Evidence

From runtime controls to customer-ready proof.

Glacis generates signed runtime receipts for consequential AI events, then assembles those receipts into review-ready evidence packs for regulators, customers, auditors, security teams, and internal review.

Receipts are generated at runtime. Evidence packs are assembled from receipts. Receipts prove control execution without exposing the underlying sensitive content.

See a sample evidence pack Talk to the team
Workflow
Control
Decision
Receipt
Evidence Pack
Clinical summary, agent action, or model update
PHI boundary, tool permission, drift rule
Allowed, blocked, escalated, redacted
Signed runtime receipt with policy hash, model version, timestamp
Regulatory, security, audit, or internal review artifact

Runtime

Receipts prove what ran.

Each consequential event can carry control-execution evidence, policy hash, model version, decision, timestamp, and signature metadata.

Assembly

Packs answer the buyer question.

Signed runtime receipts are grouped into regulator, customer security, audit, incident-response, and internal review artifacts.

Verification

Zero sensitive-data egress.

Sensitive payloads stay local while OVERT-compatible verification metadata, hashes, signatures, receipts, and evidence artifacts can be inspected externally.

Sample receipt anatomy

Receipts prove the moment.

A receipt proves the relevant runtime event, control decision, outcome, timestamp, policy version, and verification metadata without exposing the sensitive payload.

Runtime event
Model call, tool call, escalation, drift signal, or control decision.
Decision and outcome
Allowed, blocked, escalated, redacted, restricted, or sent for review.
Verification metadata
Timestamp, policy hash/version, model or tool version, signature, and receipt ID.
Sensitive payload
Excluded from the receipt so prompts, outputs, PHI, customer data, code, credentials, and proprietary context stay local.

Evidence pack anatomy

Evidence packs tell the defensible story.

An evidence pack turns many receipts into a review-ready artifact: what was assessed, what controls exist, what ran, what was blocked or escalated, and what remains to improve.

Workflow assessed
The named AI workflow, agent boundary, tool surface, and delegated authority.
Controls and receipts
Control inventory, receipt samples, blocked events, escalations, and review decisions.
Review use case
Enterprise security reviews, audits, customer trust, insurance, regulated evidence, and internal assurance.
Remaining gaps
Open control gaps, evidence gaps, and next improvements for the workflow.