OVERT 1.0 · Public Standard

An open standard for runtime proof of AI.

OVERT is a public, versioned specification for recording and verifying what an AI system actually did at runtime. Tamper-evident by construction. Externally verifiable. Not owned by any one vendor — including us.

Read the full standard Why it matters ↓

§ i · definition

What OVERT is.

OVERT defines a compact, cryptographically sealed record — a receipt — that captures what an AI system was asked to do, what it actually did, and under whose policy it was evaluated at that moment. Each receipt is signed by a quorum of witnesses and chained to the previous one, so a history of decisions can be audited as a single tamper-evident ledger.

The specification covers three things: the schema of the receipt itself, the witness semantics that produce it, and the verification rules any third party can use to check it. That is all. OVERT deliberately does not prescribe the model, the policy language, or the enforcement engine — only what gets recorded and how it can be trusted.

§ ii · rationale

Why an open standard.

Attestation is only useful if someone who does not trust the vendor can still verify the claim. A closed, vendor-specific format does not meet that bar — it asks auditors, regulators, and insurers to take the vendor’s word for it. An open specification removes that dependency: any conformant verifier, in any jurisdiction, can check a receipt without GLACIS in the loop.

OVERT is published under terms that allow anyone to implement it, including competitors. The value of a standard grows as more parties adopt it, and we would rather compete on the quality of the runtime than on the walls of the format.

§ iii · scope

What is in v1.0.

Receipt schema. Required and optional fields covering subject, probe, verdict, policy, witness, content hash, and chain pointer — enough to replay an evaluation and verify its result.
Witness semantics. Quorum rules for producing a valid receipt (default 3-of-3), signature algorithm profile, and the conditions under which no receipt is written rather than a partial one.
Verification rules. The exact checks a verifier must perform to accept a receipt as valid, including schema validation, signature verification, and chain integrity.
Versioning and profiles. How OVERT evolves without breaking older receipts, and how industry-specific profiles layer on top (healthcare, financial services, medical devices).

Spec · overt.is / v1.0.0·April 2026

§ iv · governance

GLACIS’s role.

GLACIS authored the initial draft of OVERT and runs the reference witness fabric. The specification itself is governed through the OVERT IPR policy published on overt.is, with contributions open to any organization operating a production witness.

We think about OVERT the way cryptographers think about signed-log formats and certificate transparency: the value is in the commons. Runtime defense for AI is a category we are building for; the proof format it leaves behind is one we would like to see in every auditor’s toolkit, regardless of whose runtime produced it.

§ iv · specimen

A receipt, read line by line.

Logs describe what happened. A receipt proves it. Same OVERT 1.0 structure every production witness writes — tap any field to see how it’s validated.

RECEIPTovert-1.0 / v1.0.0 signed & sealed

{
  "overt": "1.0.0",
  "subject": {
    "system": "your-model@production",
    "revision": "rev-04a1b2"
  },
  "probe": {
    "family": "injection.indirect",
    "suite": "autoredteam.v3",
    "seed": 418
  },
  "verdict": "allowed",
  "policy": {
    "bundle": "iso-42001.baseline",
    "mapped_to": ["eu-ai-act:16", "soc2:cc7.2"]
  },
  "witness": {
    "quorum": "3-of-3",
    "signature": "ed25519:9c4a…e11"
  },
  "content_hash": "sha256:7f3e…d24b",
  "prev": "sha256:a1c0…8e9f"
}

Marginalia — reader’s notes

Tap a highlighted field to jump to its note.

OVERT version

OVERT 1.0 is a public, versioned spec. Any conformant verifier knows which fields must appear and how to check them.

Spec · overt.is / v1.0.0

System under test

Identifies the exact model and revision this receipt covers. Receipts issued against a different revision are not interchangeable.

Field · overt.subject

Probe parameters

Probe family, test suite, and random seed — enough information to replay the evaluation and reproduce the verdict.

Field · overt.probe

Verdict

One of allowed, blocked, flagged, or escalated. The field an auditor or regulator reads first.

Field · overt.verdict

Policy applied

Which policy was enforced at the moment of decision, and the external controls it maps to (EU AI Act, SOC 2, or the customer’s own catalog).

Field · overt.policy

Witness signature

A 3-of-3 quorum signature across the witness fabric. If quorum isn’t reached, no receipt is written — silent failures aren’t possible.

Field · overt.witness

Content hash

A SHA-256 of the receipt contents. Change a single byte and the hash no longer matches; tampering is detectable by any third party holding the public key.

Field · overt.content_hash

Chain pointer

Each receipt commits to the previous receipt’s hash. Removing or altering a historical receipt breaks the chain and is externally detectable.

Field · overt.prev

The specification

The spec lives at overt.is.

The full specification, machine-readable schema, IPR policy, and versioned release notes are all published at overt.is. It opens in a new window — we trust you to find your way back.

Open overt.is Talk to us →

Navigate

Solutions