What is the billing structure?

Initial engagement for the blueprint (Agentica), followed by an annual or semi-annual attestation cycle (Agentica + partner). The partner bills the client directly for the certification work; Agentica bills for the blueprint and integrated attestation. No referral fees in either direction.

Re-attestation cadence?

On material infrastructure change, on change in insurer conditions, or on defined cycle (six to twelve months by risk class).

What kicks off the engagement?

The policy architecture produced by ComplianceCore. GuardLayer starts after ComplianceCore because the blueprint translates the policy architecture into infrastructure specifications.

Practice 3 — Control

We specify what must be in place. A partner certifies it. We integrate it.

GuardLayer produces the GuardLayer Attestation — the proof, structured for the insurer, that your policies are actually encoded in your infrastructure configuration.

Request a briefing Active AI incident

The three-part model

Three components, two owners, one attestation

Infrastructure blueprint

Owner: Agentica

Translates ComplianceCore policy architecture, regulatory requirements, and insurer conditions into infrastructure specifications.

Configuration certification

Owner: verification partner

Reads the client's actual configuration and certifies whether the blueprint is implemented.

Integrated attestation

Owner: Agentica

Combines the partner's certification with the rest of the risk picture into the attestation the insurer uses.

Why this structure

Why we structured GuardLayer in three parts

Every client has a different infrastructure stack. Holding deep AWS, Azure, GCP, on-prem, and hybrid expertise in-house would require a team much larger than the coordination role justifies — and would compromise the independence that makes the attestation reliable.

We specify and we integrate. The partner certifies the configuration. That separation keeps the attestation independent — and that independence is what makes it useful to the insurer.

Scope discipline

What GuardLayer attests — and what it does not

GuardLayer attests to configuration against blueprint. It does not certify that the foundation model, the agent framework, or the broader AI stack is robust against unknown adversarial inputs — that claim cannot be made honestly by any firm and we do not make it.

What we certify: the controls specified in the blueprint are present and configured as required. That is precise, defensible, and what the insurer needs.

What GuardLayer is not

We do not build your infrastructure
We do not operate it
We do not patch it or monitor it
We do not perform the verification — that is the partner's work

Engagement format

How the engagement works

GuardLayer starts after ComplianceCore.

The ComplianceCore policy architecture is the direct input to the blueprint. We can scope the engagement from a single call.

Request a briefing Active AI incident

Confidential Response within one business day No commitment