Security posture
Gateproof is designed for private AI release evidence review. Public forms should not receive proprietary customer data, prompts, logs, traces, embeddings, or credentials.
Design principles
- Fail-closed policy checks for disclosure, stale-citation, quality, and workflow violations.
- Versioned evidence, policy, evaluator configuration, and artifact hashes.
- Redacted proof bundles and override records for stakeholder review without exposing private evidence.
- Private or local deployment path for sensitive pilots.
- Least-privilege integrations for CI/CD and target adapters.
Pilot handling
Security details, deployment boundaries, and customer-data handling should be agreed directly before any pilot. Gateproof should only process data that the design partner explicitly approves for the evaluation scope.