Integration

Endpoints and integration paths.

All twelve domain control matrices are available as machine-readable JSON under the apeiris.ai namespace.

How Apeiris fits

An open knowledge layer to build on — not another platform to adopt.

Apeiris defines an open, machine-readable knowledge layer: control definitions, framework crosswalks, and the evidence each control requires. It maps to and extends the primary frameworks — NIST AI RMF, ISO/IEC 42001, the EU AI Act, OWASP AISVS, MITRE ATLAS — rather than replacing them, and it is designed to sit upstream of the tools you already run: GRC platforms, CI/CD, runtime gateways, and observability. Use it alongside them. Apeiris supplies the vocabulary and the verifiable evidence definitions; your platforms operate on them.

Every artifact is content-addressed by SHA-256 and pinned in a manifest signed with an offline Ed25519 key, so what you consume is exactly what Apeiris published — verify it yourself. This is the public knowledge layer; runtime evaluation and enforcement are a separate platform concern.

All twelve domain endpoints

Security — securitycontrols.ai

Control matrix

The Apeiris Security control matrix defines 53 controls across 6 layers (IA, EC, PT, GV, RT, AS) for AI agent security governance. The canonical URL is apeiris.ai/domains/security/. Also available at securitycontrols.ai.

X-Apeiris-Domain: security
X-Apeiris-Prefix: AS
Attestation: AS-08
↓ security-controls-full.json

Model — modelverifier.ai

Control matrix

The Apeiris Model control matrix defines 57 controls across 6 layers (LI, TG, EV, OA, BH, CR) for AI model assurance: lifecycle, training governance, evaluation, operational assurance, behavioral monitoring, and ModelAssuranceAttestation. Also available at modelverifier.ai.

X-Apeiris-Domain: model
X-Apeiris-Prefix: CR
Attestation: CR-08
↓ model-controls-full.json

Identity

Control matrix

The Apeiris Identity control matrix at apeiris.ai/domains/identity/ defines 52 controls across 6 layers (II NI DE IF IM IC) for AI agent identity governance: registry, credential lifecycle, delegation chains, federation trust, and anomaly detection.

X-Apeiris-Domain: identity
X-Apeiris-Prefix: IC
Attestation: IC-08
↓ identity-controls-full.json

Privacy

Control matrix

The Apeiris Privacy control matrix at apeiris.ai/domains/privacy/ defines 49 controls across 6 layers (DC DG DS DP PM PC) for lawful data use: consent basis, data subject rights, cross-border transfers, and privacy monitoring.

X-Apeiris-Domain: privacy
X-Apeiris-Prefix: PC
Attestation: PC-08
↓ privacy-controls-full.json

Authority

Control matrix

The Apeiris Authority control matrix at apeiris.ai/domains/authority/ defines 53 controls across 6 layers (PV PA PO PR PG PE) for enterprise business authority: approval limits, operating intent, contract obligations, and procurement controls.

X-Apeiris-Domain: authority
X-Apeiris-Prefix: PE
Attestation: PE-08
↓ authority-controls-full.json

Agentic

Control matrix

The Apeiris Agentic control matrix at apeiris.ai/domains/agentic/ defines 50 controls across 6 layers (AA AB AT AO AM AG) for AI agent behavioral authorization: authentication, action scope, tool governance, orchestration bounds, monitoring, and BehavioralAttestation.

X-Apeiris-Domain: agentic
X-Apeiris-Prefix: AG
Attestation: AG-08
↓ agentic-controls-full.json

Compliance

Control matrix

The Apeiris Compliance control matrix at apeiris.ai/domains/compliance/ defines 48 controls across 6 layers (CA OB RF CI AU CG) for AI regulatory compliance: obligation mapping, EU AI Act conformity, DORA, audit readiness, and ComplianceAttestation.

X-Apeiris-Domain: compliance
X-Apeiris-Prefix: AU
Attestation: AU-08
↓ compliance-controls-full.json

Resilience

Control matrix

The Apeiris Resilience control matrix at apeiris.ai/domains/resilience/ defines 48 controls across 6 layers (RV RP RO FO RE RG) for AI operational resilience: verification testing, BCP/DR planning, fault tolerance, DORA compliance, and ResilienceAttestation.

X-Apeiris-Domain: resilience
X-Apeiris-Prefix: RG
Attestation: RG-08
↓ resilience-controls-full.json

Finance

Control matrix

The Apeiris Finance control matrix at apeiris.ai/domains/finance/ defines 48 controls across 6 layers (MR MV FD FC FP FG) for financial AI governance: SR 26-2 model risk management, independent validation, adverse action disclosure, SOX controls, and FinanceAttestation.

X-Apeiris-Domain: finance
X-Apeiris-Prefix: FG
Attestation: FG-08
↓ finance-controls-full.json

Ethics

Control matrix

The Apeiris Ethics control matrix at apeiris.ai/domains/ethics/ defines 50 controls across 6 layers (EF FA XP HI FM EG) for AI ethics governance: ethical foundations, bias assessment, explainability, human rights due diligence, fairness monitoring, and EthicsAttestation.

X-Apeiris-Domain: ethics
X-Apeiris-Prefix: EG
Attestation: EG-08
↓ ethics-controls-full.json

Knowledge

Control matrix

The Apeiris Knowledge control matrix at apeiris.ai/domains/knowledge/ defines 49 controls across 6 layers (KS KI KR KC KM KG) for AI knowledge governance: source authorization, poisoning prevention, retrieval quality, currency management, and KnowledgeAttestation.

X-Apeiris-Domain: knowledge
X-Apeiris-Prefix: KG
Attestation: KG-08
↓ knowledge-controls-full.json

Data

Control matrix

The Apeiris Data control matrix at apeiris.ai/domains/data/ defines 48 controls across 6 layers (DX DI DM DL DA DV) for AI data governance: sensitivity classification, integrity protection, lineage tracking, access authorization, and DataGovernanceAttestation.

X-Apeiris-Domain: data
X-Apeiris-Prefix: DV
Attestation: DV-08
↓ data-controls-full.json

Domain manifest

All 12 endpoints in one file.

Lists every domain slug, version, control count, attestation artifact, SHA-256 checksum, and canonical endpoint URL. All 12 domains are at schema v1.1.0 with extended testability fields: validation_objective, evidence_required, machine_tests, human_review, blocking_effect, normative_status, anti_patterns, and update_status.

↓ manifest.json

Source registry

All normative sources with canonical metadata.

Machine-readable registry of every standard, regulation, framework, and guidance document referenced in Apeiris control matrices — 300 sources including the OWASP AI Testing Guide v1 — with source_id, publisher, version, canonical URL, effective date, jurisdiction, normative force, and update cadence.

↓ source_registry.json

Source references

Every control that cites a given source.

The reverse of each control's crosswalk: pick any standard, regulation, or framework and see every control across all 12 domains that references it — citation transparency for verifying coverage.

→ Browse source references

Anchor registry

The real taxonomy of every cited framework.

One machine-readable file per framework capturing its actual structure — requirement IDs, section titles, edition, and capture provenance — taken only from primary texts. Every framework citation in every control matrix is validated against these anchors in CI, so a fabricated section number fails the build instead of surviving until an audit.

/integration/anchors/[framework].json

OWASP AISVS 1.0 coverage

All 191 requirements mapped to Apeiris controls.

Maps every OWASP AI Security Verification Standard 1.0 requirement (C01–C12) to Apeiris control URIs with a coverage verdict: direct, partial, none, or out_of_scope.

↓ aisvs_coverage_matrix.json

Structured agent authorization profile

RFC 9396 cross-domain validation profile.

Defines the 8 capabilities required for per-request structured agent authorization — registered identity, ephemeral credentials, permission ceilings, resource server validation, fail-closed enforcement, and policy-as-code governance. Normative anchor: RFC 9396 (OAuth 2.0 Rich Authorization Requests).

↓ profiles/structured_agent_authorization.json

Framework coverage manifests

Per-requirement coverage for major frameworks.

Explicit coverage manifests mapping every requirement of each major framework to Apeiris controls with direct / partial / none / out_of_scope verdicts. Available for: EU AI Act, ISO/IEC 42001, NIST AI RMF + AI 600-1, SR 26-2, DORA.

/integration/coverage/[framework]_coverage.json

Manifest signature profile

Cryptographic integrity verification spec.

Specifies the algorithm (Ed25519), canonicalization method (RFC 8785 JCS), and verification procedure for integrity assertions on Apeiris domain control matrices. Per-domain SHA-256 content hashes in manifest.json are recomputable by any consumer over HTTPS, and the manifest is signed with an offline Ed25519 key — the public key is published and the signature is verifiable in your browser.

→ Verify integrity live  ·  ↓ profiles/manifest_signature.json

Agent identity mode profile

Six identity modes from session to attested workload.

Defines the six identity modes for AI agents — user session, brokered user delegation, service account, governed service account, attested workload identity, and hybrid user-to-workload chain — each with appropriate use cases, prohibited patterns, required Apeiris controls, failure modes, minimum evidence, and migration path. Includes SaaS authorization ceiling guidance, identity taxonomy (workload / personal / personal-in-enterprise), and provider implementation signals for Okta, Entra, AWS Bedrock, Google Agent Identity, SPIFFE, and Canva's Credential Broker pattern.

↓ profiles/agent_identity_mode.json

In design — attestation query interface

Evaluate an action against the full evidence fabric.

The platform layer (currently in design) will expose an attestation query interface — a single endpoint that accepts an action context and returns an evidence DAG verdict across all twelve domains.