Company Overviews
About GLACIS
GLACIS provides continuous cryptographic attestation for AI systems in regulated industries. The platform generates tamper-evident proof that AI controls execute correctly--verifiable evidence that guardrails, access policies, and compliance requirements are enforced at runtime, not just documented in policies.
GLACIS’ core technology is software-defined attestation that deploys within customer infrastructure without requiring specialized hardware. The zero-egress architecture ensures sensitive data (patient records, financial transactions, proprietary models) never leaves the customer’s control.
Key differentiators include approximately 4ms attestation latency (enabling real-time production use), deployment on commodity cloud infrastructure, and evidence generation mapped to regulatory frameworks including EU AI Act, HIPAA, and SR 11-7.
About EQTY Labs
EQTY Labs offers AI governance and attestation rooted in hardware Trusted Execution Environments (TEEs). Their platform leverages Intel TDX (Trust Domain Extensions), NVIDIA confidential computing, and Hedera blockchain for immutable audit logging.
Notable achievements include RSA Innovation Sandbox 2025 finalist recognition, strategic partnerships with Intel and NVIDIA, and public sector deployments through Accenture Federal Services. The company has raised funding and built credibility in the enterprise security space.
EQTY Labs’ approach provides hardware root-of-trust--the attestation originates from silicon-level security features rather than software alone. This appeals to organizations prioritizing hardware-based security guarantees and blockchain-verified immutability.
Architectural Approaches
The fundamental difference between GLACIS and EQTY Labs is where the root of trust originates and how attestation is executed. This architectural distinction has cascading implications for deployment, performance, and operational requirements.
GLACIS: Software-Defined Attestation
Cryptographic proof generated through software running in your existing infrastructure.
- ✓ Zero infrastructure changes -- runs on any cloud
- ✓ Zero-egress design -- data never leaves your VPC
- ✓ ~4ms latency -- production-grade performance
- ✓ No blockchain dependency -- simpler architecture
EQTY Labs: Hardware TEE Attestation
Attestation rooted in hardware security features with blockchain immutability.
- ✓ Hardware root-of-trust -- Intel TDX, NVIDIA TEEs
- ✓ Blockchain immutability -- Hedera-based logging
- ✓ Major partnerships -- Intel, NVIDIA ecosystem
- ✓ Public sector presence -- Accenture deployments
Software-Defined vs Hardware-Rooted: The Tradeoffs
Hardware TEEs like Intel TDX provide isolation guarantees at the silicon level--even a compromised hypervisor or OS cannot access data inside the enclave. This is a genuine security benefit for specific threat models. However, it comes with constraints: you must deploy on infrastructure with these specific chips, and attestation performance depends on hardware capabilities.
Software-defined attestation trades hardware isolation for deployment flexibility and performance consistency. GLACIS achieves cryptographic assurance through verified execution paths and tamper-evident evidence chains, rather than hardware enclave isolation. The security model differs, but the outcome--provable, auditable AI behavior--is equivalent for most regulatory and compliance use cases.
The blockchain component in EQTY Labs’ architecture provides immutability through distributed consensus. GLACIS achieves tamper evidence through cryptographic chaining without requiring blockchain infrastructure, reducing operational complexity and eliminating dependencies on external networks.
Feature Comparison
| Capability | GLACIS | EQTY Labs |
|---|---|---|
| Attestation Architecture | Software-defined cryptographic | Hardware TEE (Intel TDX, NVIDIA) |
| Attestation Latency | ~4ms | Not publicly specified |
| Infrastructure Requirements | Any cloud / on-prem | Intel TDX or NVIDIA TEE hardware |
| Blockchain Dependency | None | Hedera required |
| Data Residency | Zero-egress (data stays in VPC) | Data transmitted to TEE environment |
| Deployment Complexity | Low (software deployment) | Higher (hardware + blockchain setup) |
| Root of Trust | Cryptographic verification | Hardware silicon |
| Immutability Mechanism | Cryptographic chaining | Blockchain consensus |
| Vendor Ecosystem | Cloud-agnostic | Intel/NVIDIA partnerships |
| Industry Recognition | Early-stage, regulated industry focus | RSA Sandbox finalist |
Deployment Requirements
GLACIS Deployment
GLACIS deploys as software within your existing infrastructure. The deployment process typically involves:
- No hardware procurement -- runs on your current cloud instances (AWS, Azure, GCP) or on-premises servers
- Container-based deployment -- standard Kubernetes or Docker deployment patterns
- Zero network egress -- all processing occurs within your VPC; attestation evidence can be exported on your terms
- API integration -- wrap existing AI calls with attestation layer, minimal code changes
Time to production is typically measured in days, not months. There are no infrastructure procurement cycles, no specialized hardware to provision, and no blockchain nodes to configure.
EQTY Labs Deployment
EQTY Labs deployment requires infrastructure with Intel TDX or NVIDIA confidential computing support:
- Hardware requirements -- Intel 4th Gen Xeon (Sapphire Rapids) or newer with TDX, or NVIDIA H100/Blackwell GPUs with confidential computing
- Cloud provider support -- Azure Confidential Computing, Google Cloud Confidential VMs, or specialized deployments
- Hedera integration -- configuration of blockchain logging for immutability guarantees
- TEE workload migration -- applications must be adapted to run within trusted execution environments
Deployment timelines depend on infrastructure availability and TEE migration complexity. Organizations without existing confidential computing infrastructure face additional procurement and provisioning steps.
Use Case Fit Analysis
Neither solution is universally superior--the right choice depends on your specific requirements, constraints, and priorities.
GLACIS is Likely the Better Fit When:
- 1. Data sovereignty is non-negotiable. Healthcare organizations under HIPAA, financial institutions with data residency requirements, or any organization where patient/customer data cannot leave the VPC benefit from GLACIS’ zero-egress architecture.
- 2. You need to deploy quickly on existing infrastructure. If you don’t have Intel TDX or NVIDIA TEE hardware and can’t wait for procurement, GLACIS runs on commodity cloud instances today.
- 3. Latency matters for production workloads. Real-time AI applications (clinical decision support, fraud detection, trading systems) need consistent sub-10ms attestation overhead.
- 4. You want to avoid blockchain complexity. If your organization doesn’t want to operate or depend on blockchain infrastructure, GLACIS achieves tamper evidence through cryptographic means without distributed ledgers.
- 5. Multi-cloud or hybrid deployments. GLACIS’ cloud-agnostic architecture works consistently across AWS, Azure, GCP, and on-premises environments without vendor lock-in.
EQTY Labs May Be the Better Fit When:
- 1. Hardware root-of-trust is a requirement. If your security model specifically requires attestation originating from silicon-level security features, TEE-based approaches provide that guarantee.
- 2. Blockchain immutability is mandated. Some regulatory or contractual requirements may specifically call for blockchain-based audit trails.
- 3. You already have Intel TDX or NVIDIA confidential computing infrastructure. If your organization has invested in confidential computing, EQTY Labs leverages that investment.
- 4. Public sector with existing Intel/NVIDIA relationships. EQTY Labs’ partnerships and Accenture Federal Services deployments may provide procurement advantages in government contexts.
- 5. Threat model includes compromised hypervisor. TEEs provide protection against certain attack vectors (malicious cloud provider, compromised virtualization layer) that software-based approaches don’t address.
Industry-Specific Considerations
Industry Fit Matrix
| Industry | Key Requirement | Recommended |
|---|---|---|
| Healthcare | HIPAA, data never leaving VPC | GLACIS (zero-egress) |
| Financial Services | Low latency, SR 11-7 compliance | GLACIS (~4ms latency) |
| Government (Classified) | Hardware security, existing TEE infra | EQTY Labs (TEE-based) |
| Insurance | Fast deployment, existing cloud | GLACIS (any cloud) |
| Defense Contractors | Intel partnerships, blockchain logs | EQTY Labs (ecosystem) |
Frequently Asked Questions
Can I use GLACIS if I already have Intel TDX infrastructure?
Yes. GLACIS runs on any infrastructure, including servers with Intel TDX. You can deploy GLACIS alongside existing confidential computing workloads. The difference is that GLACIS doesn’t require TEEs--it works equally well on standard instances, giving you deployment flexibility.
Does EQTY Labs work with AWS?
EQTY Labs’ TEE-based approach requires Intel TDX or NVIDIA confidential computing support. As of 2025, AWS offers Nitro Enclaves (a different technology) but limited native TDX support. Azure and GCP have more mature confidential computing offerings. Check EQTY Labs’ current cloud provider support for the latest compatibility.
What if my regulators specifically require blockchain?
If your regulatory requirements explicitly mandate blockchain-based immutability, EQTY Labs’ Hedera integration directly addresses that. However, most regulations (EU AI Act, HIPAA, SR 11-7) require tamper-evident audit trails, not specifically blockchain. GLACIS’ cryptographic chaining satisfies these requirements. Consult your compliance team about the specific language in your regulatory obligations.
Is hardware-based attestation more secure than software-based?
They address different threat models. Hardware TEEs protect against compromised hypervisors and some physical attacks--threats that software alone cannot prevent. However, TEEs have had vulnerabilities (Spectre, Meltdown variants). Software-defined attestation like GLACIS focuses on cryptographic provability of execution, which is sufficient for most compliance and audit requirements. The "more secure" answer depends on which threats you’re prioritizing.
How do the costs compare?
GLACIS runs on commodity infrastructure, so the primary cost is the software licensing. EQTY Labs deployments may involve additional costs for TEE-capable hardware (Intel TDX instances cost more than standard instances) and Hedera blockchain transaction fees. The total cost difference depends heavily on your existing infrastructure and scale. Contact both vendors for detailed pricing.
Making Your Decision
EQTY Labs built an interesting technical approach to AI attestation using hardware TEEs and blockchain. That approach makes sense if you already have Intel TDX infrastructure, specifically need Hedera-based immutability, and can accept the deployment complexity.
For most organizations, that's not the situation. You have existing cloud infrastructure. You need AI compliance evidence now, not after a hardware procurement cycle. And you need data to stay in your VPC, not flow through external blockchain networks.
GLACIS is built for that reality. Software-defined attestation on your existing infrastructure. Zero-egress architecture for regulated data. Production-grade latency for real-time AI systems. Deployment in days, not months.
The decision is simpler than it appears: Do you have specialized TEE infrastructure and blockchain requirements? If yes, evaluate EQTY Labs. If not—if you need AI compliance evidence on your existing cloud without new infrastructure—start with GLACIS.