Runtime
Receipts prove what ran.
Each consequential event can carry control-execution evidence, policy hash, model version, decision, timestamp, and signature metadata.
Evidence
From runtime controls to customer-ready proof.
Glacis generates signed runtime receipts for consequential AI events, then assembles those receipts into review-ready evidence packs for regulators, customers, auditors, security teams, and internal review.
Workflow
Control
Decision
Receipt
Evidence Pack
Clinical summary, agent action, or model update
PHI boundary, tool permission, drift rule
Allowed, blocked, escalated, redacted
Signed runtime receipt with policy hash, model version, timestamp
Regulatory, security, audit, or internal review artifact
Assembly
Packs answer the buyer question.
Signed runtime receipts are grouped into regulator, customer security, audit, incident-response, and internal review artifacts.
Verification
Zero sensitive-data egress.
Sensitive payloads stay local. Verification metadata can be inspected externally.
Sample receipt anatomy
Receipts prove the moment.
A receipt proves the relevant runtime event, control decision, outcome, timestamp, policy version, and verification metadata without exposing the sensitive payload.
Runtime event
Model call, tool call, escalation, drift signal, or control decision.
Decision and outcome
Allowed, blocked, escalated, redacted, restricted, or sent for review.
Verification metadata
Timestamp, policy hash/version, input and output hashes, runtime signals, control execution, and receipt ID. The attestation is Ed25519-signed by the operator, countersigned by an independent witness, and hash-chained.
Sensitive payload
Excluded from the receipt so prompts, outputs, PHI, customer data, code, credentials, and proprietary context stay local.
Evidence pack anatomy
Evidence packs tell the defensible story.
An evidence pack turns many receipts into a review-ready artifact: what was assessed, what controls exist, what ran, what was blocked or escalated, and what remains to improve.
Workflow assessed
The named AI workflow, agent boundary, tool surface, and delegated authority.
Controls and receipts
Control inventory, receipt samples, blocked events, escalations, and review decisions.
Review use case
Enterprise security reviews, audits, customer trust, insurance, regulated evidence, and internal assurance.
Remaining gaps
Open control gaps, evidence gaps, and next improvements for the workflow.