Buyer-hosted, zero-egress AI assurance

We publish just enough for a security, platform, or preparedness lead to qualify us:

• Scope: buyer-hosted, zero-egress evaluations of AI/model systems.
• Assurance signal: VC 2.0 receipts + RFC-3161 timestamps + CT v2-style transparency proof (compatible with RFC 6962) + Rekor-ready anchoring.
• Standards signal: NIST SP 800-207, NCCoE SP 1800-35, NIST AI RMF 1.0, NIST AI 600-1 (IPD, Apr 2024), CISA 2025 SBOM Minimum Elements, CycloneDX ML-BOM 2025 profile.

To protect our control chain and to keep procurement/defense language current, we move deep material behind the access flow.

• CLI verifier steps (Rekor, CT v2, OpenTimestamps, VC verification).
• Exact run schema (run_id, config_hash, determinism_pct, timing fields).
• Current defense intake language (DFARS/CMMC/CUI) and autonomy notes (DoDD 3000.09).
• Procurement pack (NDA, SOW stub, CAIQ-Lite/SIG-Lite cover, SSAE-19 AUP note).

Ask for the buyer-hosted access window and we’ll send the gated kit.

Does anything leave? No. We verify; we don’t host. Runs happen in your environment; we only emit receipts.

Can we review compliance docs? Yes — on request. We don’t publish NDA/SOW/SSAE-19/open-Rekor details on this page.

Do you align to EU AI Act GPAI (Aug 2, 2025)? Yes — the artifacts we return (VC 2.0, timestamps, transparency docs, SBOM/ML-BOM) are structured so you can file against the Commission’s GPAI Code of Practice.