Skip to content
GLACIS GLACIS Documentation

Introduction to GLACIS

What is GLACIS?

GLACIS is trust infrastructure for the AI economy — providing cryptographic attestation for AI decisions at scale.

Traditional compliance relies on documentation, policies, and point-in-time audits. But AI systems operate continuously, making decisions at scale. GLACIS bridges this gap by generating cryptographic attestations for every AI interaction, proving that your governance policies are enforced at runtime.

The Problem GLACIS Solves

The AI Governance Gap

Organizations face increasing pressure to govern their AI systems:

  • Regulatory requirements: EU AI Act, ISO 42001, state-level AI laws
  • Customer demands: Enterprise buyers require AI governance evidence
  • Risk management: AI failures create legal, reputational, and financial risk
  • Audit complexity: Proving AI compliance to auditors is difficult

Traditional Approaches Fall Short

ApproachProblem
Policy documentsProve intent, not enforcement
Manual auditsPoint-in-time, expensive, limited coverage
Log analysisUnbounded scope, hard to prove completeness
Model testingPre-deployment only, misses production behavior

The GLACIS Solution

GLACIS provides continuous attestation — cryptographic proofs generated at runtime that demonstrate your AI governance policies are enforced:

┌─────────────────────────────────────────────────────────────┐
│  Traditional Approach                                       │
│  Policy → Audit (yearly) → Finding → Remediation → Audit   │
└─────────────────────────────────────────────────────────────┘


┌─────────────────────────────────────────────────────────────┐
│  GLACIS Approach                                            │
│  Policy → Continuous Attestation → Real-time Compliance     │
└─────────────────────────────────────────────────────────────┘

Core Capabilities

Cryptographic Attestations

Every AI request generates a cryptographically signed attestation that proves:

  • The request was processed
  • Governance policies were evaluated
  • Specific scores/results were produced

Ed25519 signatures ensure non-repudiation.

Zero-Egress Architecture

Sensitive evidence never leaves your infrastructure. Only cryptographic commitments (hashes) are shared with GLACIS services.

Auditors can verify compliance without accessing your data.

Intelligent Compliance Assistant

The Certification Wizard conducts AI-powered interviews to:

  • Discover your AI systems
  • Assess compliance gaps
  • Generate policies and documentation
  • Map evidence to controls

Multi-Framework Support

Native support for major AI governance frameworks:

  • ISO/IEC 42001:2023
  • EU AI Act
  • SOC 2
  • NIST AI RMF
  • GDPR, HIPAA

Key Concepts

Attestation Levels

GLACIS uses a two-tier attestation system:

L0 Attestations (Metadata)

  • Generated for every request
  • Contains only metadata (no request content)
  • Used for coverage verification
  • ~200 bytes per attestation

L2 Attestations (Evidence)

  • Generated for sampled requests
  • Contains full evidence (request, response, scores)
  • Used for deep audit trails
  • Sampling rate is configurable

Epochs and Sampling

GLACIS operates in discrete time epochs (typically 1 hour). Each epoch:

  • Has a unique identifier
  • Bounds all attestations within it
  • Enables ordered, verifiable logs
  • Supports adaptive sampling rates

Witness and Receipt Services

Two core services coordinate attestation:

Witness Service: Issues bearer tokens for the current epoch, ensuring attestations are time-bound.

Receipt Service: Validates attestations and issues Merkle proofs, creating an ordered, immutable log.

Who Uses GLACIS?

AI/ML Teams

Deploy sidecars alongside AI services to generate continuous compliance evidence without changing application code.

Compliance Officers

Use the dashboard to monitor compliance scores, manage evidence, and generate audit-ready reports.

Security Teams

Verify the zero-egress architecture, review cryptographic proofs, and ensure governance policies are enforced.

Auditors

Verify attestation proofs independently, review sampling coverage, and assess control effectiveness.

Architecture Overview

┌─────────────────────────────────────────────────────────────┐
│  Your Infrastructure                                        │
│                                                             │
│  ┌─────────────┐    ┌─────────────┐    ┌─────────────┐     │
│  │ AI Service  │───▶│   Sidecar   │───▶│  AI Model   │     │
│  └─────────────┘    └──────┬──────┘    └─────────────┘     │
│                            │                                │
│                            │ Attestations                   │
│                            ▼                                │
└────────────────────────────┬────────────────────────────────┘
                             
          ┌──────────────────┴──────────────────┐
          │                                      │
          ▼                                      ▼
┌─────────────────────┐            ┌─────────────────────────┐
│  GLACIS Services    │            │  Compliance Dashboard   │
│  • Witness          │            │  • Control library      │
│  • Receipt          │            │  • Evidence management  │
│  • Merkle tree      │            │  • Gap analysis         │
│  • Epoch mgmt       │            │  • Certification wizard │
└─────────────────────┘            └─────────────────────────┘

Getting Started

Ready to implement continuous AI compliance? Here’s your path:

  1. Quickstart Guide — Deploy your first sidecar in 10 minutes
  2. Core Concepts — Understand attestations, epochs, and proofs
  3. Certification Wizard — Bootstrap your ISO 42001 compliance program
  4. Sidecar Deployment — Choose your deployment platform