What we publicly commit to. Anyone can hold us to it.
Ten commitments that bind how Safeguard treats customer data, model releases, disclosure, and our own mistakes. They are not marketing — they are the bar we have to clear. Where we fall short, we expect to be told.
Ten lines we will not cross.
Plain language. No legalese. If a commitment below ever fails to apply, we owe an explanation in writing.
We will not train on customer code or scan outputs
Customer source, prompts, scan artefacts, and findings never enter the training corpus. Anonymised model-behaviour telemetry is used to improve the model only with explicit opt-in. Individual customer artefacts are not.
Every model release passes adversarial red-team gates before shipping
Releases that regress on adversarial resistance, refusal-rate stability, or trace quality are held — regardless of headline benchmark gains. The gate is binary, not a target. The gate cannot be waived by a product manager.
Customer-verifiable model provenance is available on request
Model weights are signed. Datasets are versioned. Training runs are reproducible from the recorded recipe. Any customer can request an attestation that ties a deployed model to the recipe that produced it.
Findings ship with structured reasoning traces; opacity is not a security feature
Every Griffin verdict emits a HYPOTHESIS / CITED PATH / DISPROOF / PROPOSED PATCH trace. We do not ship findings without that trace. We do not redact reasoning to make a number look better.
We will not ship features whose primary effect is locking customers in
No proprietary data formats where an open one exists. Full export of customer data on request, in an open schema, within five business days. Migration paths off Safeguard are documented and supported.
Sovereign customers get the full model lineup, not a watered-down tier
Griffin Zero on sovereign deployments uses the same weights, the same training recipe, and the same safety controls as the multi-tenant deployment. Air-gap is a deployment property, not a capability ceiling.
We will not sell or share aggregated customer findings with non-defensive buyers
Aggregated, anonymised findings are used to publish public threat-feed items and research. They are not sold to ad networks, data brokers, offensive-security vendors, or any party operating outside a defensive use case.
Coordinated disclosure is default; public posting is opt-in
When the platform identifies a candidate vulnerability in third-party code, the default is coordinated disclosure with the upstream maintainer under our published SLA. Public posting requires explicit customer consent.
24-hour customer notification on material breach
If a security incident materially affects customer data, customer findings, or customer-deployed model artefacts, affected customers are notified within 24 hours of confirmation. The clock starts at confirmation, not at convenience.
We will reverse a decision we got wrong, in writing, publicly when appropriate
When we mis-design a feature, mis-prioritise a roadmap, or mis-handle a customer interaction, we say so and change course. Where the misstep was public, the correction is public. Compounding a mistake costs more than admitting one.
How we hold ourselves to these.
Commitments are only as good as the mechanisms behind them. Each of these surfaces is public and auditable.
Published roadmap
Quarterly roadmap is public. Shipped, slipped, and cut items are all visible. Customers can see what changed and why.
Public threat feed
Threat-feed items are published with the cited evidence and the trace that produced them. No findings posted without a reproducible artefact.
Customer-verifiable provenance
Any customer can request a signed attestation tying their deployed model to the training recipe and weights hash that produced it.
Transparency report
Aggregate platform numbers, government requests, incidents, and commitments missed — published on a quarterly cadence.
Tell us where we fell short.
If a Safeguard release, decision, or behaviour visibly breaches any of the commitments above, raise it directly. The compliance mailbox is monitored by a named person on the responsibility team. Security-relevant findings can also route through the bug-bounty programme. Both channels guarantee a response.
Where the commitments live in practice.
Values
Three short constitutions that govern how we build, ship, and behave.
Transparency
What we count, what we publish, what we get wrong — on a quarterly cadence.
Responsible scaling
How model capability is paired with safety controls before a tier ships.
Security
The trust-centre: certifications, controls, and the architecture they back.