AI systems that act need runtime assurance.
Agents now use tools, credentials, customer data, code, and production systems. Governance cannot live in screenshots, policy docs, or trust-us answers. It has to run where the system acts.
Governance is not a document. It is a runtime.
The next generation of AI will not only answer questions. It will call tools, update records, write code, route work, and make decisions inside systems customers care about.
That changes the security question. The issue is no longer only whether a model is accurate. It is what the system was allowed to do, what was blocked or escalated, and what proof exists after the fact.
Glacis exists because logs, screenshots, and policy documents are not enough. AI teams need runtime controls that execute locally and signed evidence that proves which controls ran — without exposing the data those controls are meant to protect.
See. Control. Prove. Improve.
1 · See what happened.
Make AI behavior visible inside your environment across model calls, tool calls, control decisions, escalation paths, drift signals, and operating events. Runtime visibility, not retrospective forensics.
2 · Control what matters.
Apply local runtime controls at the inference, tool-call, and agent boundary — before risky behavior reaches a workflow, record, production system, or customer. Allow, block, restrict, escalate, or review.
3 · Prove what ran.
Generate signed, tamper-evident receipts showing which controls ran, what decision was made, and when — without exposing the sensitive payload. The customer can verify the receipt offline. They never have to take your word for it.
4 · Improve what comes next.
Use incidents, drift, near misses, and control outcomes to strengthen policies, monitoring, model-change records, and operating procedures. The threat model can’t decay between releases.
Local controls. Signed receipts. Zero sensitive-data egress.
Glacis runs inside the customer environment. Controls execute locally. Prompts, outputs, PHI, customer data, source code, credentials, and proprietary context stay inside the stack.
When controls execute, Glacis generates signed, tamper-evident receipts containing the runtime event, control decision, outcome, timestamp, policy version, and verification metadata — without exposing sensitive payloads.
Receipts prove the moment. Evidence packs assemble those receipts into customer-ready artifacts: what was assessed, what controls exist, what ran, what was blocked or escalated, and what remains to improve.
Start with the workflow creating enterprise security pressure.
workflow: enterprise-support-agent
surface: tools + credentials + customer data
controls: tool permissions, exfiltration boundary, escalation rule
receipt: signed, timestamped, policy-versioned
output: customer-ready evidence packThe Agent Runtime Security & Evidence Sprint maps one named AI workflow, identifies runtime control gaps, hardens the agent or model boundary, and produces an evidence path for enterprise customers, security reviewers, auditors, and internal leadership.
This is not a generic scanner or an AI maturity assessment. It is a focused runtime security and evidence review for AI systems that act.
OVERT makes runtime proof portable.
OVERT is the evidence receipt layer behind Glacis — an open standard for runtime assurance receipts. It gives teams a structured way to preserve proof: which controls ran, what decision was made, when it happened, and how the evidence can be verified.
Runtime controls create the assurance. Signed receipts preserve the proof. OVERT makes that proof portable, tamper-evident, and review-ready — verifiable by any third party, including ones built by competitors.