FedRAMP · FISMA · NIST AI RMF · OMB M-24-10

AI safety + compliance for government

The eval + guardrail + red-team + audit platform built to satisfy public-sector AI mandates. Map every model to NIST AI RMF + EU AI Act controls, generate the evidence bundle agency-CAIO offices require, run continuous red-team against the surface attackers actually exploit.

0
Scorers
0
LLM providers
0
Red-team plugins
0.00ms
Firewall p95

What ships today

Honest posture, not roadmap promises

Every checked item is in production today. In-progress items are flagged explicitly — no overclaiming, no vapor.

NIST AI Risk Management Framework (Govern/Map/Measure/Manage) mapped
OMB M-24-10 (federal AI use-case inventory) compatible export
EU AI Act Annex IV technical documentation auto-generator
ISO 42001 Statement of Applicability per Clause 6.1.3
Tamper-evident audit log + integrity hash chain (FISMA-relevant)
ATO-relevant control mapping (CSF + 800-53 cross-reference)
Third-party FedRAMP Moderate attestation

Built for buyer reality

Government AI use cases we ship for

Citizen-services chatbot

Agency website chatbot answers benefit-eligibility questions across SSI, SNAP, VA, Medicare. Cannot promise benefits that don't exist, cannot leak PII across sessions, cannot give legally-binding determinations.

EvalGuard features

  • Topic firewall: blocks queries asking for legally-binding eligibility determinations
  • Hallucination scorer: faithfulness check against the loaded benefit-program corpus
  • PII firewall: redacts SSN, DOB, household income from logs by default
  • Audit log: every conversation tagged with agency + program for OIG audit recoverability

FOIA response triage

AI categorizes FOIA requests by exemption applicability + drafts initial response. Must never disclose exempted material, must cite every exemption to the FOIA statute, must satisfy 20-day response clock.

EvalGuard features

  • Exemption-detection scorer: trained on FOIA b(1)–b(9) patterns
  • PII firewall: cross-check on every release for unintended PII inclusion
  • Output guardrail: block mode auto-quarantines high-confidence-exempt material
  • Audit log: every triage decision linked to reviewer + statute citation

Acquisition / contract review

AI reviews vendor responses to RFPs + flags evaluation criteria deviations. Procurement-sensitive material must stay inside the firewall, FOIA-discoverable material must be auditable.

EvalGuard features

  • BYOK keys: agency-specific encryption isolates RFP responses per acquisition
  • Procurement-integrity scorer: catches contractor-bias language patterns
  • Tamper-evident audit log: integrity_hash chain for protest-defense
  • Cost ledger: per-acquisition USD attribution for indirect-cost recoverability

Mission-system observability

Agency-internal AI assists analysts on classified/CUI-marked workloads. Every prompt must be CUI-handling-compliant, every model output must be classification-marked, every interaction must be auditable to a clearance.

EvalGuard features

  • CUI-marking scorer: flags responses lacking the required classification marking
  • Multi-frame voice guardrails for SCIF-deployable voice assistants
  • Per-user audit trail keyed to clearance ID (no joint-account misuse)
  • Self-hosted Apache-2.0 source — full deployment behind your firewall

Wire it in 60 seconds

Wrap your OpenAI client. Point it at your air-gapped EvalGuard.

Self-host inside the ATO boundary by pointing `baseUrl` at your private deployment. NIST RMF + EU AI Act + ISO 42001 evidence is generated from the audit stream.

typescript
import OpenAI from "openai";
import { wrapOpenAI } from "evalguardai-openai";

const openai = wrapOpenAI(new OpenAI(), {
  apiKey: process.env.EVALGUARD_API_KEY!,
  baseUrl: "https://evalguard.agency.gov/api/v1", // air-gap deploy
  projectId: "benefit-determination",
  metadata: { vertical: "government", risk_tier: "high", classification: "CUI" },
  blockOnViolation: true,
  evalOnResponse: { failOnScore: 0.8 },    // eligibility-faithfulness gate
});

await openai.chat.completions.create({
  model: "gpt-4o",
  messages: [{ role: "user", content: benefitDeterminationPrompt }],
});
Annex IV + SoA + RMF coverage report auto-generated from the audit stream — set up once per project in the control plane.
Same integration for Anthropic, Gemini, and 91+ providers — swap wrapOpenAI for wrapAnthropic.

Stack

Six surfaces, one platform

Eval, firewall, red-team, audit, BYOK, dashboard — every surface ships out of the box. No bolt-on vendors, no procurement cycle per capability.

Citizen-data firewall

PII redaction (SSN, DOB, address) + benefit-program-specific identifiers (claim IDs, case numbers).

Faithfulness scorers

Citation-coverage + benefit-eligibility-honesty + exemption-detection scorers.

Red-team (249 plugins)

Public-sector pack: PII extraction, eligibility-manipulation, classification-bypass attacks.

NIST + EU AI Act evidence

Auto-generated SoA (ISO 42001), Annex IV docs (EU AI Act), NIST RMF coverage report.

BYOK + self-host

Apache-2.0 source — deploy behind your agency firewall, BYOK encryption for classified workloads.

Compliance dashboard

Per-tenant control coverage with auto-generated evidence for your ATO package.

Ship public-sector AI that survives the IG audit.

Free trial includes the full NIST + EU AI Act control mapping + evidence-bundle export. Self-hosted deployment + FedRAMP attestation path on request.

Start free trialTalk to founders

Apache-2.0 source · SOC 2 Type II in progress · full trust center