Signed evidence receipts

Deploy runtime assurance inside your own infrastructure

Local controls. OVERT‑format signed receipts. Zero sensitive‑data egress. The evidence layer behind the Agent Runtime Security & Evidence Sprint.

Book the Agent Runtime Security Sprint See a sample evidence pack
Sample attestation receipt sealed 
receipt: {
  v: "overt/0.4",
  policy: "policy.fsi.credit_match",
  model: "llama-4-maverick@2026-04-01",
  decision: "allowed",
  at: "2026-04-25T10:51:57Z",
  prev: glc_887ab46a7f,
  sig: ed25519:9c3a…d04e
}
OVERT-format · tamper-evident · independently verifiable

Zero sensitive-data egress architecture

Only hashes cross the boundary

The runtime control sidecar and evidence signer run inside your environment. Controls execute locally, an OVERT‑format signed receipt is generated for each consequential decision, and sensitive payloads stay inside your stack. Only verification metadata, hashes, and signatures cross the trust boundary.

GLACIS is architecturally incapable of receiving your data

OVERT

Open standard at overt.is

Zero Data

Crosses the trust boundary. Only hashes.

Any Verifier

Independent verification. No vendor lock-in.

What runtime evidence deployment gives you

Every decision. Every control. Independently verifiable.

Glacis generates signed evidence receipts in the open OVERT format inside your environment. Each receipt proves which controls ran, what the verdict was, and when it happened—without exposing your data.

OVERT-Format Receipts

Open standard for AI attestation. Machine-readable, human-auditable, interoperable across tools. overt.is

Tamper-Evident

Cryptographic commitments make any modification detectable. Receipts can’t be altered after the fact.

Independent Verification

Any third party can verify a receipt without access to GLACIS. No vendor lock-in for your evidence trail.

Runtime posture telemetry

Aggregate runtime posture across your AI fleet. Track improvement over time, share with auditors and buyers.

Zero Sensitive-Data Egress

Your data never leaves your environment. Controls and receipt generation run locally; only hashes, signatures, and verification metadata cross the trust boundary.

Evidence Pack Export

OSCAL-compatible evidence packs for auditors. Machine-readable, standards-based, ready for regulatory review.

Who this is for

When “trust us” isn’t enough

AI vendors stuck in security review. The product works; the security team wants proof. Signed evidence receipts give them independently verifiable evidence that controls ran—not just a promise that they will.

Regulated organizations deploying AI. Colorado AI Act, EU AI Act, HIPAA—all require evidence of control execution. Runtime evidence is generated automatically as a byproduct of operation, not a separate documentation exercise.

Agent developers embedding governance. Customers need proof. Embed the runtime control sidecar and ship a verifiable evidence trail without building attestation infrastructure yourself.

Anyone whose AI decisions have consequences. If an AI output affects a person, a patient, or a financial outcome, you need a receipt. Runtime evidence makes the proof automatic.

How you get it

Core to GLACIS infrastructure

Every consequential decision is witnessed and receipted — by default, not by upgrade. Turn those receipts into regulator-, auditor-, and carrier-ready Evidence Packs when you need them.

Built In

Signed evidence receipts are core to the Runtime Assurance Platform. See plans →

OVERT

Open standard. Verify receipts without vendor lock-in. overt.is →

Book the Agent Runtime Security Sprint

Frequently asked questions

Common questions about runtime evidence deployment

What is an OVERT receipt?

An OVERT receipt is a structured attestation record in the open OVERT standard. It contains cryptographic commitments proving which controls ran, what the verdict was, and when—without exposing the underlying data.

What does “zero sensitive-data egress” mean?

Your data—prompts, responses, patient information—never leaves your environment. Runtime controls and receipt generation run locally. Only verification metadata, hashes, and signatures cross the trust boundary.

Can anyone verify a receipt, or just GLACIS?

Anyone. OVERT receipts are independently verifiable. Your auditor, your customer, a regulator—they can verify without contacting GLACIS or using our tools.

What is the Glacis Score?

An aggregate governance posture score derived from your attestation receipts. It reflects how consistently your AI fleet is running controls. Share it with auditors, buyers, or your board.

Do runtime controls and signed evidence receipts deploy together?

Yes — they’re two faces of the same loop. Local controls make the decisions; the evidence signer proves they happened. Every consequential decision is receipted by default, not by upgrade. See plans for details.

How does this run inside my infrastructure?

The runtime control sidecar and evidence signer ship as a single Rust binary that runs next to your AI systems — in your VPC, your cluster, or embedded inside your agent runtime. Language SDKs (Python today, TypeScript and Go in flight) handle integration. The Sprint stands the whole loop up on one named workflow in 10 business days.

Complete runtime assurance loop

Signed receipts are the proof layer. Here’s the rest of the loop.

Runtime control

Local controls for AI systems that act

Permit, deny, or escalate every consequential decision — each one witnessed and receipted, with zero sensitive‑data egress.

See runtime controls

Sprint

Stand up runtime assurance in 10 business days

The Agent Runtime Security & Evidence Sprint. Fixed scope, $48k. One named workflow, signed evidence, an Evidence Pack you can show buyers and regulators on day ten.

Book the Sprint