
Zero data egress	—	△	—	—	—	✓
Healthcare-native	—	—	△	—	△	✓

Infrastructure Players

Block bad things. No compliance story. Logs ≠ proof.

GRC Platforms

Policy management. No runtime enforcement. Trust us.

GLACIS

Runtime + compliance + cryptographic proof.

Traction

Design Partners in Healthcare AI

nVoq First Pilot

Colorado-based ambient scribe for home care • 50k+ visits/month

Android keyboard S3 + Comprehend

Consent attestation

PHI redaction proof

Model drift enforcement

NIST AI RMF evidence

PraxisPro

In diligence

Prompt Opinion

In diligence

All from HLTH 2025 • Healthcare AI vendors facing procurement friction

Colorado AI Act: June 2026

Compliance pressure creates urgency

70+

Patent claims filed

4 families • Fenwick & West

Defensibility

Building the Category Definition

Co-Epoch Attestation

Binds receipts to specific binary versions. Prevents "binary substitution" attacks.

Statistical Safety Signals

Mathematically rigorous sampling for continuous compliance verification.

Zero-Payload Egress

Cryptographic commitments without data exposure. PHI never leaves boundary.

Federated Witness Network

Distributed attestation for independent verification at scale.

Filed Nov 2025 — First-mover advantage in attestation-based AI compliance.

Team

FDA Authorized. Enterprise Deployed.
We've Lived This Problem.

Joe Braidwood

Co-Founder & CEO

1 in 4 smartphone users

SwiftKey founding exec → $250M Microsoft • Cambridge Law

Dr. Jennifer Shannon

Co-Founder & Chief Medical Officer

FDA De Novo authorized

Cognoa: SaMD reimbursed

Caer

Rust & Cryptography Lead

10+ years production • WPI

Atreya

AI Engineer

Model eval & red teaming • WPI • Ex-PAAI

Advisors

Selvan Senthivel GE Healthcare Chief Technologist

Nakis Urfi, JD, MPH Cantex CCO (37 facilities)

David Márton Harvard AI Research

The Ask

Pre-Seed: $1.5M

3

Design Partners

70+

Patent Claims

18mo

First-Mover Window

USE OF FUNDS

→ Close nVoq to paid contract

→ Ship cloud-native sidecar

→ Build compliance evidence packs

→ 10 vendors by Q3 2025

EU AI Act

Aug 2026