An open standard
OVERT defines what a conformant AI system SHALL prove: six governance domains, four assurance levels. Royalty-free and citable.
Glacis Documentation — every AI operation deserves a receipt
Every AI operation deserves a receipt. Declare your controls as code, enforce them at runtime, and prove what your AI actually did — with tamper-evident evidence, not screenshots.
Glacis turns AI governance from documentation into evidence. You declare governance rules as code, enforce them on the runtime path, and emit cryptographic receipts that a third party can verify — all built on the open OVERT standard.
Governance as code
OVERT-as-Code is the Terraform/OPA layer for AI governance — declare policy in TOML, validate it in CI, export OSCAL.
Proof, not promises
Every governed decision can become a signed, chained receipt. Verify it offline — no trust in us required.
Zero-egress by design
Receipts carry hashes and line-ranges, never your prompts or responses. Your sensitive data never leaves your environment.
Start where you are
Section titled “Start where you are” I want to declare governance rules Write an OVERT policy in TOML and validate it — the OVERT-as-Code quickstart.
I need to verify a proof someone gave me Check an OVERT receipt bundle's signatures yourself, offline.
I'm evaluating Glacis as a buyer What the runtime product asserts today — honestly scoped to OVERT Level 1 Core / AAL-3.
I want the concepts first Why documentation is not evidence, and what 'AI attestation' actually means.
The four layers
Section titled “The four layers”| Layer | What it is | Where it lives |
|---|---|---|
| The standard | OVERT — what conformant AI runtime proof must demonstrate | overt.is (normative) · overview |
| Governance as code | OVERT-as-Code — declarative policy + validation + OSCAL export | /overt-as-code/ |
| Verify & SDK | The vendor-neutral verifier and the Python client | /verify/ · /sdk/python/quickstart/ |
| Runtime product | The hosted Glacis bundle (proxy + Notary + dashboard) | /runtime/ |