The open evidence-receipt layer for AI runtime proof.
OVERT is the evidence-receipt layer behind Glacis. It gives teams a structured way to preserve runtime proof — which controls ran, what decision was made, when it happened, and how the evidence can be verified — without sensitive payloads leaving your environment.
§ i · What OVERT is.
Runtime controls create the assurance. Signed receipts preserve the proof. OVERT makes that proof portable, tamper-evident, and review-ready. Each receipt records the relevant runtime event, the control decision, the outcome, and the verification data — without exposing the sensitive payload that triggered it.
The specification covers three things: the schema of the receipt itself, the signing semantics that produce it, and the verification rules any third party can use to check it. That is all. OVERT deliberately does not prescribe the model, the policy language, or the enforcement engine — only what gets recorded and how it can be trusted.
§ ii · Why an open standard.
Attestation is only useful if someone who does not trust the vendor can still verify the claim. A closed, vendor-specific format does not meet that bar — it asks auditors, regulators, and insurers to take the vendor’s word for it. An open specification removes that dependency: any conformant verifier, in any jurisdiction, can check a receipt without GLACIS in the loop.
OVERT is published under terms that allow anyone to implement it, including competitors. The value of a standard grows as more parties adopt it, and we would rather compete on the quality of the runtime than on the walls of the format.
§ iii · What is in v1.0.
- Receipt schema. Required and optional fields covering subject, probe, verdict, policy, notary, content hash, and chain pointer — enough to replay an evaluation and verify its result.
- Notary semantics. Signing rules for producing a valid receipt, signature algorithm profile, and the conditions under which no receipt is written rather than a partial one.
- Verification rules. The exact checks a verifier must perform to accept a receipt as valid, including schema validation, signature verification, and chain integrity.
- Versioning and profiles. How OVERT evolves without breaking older receipts, and how industry-specific profiles layer on top (healthcare, financial services, medical devices).
Spec · overt.is / v1.0.0 · April 2026.
§ iv · The specimen.
Operational records can describe what happened. A receipt proves which controls ran. The same OVERT 1.0 structure can be verified across tools.
{
"overt": "1.0.0",
"subject": {
"system": "your-model@production",
"revision": "rev-04a1b2"
},
"probe": {
"family": "injection.indirect",
"suite": "runtime-assurance.v1",
"seed": 418
},
"verdict": "allowed",
"policy": {
"bundle": "iso-42001.baseline",
"mapped_to": ["eu-ai-act:16", "soc2:cc7.2"]
},
"witness": {
"quorum": "3-of-3",
"signature": "ed25519:9c4a…e11"
},
"content_hash": "sha256:7f3e…d24b",
"prev": "sha256:a1c0…8e9f"
}Field notes
OVERT version — OVERT 1.0 is a public, versioned spec. Any conformant verifier knows which fields must appear and how to check them.
Subject — identifies the exact model and revision this receipt covers. Receipts issued against a different revision are not interchangeable.
Probe — probe family, test suite, and random seed. Enough information to replay the evaluation and reproduce the verdict.
Verdict — one of allowed, blocked, flagged, or escalated. The field an auditor or regulator reads first.
Policy — which policy was enforced at the moment of decision, and the external controls it maps to (EU AI Act, SOC 2, or the customer’s own catalog).
Witness — a 3-of-3 quorum signature across the notary fabric. If quorum isn’t reached, no receipt is written — silent failures aren’t possible.
Content hash — SHA-256 of the receipt contents. Change a single byte and the hash no longer matches; tampering is detectable by any third party holding the public key.
Chain pointer — each receipt commits to the previous receipt’s hash. Removing or altering a historical receipt breaks the chain and is externally detectable.
§ v · Glacis’s role.
Glacis authored the initial draft of OVERT and maintains reference verification tooling. The specification itself is governed through the OVERT IPR policy published on overt.is, with contributions open to organizations that need portable AI runtime evidence.
Glacis runs inside your infrastructure as local runtime controls; every decision those controls make is preserved as a signed OVERT receipt. The Agent Runtime Security & Evidence Sprint generates a sealed evidence pack of OVERT-format receipts for the agents and models that are already in production — verifiable by any auditor, regulator, or insurer without Glacis in the loop.