For AI Labs & Model Providers

Runtime evidence for foundation model deployments.

Runtime controls and signed evidence receipts for the labs powering enterprise AI — so customer security teams, auditors, and regulators see what your model surface actually does, without your data leaving your stack.

Get an Agent Runtime Security Assessment See a sample evidence pack

Or explore the OVERT 1.0 standard →

Why model cards stopped working

PDFs carry the claim. Nothing carries the proof.

Enterprise customers, auditors, and regulators have stopped accepting model cards and SOC 2 letters as the final word on a frontier model. They want to know what controls run at inference time on the surface they’re actually calling — safety filters, eval gates, policy enforcement, refusal logic — and whether those controls fired on their traffic.

Red-teaming, adversarial testing, and safety evaluations produce real artifacts inside the lab. The gap is at the handoff: those artifacts weren’t designed to be verified independently by a regulated customer, an ISO 42001 auditor, or an EU AI Act notified body.

The Sprint closes that gap on one production model surface in three weeks — runtime controls, signed receipts, and an evidence pack a customer security team can actually verify.

How the sprint runs

One model surface. Three weeks. One evidence pack.

Glacis runs inside your infrastructure, instruments one production model surface, and produces signed evidence receipts — without prompts, outputs, or training data leaving your environment.

Map one model surface

We pick one production model surface — an API endpoint, a fine-tuned variant, a hosted agent. Local controls hook in next to your existing safety stack and eval gates.

Hash locally, sign locally

Prompts and outputs stay with you. Runtime controls hash them locally and sign a receipt for each control outcome — only the signed commitment leaves your environment.

Ship an evidence pack

An independent notary timestamps the receipts and anchors them in a transparency log. The Sprint closes with an evidence pack your enterprise customer’s security team can verify.

Receipts at the surface

A guard decorator. A signed receipt. Verifiable offline.

SDK · PythonWrap a red-team probe.

from glacis import RuntimeAssurance

a = RuntimeAssurance(workspace="safety-eval-prod")

@a.guard(
    policy="red-team-eval@v3",
    on_block="escalate")
def run_probe(prompt: str) -> str:
    return model.complete(prompt)

# Receipt: local content hash, exported commit,
# ECDSA-P256 signature, witness status.

Customer artifact · OVERT 1.0What the buyer’s security team verifies.

Evidence PackLab API surface · Q2 2026
Verified
Issuer
did:web:notary.glacis.io
Surface
frontier-v4 · safety-eval@v3
Receipts
241,008 control executions
Refusal events
3,872 · signed
Schema
overt://schema/v1.0/runtime-attestation
Maps to
ISO 42001 · NIST GenAI · EU AI Act
ECDSA-P256 · ed25519-2026-q2 · chain depth 241,008

What an evidence pack lets a customer or regulator see

Four things only a signed runtime receipt can answer.

01 / SAFETY

Safety evals fired on real traffic

Signed receipts that adversarial prompts and red-team probes were actually evaluated by the production model, at a specific time, with a specific outcome. Auditors verify without ever seeing the underlying prompts.

02 / CARDS

Model cards become checkable

Safety claims link to runtime evidence receipts. “Refusal rate held at X on this benchmark” becomes a verifiable fact, not a marketing line in a PDF.

03 / QUESTIONNAIRE

Enterprise questionnaires answer themselves

SOC 2, ISO 42001, EU AI Act, customer security questionnaires — the same evidence pack maps to each control language and ships as the back-up exhibit.

04 / IP

Data and weights stay inside your stack

Training data, prompts, outputs, and model weights never leave your environment. Only signed hashes and verification metadata cross the boundary.

Architecture

Zero sensitive-data egress.

Not “we don’t store it.” Not “we delete it after.” Prompts, outputs, training data, and weights stay inside your infrastructure — only signed hashes and verification metadata leave.

Prompts & outputs
SHA-256 hash only · content stays with you
Training data
Never transmitted
Model weights
Never transmitted
Receipts & metadata
Signed and exportable

Related guides

For lab safety and trust teams.

OVERT 1.0
The open standard for runtime evidence receipts — schema, signing rules, verification logic.
READ →
ISO 42001
AI Management System certification — how runtime evidence supports an audit.
READ →
EU AI Act
GPAI and high-risk AI obligations under the EU AI Act and what runtime evidence is required.
READ →

Map one model surface. Ship an evidence pack in three weeks.

Three weeks. One production model surface. Runtime controls instrumented inside your stack, and an evidence pack a customer security team can verify on their own.

Talk to our team See a sample pack

pip install glacis or read the docs →