OVERT 1.0 · The evidence receipt layer behind Glacis

The open evidence receipt layer for AI runtime proof.

OVERT is the evidence receipt layer behind Glacis. It gives teams a structured way to preserve runtime proof — which controls ran, what decision was made, when it happened, and how the evidence can be verified — without sensitive payloads leaving your environment.

See a sample evidence pack Read the spec on overt.is →

§ i · definition

What OVERT is.

Runtime controls create the assurance. Signed receipts preserve the proof. OVERT makes that proof portable, tamper-evident, and review-ready. Each receipt records the relevant runtime event, the control decision, the outcome, and the verification data — without exposing the sensitive payload that triggered it.

The specification covers three things: the schema of the receipt itself, the signing semantics that produce it, and the verification rules any third party can use to check it. That is all. OVERT deliberately does not prescribe the model, the policy language, or the enforcement engine — only what gets recorded and how it can be trusted.

§ ii · rationale

Why an open standard.

Attestation is only useful if someone who does not trust the vendor can still verify the claim. A closed, vendor-specific format does not meet that bar — it asks auditors, regulators, and insurers to take the vendor’s word for it. An open specification removes that dependency: any conformant verifier, in any jurisdiction, can check a receipt without GLACIS in the loop.

OVERT is published under terms that allow anyone to implement it, including competitors. The value of a standard grows as more parties adopt it, and we would rather compete on the quality of the runtime than on the walls of the format.

§ iii · scope

What is in v1.0.

Receipt schema. Required and optional fields covering subject, probe, verdict, policy, witness, content hash, and chain pointer — enough to replay an evaluation and verify its result.
Witness semantics. Signing rules for producing a valid receipt, signature algorithm profile, and the conditions under which no receipt is written rather than a partial one.
Verification rules. The exact checks a verifier must perform to accept a receipt as valid, including schema validation, signature verification, and chain integrity.
Versioning and profiles. How OVERT evolves without breaking older receipts, and how industry-specific profiles layer on top (healthcare, financial services, medical devices).

Spec · overt.is / v1.0.0·April 2026

§ iv · governance

Glacis’s role.

Glacis authored the initial draft of OVERT and maintains reference verification tooling. The specification itself is governed through the OVERT IPR policy published on overt.is, with contributions open to organizations that need portable AI runtime evidence.

Glacis runs inside your infrastructure as local runtime controls; every decision those controls make is preserved as a signed OVERT receipt. The Agent Runtime Security & Evidence Sprint generates a sealed evidence pack of OVERT-format receipts for the agents and models that are already in production — verifiable by any auditor, regulator, or insurer without Glacis in the loop.

§ iv · specimen

A receipt, read line by line.

Operational records can describe what happened. A receipt proves which controls ran. The same OVERT 1.0 structure can be verified across tools — tap any field to see how it’s validated.

RECEIPTovert-1.0 / v1.0.0 signed & sealed

{
  "overt": "1.0.0",
  "subject": {
    "system": "your-model@production",
    "revision": "rev-04a1b2"
  },
  "probe": {
    "family": "injection.indirect",
    "suite": "runtime-assurance.v1",
    "seed": 418
  },
  "verdict": "allowed",
  "policy": {
    "bundle": "iso-42001.baseline",
    "mapped_to": ["eu-ai-act:16", "soc2:cc7.2"]
  },
  "witness": {
    "quorum": "3-of-3",
    "signature": "ed25519:9c4a…e11"
  },
  "content_hash": "sha256:7f3e…d24b",
  "prev": "sha256:a1c0…8e9f"
}

Marginalia — reader’s notes

Tap a highlighted field to jump to its note.

OVERT version

OVERT 1.0 is a public, versioned spec. Any conformant verifier knows which fields must appear and how to check them.

Spec · overt.is / v1.0.0

System under test

Identifies the exact model and revision this receipt covers. Receipts issued against a different revision are not interchangeable.

Field · overt.subject

Probe parameters

Probe family, test suite, and random seed — enough information to replay the evaluation and reproduce the verdict.

Field · overt.probe

Verdict

One of allowed, blocked, flagged, or escalated. The field an auditor or regulator reads first.

Field · overt.verdict

Policy applied

Which policy was enforced at the moment of decision, and the external controls it maps to (EU AI Act, SOC 2, or the customer’s own catalog).

Field · overt.policy

Witness signature

A 3-of-3 quorum signature across the witness fabric. If quorum isn’t reached, no receipt is written — silent failures aren’t possible.

Field · overt.witness

Content hash

A SHA-256 of the receipt contents. Change a single byte and the hash no longer matches; tampering is detectable by any third party holding the public key.

Field · overt.content_hash

Chain pointer

Each receipt commits to the previous receipt’s hash. Removing or altering a historical receipt breaks the chain and is externally detectable.

Field · overt.prev

The specification

The spec lives at overt.is. The receipts ship with Glacis.

The full specification, machine-readable schema, IPR policy, and versioned release notes are all published at overt.is. To see OVERT receipts in production form, request a sample evidence pack — or book a Runtime Security & Evidence Sprint and receive a sealed pack for the agents you already run.

Get a Runtime Security & Evidence Sprint See a sample evidence pack → Open overt.is →

Navigate

Product

Solutions