JPM San Francisco 2026 Read Briefing
GLACIS logo GLACIS
For AI Research Teams

Cryptographic Proof for AI Research

Prove your safety testing actually happened. Verifiable model cards. Reproducibility guarantees for published research.

$ pip install glacis
Read the Docs View on GitHub

Works in 3 Lines

from glacis import Glacis

glacis = Glacis(api_key="glsk_live_...")

receipt = glacis.attest(
    service_id="safety-eval",
    operation_type="red_team_test",
    input={"prompt": adversarial_prompt},  # Hashed locally
    output={"response": model_output},      # Never leaves your env
    metadata={"model": "llama-3-70b", "test_suite": "harmbench"}
)

# Share this with auditors
print(receipt.badge_url)  # https://glacis.io/verify/att_xxx

Your Data Never Leaves

What Sent to Glacis?
Prompts, model outputs No — SHA-256 hash only
Training data No
Model weights No
Timestamps, service IDs Yes (metadata)

Like notarizing a document without the notary reading it. Only cryptographic commitments are transmitted.

Built for AI Labs

Red Team Attestation

Prove your safety testing actually ran. Cryptographic evidence that adversarial prompts were evaluated, not just documented.

Verifiable Model Cards

Model cards with teeth. Auditors can verify your safety claims without accessing your test data.

Experiment Reproducibility

Prove you ran this exact model on this exact data. Timestamped, witnessed, logged.

Training Data Lineage

Attest data provenance without exposing the data itself. Compliance-ready for dataset audits.

Try It Now (No API Key)

from glacis import Glacis

# Offline mode — fully functional, self-signed
glacis = Glacis(mode="offline")

receipt = glacis.attest(
    service_id="local-dev",
    operation_type="inference",
    input={"prompt": "..."},
    output={"response": "..."}
)

print(receipt.witness_status)  # "UNVERIFIED"
# Add API key for witnessed attestation

Offline mode is fully functional — correct crypto, local verification, production-grade Ed25519. The only difference is the absence of an independent witness anchor.

Offline vs Online Mode

Feature Offline Online
API key required No Yes
Signing Local Ed25519 Glacis witness network
Merkle proofs No Yes
Transparency log No Yes
Verification URL No Yes
Witness status "UNVERIFIED" "VERIFIED"

Use offline for development. Upgrade to online when you need third-party verifiability (audits, papers, customer due diligence).

Pricing

Offline

Free
  • Local Ed25519 signing
  • Self-signed receipts
  • "UNVERIFIED" status
  • Full SDK access
Get Started
Recommended

Witnessed

Free
then usage-based
  • Everything in Offline
  • Independent witness network
  • Merkle tree inclusion proofs
  • Shareable verification URLs
  • Transparency log access
Get Started

Enterprise

Custom
  • Everything in Witnessed
  • SLA guarantees
  • Compliance exports
  • Dedicated support
  • On-prem witness option
Contact Sales

Open Source

The Python SDK is Apache 2.0. Star us on GitHub.

View on GitHub Read Documentation

Technical Details

Cryptography

  • Signatures: Ed25519 via PyNaCl (libsodium) or WASM
  • Hashing: SHA-256 with RFC 8785 canonical JSON
  • Transparency: RFC 6962 Merkle tree inclusion proofs
  • Cross-runtime: Compatible with Rust and TypeScript SDKs

Threat Model

  • Proves policy executed on input/output at a specific time
  • Does not prevent AI from misbehaving (attests, not enforces)
  • Does not hide that an AI system exists
  • Does not guarantee AI output correctness

Security Disclosure

Report vulnerabilities to [email protected]