Runtime Controls

Control one high-risk AI workflow where it runs.

Permit, block, or escalate runtime events inside your environment. Each important decision can produce a signed receipt, so reviewers can verify controls ran without seeing sensitive payloads.

Get runtime coverage
Sample verdict stream live
  1. ALLOW policy.fsi.credit_match 12.4ms · llama‑4‑maverick
  2. BLOCK policy.phi.exfil_guard 9.1ms · claude‑opus‑4
  3. ESCALATE policy.agent.scope_exceeded 14.2ms · gpt‑4o
Every important event gets a control decision. Every decision can get a signed receipt.

How it works

Control decisions at the runtime boundary.

GLACIS deploys control points next to the AI workflow. It evaluates requests, responses, tool calls, and escalations using local policy logic, then permits, blocks, or routes to review. No sensitive data leaves your environment.

Not a filter. A control plane.

Capabilities

Built for proof-ready AI operations

Rust Sidecar

Sub-millisecond overhead. Single binary, no runtime dependencies. Deploys anywhere containers run.

SLM Evaluation

A local small language model scores every request for policy compliance—no data leaves your perimeter.

Drift Detection

Continuous monitoring of model behavior against your baseline. Alerts when outputs shift outside policy bounds.

Shadow Mode

Observe and log without blocking. Deploy Enforce in shadow mode first, then flip to active enforcement when you’re ready.

Fleet Dashboard

See every AI system in your organization. Policy status, violation rates, drift trends—one view.

Policy-as-Code

Define policies in YAML. Version them in Git. Roll out across your fleet with CI/CD integration.

Permit / Deny / Escalate

Three-outcome verdicts on every request. Clean outputs pass. Violations block. Edge cases route to human review.

Signed Evidence Trail

Every consequential verdict, policy evaluation, and escalation can be tied to a signed receipt and evidence hash.

Who this is for

Your AI workflow needs runtime assurance

  • Teams running multiple AI systems that need consistent policy enforcement
  • Organizations deploying AI agents that interact with customers or make decisions
  • Companies needing to prove controls ran for regulatory compliance
  • Anyone shipping AI who needs to sleep at night knowing bad outputs won’t reach users

Ready to start

Start with the workflow under review.

Runtime coverage maps one workflow, places controls, instruments receipts, and assembles the first evidence pack.

Start narrow. Prove deeply. Reuse the pattern.

Get runtime coverage

FAQ

Common questions

What’s the difference between Enforce and a content filter?
Content filters are keyword blocklists. Enforce uses a local SLM to evaluate policy compliance in context, supports three-outcome verdicts (permit/deny/escalate), and generates an immutable audit trail. It’s a control plane, not a regex.
How does shadow mode work?
In shadow mode, Enforce evaluates every request but doesn’t block anything. You see what would have been denied without affecting production traffic. Flip to active enforcement when your policies are tuned.
What’s the performance overhead?
The Rust sidecar adds sub-millisecond latency for rule-based policies. SLM evaluation adds single-digit milliseconds. Both are negligible compared to typical LLM inference times.
Can I use Enforce without Notarize?
Yes. Enforce works standalone for runtime policy enforcement. Add Notarize when you need cryptographic proof that controls ran for audit or regulatory purposes.
What models does it work with?
Any model behind an HTTP API—OpenAI, Anthropic, Google Gemini, Azure OpenAI, and open-source models. Enforce is model-agnostic by design.

Also from GLACIS

Controls are one part of runtime assurance.

Diagnostic

Map the workflow surface

Identify attack paths, data boundaries, tool-call risks, control gaps, and the first receipts that need to exist.

View diagnostic

Evidence

Cryptographic proof your controls ran

OVERT-format receipts. Tamper-evident, independently verifiable, zero sensitive-data egress. Every consequential control decision can generate signed proof — by default, not by upgrade.

Learn about signed receipts