Insights
Blog
Insights on AI runtime security, healthcare AI governance, and cryptographic proof for regulated industries.
The OVERT series
Evidence-grade explainers on verifiable AI, runtime attestation, and proving what your controls actually did.
AI Security Solutions That Leave a Receipt
Most AI security solutions stop at alerts. The real differentiator is proof — runtime controls that emit signed, verifiable OVERT receipts.
After a Prompt Injection Attack, Prove What Held
A single prompt injection attack can move markets. Prevention is never perfect — so hold tamper-evident proof of which guardrails fired.
Agentic AI Security Needs Proof, Not Promises
Agentic AI security can't rest on self-reported logs. Make autonomous agents witnessed — independent, tamper-evident proof of what ran and which controls held.
AI Agent Security: Prove What the Agent Did
AI agent security means enforcing controls at the action boundary and producing signed OVERT receipts that prove what the agent actually did at runtime.
AI in Cyber Security: The Missing Evidence Layer
Detection and response made the SOC faster — but neither proves a control held. AI in cyber security needs the runtime evidence layer the SOC is missing.
AI Data Security: Verify a Receipt, Not the Data
AI data security proven without exposing the data: a signed OVERT receipt lets a third party verify a runtime control fired — only hashes and signatures cross the line.
Independent AI Attestation: Proof, Not Promises
Independent AI attestation is tamper-evident proof a third party can verify that your AI controls executed — without protected data leaving home.
Your AI Governance Documentation Isn’t Evidence
AI governance documentation records intent, not proof. See why policies and self-reported logs aren’t evidence — and what a tamper-evident receipt is.
AI Governance Solutions Need a System of Proof
Most AI governance solutions are a system of record for intent. Add a system of proof — signed runtime receipts that show the control actually ran.
AI Governance Tools Need a System of Proof
AI governance tools state intent — policies, registers, approvals. None proves a control ran. OVERT receipts add the runtime proof: asserted, then proven.
An AI Governance Maturity Model: From Policy to Proof
An AI governance maturity model that stops at “documented” measures intent, not evidence. Reframe maturity from policy to verifiable proof at runtime.
AI Governance Challenges: The One No One Names
Most AI governance challenges are problems of intent. The hardest one is a problem of execution: proving what your AI systems actually did.
What Is AI Governance? Intent vs. Proof
What is AI governance? It's how an organisation directs and proves its AI behaves — the policies that state intent, and the runtime evidence that proves controls ran.
Why our new CTO left Microsoft after 19 years
Rohit Tatachar joins as co-founder & CTO after nearly two decades at Azure. The inside story.
Healthcare AI is uninsurable
The first framework for underwriting healthcare AI risk. Four case studies. Three liability domains.
We couldn’t ship our own AI
Why we open-sourced auto-redteam and published OVERT 1.0 — the open standard for AI runtime trust.
Why autoredteam.com is an open-source commitment
Why open-source auto-hardening matters and how autoredteam.com connects to safer AI deployment at scale.
Voluntary AI safety just died
Anthropic abandoned its RSP. The voluntary era is over. Here’s what replaces it.
ViVE 2026: Healthcare AI gets asked for its receipts
We’re in LA Feb 22–25. The AI accountability conversation healthcare has been building toward.
2026: the year Healthcare AI gets real
JPM kicks off a pivotal year. State laws take effect, consent litigation accelerates, and governance committees want proof.
The three layers of AI security
Most AI security solutions cover runtime protection. But there’s a critical third layer.
EU AI Act Healthcare: what to know
Most healthcare AI is classified as high-risk, triggering strict logging requirements.
When AI hallucinations become malpractice
“One beer at a wedding” becomes “daily heroin use.” Without evidence, who’s liable?
Why SOC 2 won’t protect you from AI risk
SOC 2 and HITRUST are essential for IT security. But they weren’t designed for AI.
Colorado AI Act for Healthcare vendors
Colorado repealed and replaced its 2024 AI Act with SB 26-189, covering automated decision-making technology from January 1, 2027.
Building AI trust through evidence
The difference between “we have guardrails” and “here’s proof.”
How we used AI without a BAA
Deploying an in-line redaction proxy that strips PHI before it reaches external APIs.
Why we built GLACIS on Cloudflare
Global latency, edge compute, and enterprise security via Cloudflare Workers Launchpad.
Free AI runtime security assessment
Discover your AI runtime security posture with our free 2-minute assessment. Get your score and personalised recommendations.
ISO 42001: is certification worth it?
Costs, benefits, and limitations. When certification makes sense vs. using the framework internally.
Ready to unblock your deals?
Runtime coverage starts on one named workflow that gives AI vendors evidence for deals, audits, and internal assurance.
Get runtime coverage