Skip to content

Security · Trust

Verify , don't trust.

Every public release ships signed, attested, and with a software bill of materials — you verify provenance and integrity with public tooling instead of trusting us. The pipeline is built and exercised in CI today; its evidence becomes public with the first release.

Supply chain

What ships with every release

The release pipeline generates these artifacts automatically. No public release exists yet — items marked "first release" become verifiable the moment the first tagged release is published; security.txt is live today.

First release

SLSA Build Level 3

Release binaries are built by GitHub Actions with SLSA provenance attestation via slsa-github-generator. The attestation proves a binary was built from the committed source, in a hardened build environment, without manual intervention.

How verification works
First release

Cosign keyless signatures

Release artifacts are signed with Sigstore cosign (keyless mode via Fulcio + Rekor). You can verify signatures without us distributing a public key — the transparency log is the root of trust.

Verification guide
First release

Software bill of materials

Each release includes SBOM in both CycloneDX and SPDX formats, listing every dependency with version and license. Machine-readable, auditable.

How to verify the SBOM
First release

OpenVEX advisories

Known vulnerabilities and their applicability to each release are published as OpenVEX documents. VEX statements distinguish "affected", "not affected", and "under investigation".

How advisories are verified
Live

security.txt (RFC 9116)

A machine-readable vulnerability disclosure policy at /.well-known/security.txt, following RFC 9116. Includes contact, policy link, and expiry.

View security.txt

Architecture

Security by design

Deny-closed

Unknown state is denied, not permitted. Every policy decision defaults to deny — an engine that cannot reach its policy store refuses all requests rather than failing open.

Append-only audit

The audit ledger is append-only with cryptographic chaining. Events cannot be silently modified or deleted — tampering breaks the chain and is detectable.

No phone-home

The engine runs entirely in your environment. License verification is offline (Ed25519 signature check). No telemetry, no mandatory network calls, no activation server.

Least privilege

Cedar-based RBAC and ABAC with scoped grants. Custom roles, delegation ceilings, and break-glass with dual-control. The default permission set is empty.

Compliance

Compliance status

We publish what is live, what is built and waiting on the first public release, and what is not yet started. We do not claim certifications we have not obtained.

Live today

  • RFC 9116 security.txt

    Machine-readable vulnerability disclosure policy, live at /.well-known/security.txt.

Built — public with the first release

  • SLSA Build Level 3

    Provenance attestation via slsa-github-generator — built and exercised in CI; publishes with every tagged release.

  • SBOM (CycloneDX + SPDX)

    Software bill of materials generated for every release build.

  • Cosign keyless signatures

    Sigstore-based artifact signing via Fulcio + Rekor.

  • OpenVEX advisories

    Vulnerability applicability statements per release.

Planned

  • SOC 2 Type II

    Planned. Required for the managed cloud tier, not for self-hosted.

  • ISO 27001

    Planned. Timeline not committed.

  • Independent penetration test

    Planned. Will be published when completed.

Framework readiness

Compliance posture

The product maps capabilities to 25 compliance framework catalogs. Below is the readiness posture for the frameworks most requested by enterprise buyers. Each item is a readiness mapping — not a certification.

Readiness-mapped

ISO/IEC 27001:2022

Annex A control mapping with evidence pointers. Not certified.

Readiness-mapped

ISO/IEC 42001:2023

AIMS readiness mapping — the product generates the evidence an AIMS requires. Not certified.

Readiness-mapped

SOC 2 Type II

Trust Services Criteria (Security / Common Criteria) mapping. Not attested.

Readiness-mapped

EU AI Act

Annex IV technical documentation template. The product is governance tooling, not itself an Annex III system.

Readiness-mapped

CSA STAR / AICM

CAIQ v4 and AI-CAIQ (AICM v1.0) self-assessments prepared. Not submitted to the STAR Registry.

Readiness-mapped

GDPR

RTBF runbook with crypto-shred, residency attestation, retention and legal hold. Self-hosted: customer is controller and processor.

Readiness-mapped

NIST AI RMF 1.0

Subcategory mapping including the Generative AI Profile (AI 600-1).

Partial

DORA

ICT-risk view export; Register-of-Information generator is an enterprise add-on.

Readiness-mapped

NIS 2 Directive

Obligation mapping with ICT supply-chain posture and incident-reporting evidence.

Trust package

Due-diligence documents

The trust package is published in the source repository. Enterprise buyers can request the full package — including pre-filled questionnaires and the evaluation guide — via enterprise@olivares.ai.

Available files are public Markdown snapshots with source provenance. Items without a shareable source remain available on request.

Questionnaire

CAIQ v4 self-assessment

CSA Cloud Controls Matrix v4 — 17 domains with evidence pointers.

Download (Markdown)
Questionnaire

AI-CAIQ / AICM self-assessment

CSA AI Controls Matrix v1.0 — 18 domains including Model Security.

Download (Markdown)
Questionnaire

Security questionnaire answer bank

33 pre-verified answers aligned to SIG 2026, CSA AI-CAIQ, and common buyer questionnaires.

Download (Markdown)
Architecture

Reference architecture

Buyer-facing architecture: three trust zones, deployment topologies, HA/DR, sizing.

Download (Markdown)
Evaluation

Evaluation guide

Proof-of-value in 10 business days — pass/fail criteria against the real binary.

Download (Markdown)
Commercial

Feature matrix

Complete Community (AGPL) vs Enterprise comparison — all 26 add-ons.

Download (Markdown)
Security

Hardening guide

Threat model verification with file:line evidence — pentest-ready.

Available on request
Accessibility

VPAT

Voluntary Product Accessibility Template for the admin console.

Download (Markdown)

Data processing

Sub-processors

Olivares AI is self-hosted software. The product runs entirely in your infrastructure — data never leaves your perimeter. There are no sub-processors of customer data. LLM providers are your vendors, not ours; the product inventories them for your third-party risk management.

If a managed cloud offering is introduced, sub-processors will be listed here before any data processing begins.

Vendor services

Our own website, licensing and communications run on:

Cloudflare

Active

Website hosting, DNS and anti-bot protection.

Resend

From launch

Transactional email and newsletter delivery.

Polar

From commercial availability

Merchant of record for commercial licenses.

GitHub

Active

Source hosting and community.

We use no client-side analytics provider and run no client-side analytics.

Verify yourself

Don't take our word for it

From the first public release on, every artifact claim on this page is verifiable with public tooling — the bundled script walks signatures, attestations, and SBOM integrity. Download the artifacts first; never pipe an installer into a shell.

# Ships with the first public release — download the release
# artifacts, then run the bundled verifier from that directory:
scripts/verify-release.sh                              # keyless (Sigstore)
scripts/verify-release.sh --key cosign.pub --offline   # air-gapped, no network

The script checks cosign signatures, SLSA provenance, and the SBOM and OpenVEX attestations. The full manual command chain is documented in the verify-a-release guide in the docs.

Enterprise evaluation

Deploy the demo estate in five minutes, then run the full proof-of-value in 10 business days. The evaluation guide includes pass/fail criteria against the real binary — no slides, no sandbox, no demo environment that differs from production.

Trust questions

Do you have SOC 2 or ISO 27001?

Not yet. Readiness mappings exist for both — SOC 2 (Trust Services Criteria) and ISO 27001 (Annex A controls) — with evidence pointers to the codebase. SOC 2 Type II is planned for the managed cloud tier. We publish posture, not claims.

Has the product had a penetration test?

Not yet. The program is committed with scope, cadence, and budget documented. The first independent test is planned for post-launch; results will be published.

How do I verify a release is authentic?

Once the first public release ships: run the bundled verification script (scripts/verify-release.sh) or verify manually with cosign — every release carries SLSA provenance attestation and cosign signatures, no trust in us required. Until then there is no public artifact to verify, and this page says so instead of pretending otherwise.

Where is my data stored?

Olivares AI is self-hosted — your data stays in your own infrastructure. The vendor never sees, stores, or processes your data. There are zero sub-processors. The managed cloud (when available) will offer data residency commitments.

Is a DPA available?

The DPA is under legal review. It is available on request via enterprise@olivares.ai before any personal-data processing engagement.

What compliance frameworks does the product support?

The product maps 25 framework catalogs including EU AI Act, NIST AI RMF, ISO 42001, SOC 2, ISO 27001, GDPR, NIS 2, DORA, OWASP Agentic, CSA AICM, and US state AI laws. Each framework is data with per-control evidence — not a certification claim.

How do I evaluate the product?

Build from source, boot the demo estate in five minutes, and follow the 10-day evaluation guide. Every criterion is pass/fail against the real binary. Contact enterprise@olivares.ai for an enterprise evaluation license that unlocks the 26 add-ons during the POV.

What is the difference between Community and Enterprise?

The AGPL build is the complete platform — nothing removed. Enterprise adds 26 risk-mitigation and scale-operation capabilities (multi-IdP, content firewall, WORM retention, DORA register, and more) plus a legal exception to the AGPL copyleft and SLA-backed support. The full feature matrix is in the trust package.

Security starts with transparency

Every public release ships signed, attested, and documented — verify the integrity yourself. The evidence is public from the first release.