Turn AI runtime activity into independently verifiable audit evidence — without handing over a single raw conversation.
What we stand for
The verifier — the root of trust for everything we build — is Apache 2.0. Any auditor, regulator, or engineer can download it, run it offline, and reproduce the proof_hash without a Tracestone account or NDA. That promise is enforced by ADR-09 in our governance docs.
Raw prompts and conversations never leave your boundary in plaintext. Pseudonymization and envelope encryption happen inside your VPC. Tracestone SaaS holds only ciphertext and signed evidence hashes — by design, not policy.
Compliance evidence that only the vendor can read is not evidence — it's a dashboard. Our audit bundles are reproducible by any third party, offline, with no dependency on Tracestone being operational or cooperative.
Research
Our products are built on a corpus of real-world findings, academic research, and open collaboration with the security community.
A systematic analysis of vulnerability classes across production AI gateway configurations — privilege isolation failures, key exposure paths, and multi-tenant boundary violations — drawn from 2,900 real-world samples.
A continuously updated corpus of CVE-class findings across major AI gateways and LLM infrastructure projects. Used to fine-tune the Code-Audit LLM and generate adversarial test fixtures.
Ongoing work on P1–P8 property definitions, proxy re-encryption auditor handover, TEE attestation binding, and zero-knowledge compliance proofs for regulated AI deployments.
STRIDE-based threat modeling for SaaS AI deployments, covering adversarial prompt injection, tool-call escalation, model output manipulation, and data exfiltration via model context.
Research collaboration with SRSLab@NTU (Software Reliability and Security Lab), Singapore. Academic partnership covering AI runtime security, formal verification of cryptographic audit protocols, and adversarial robustness evaluation.
We're talking to design partners who need runtime control, audit-grade evidence, or a straight answer to "what vulnerabilities are in our AI stack?" — reach out directly.