Build with Apeiris
Every consequential AI action eventually raises the same questions.
- Was it authorized?
- What evidence supports the decision?
- Could an independent reviewer reach the same conclusion?
Apeiris is building the shared assurance layer, so every product does not have to rebuild it.
An open corpus. A shared evidence model. A common proof language for builders, security products, enterprises, and the platforms beneath them.
Most companies do not win by maintaining their own framework mappings, citations, evidence definitions, and regulatory updates. That work is necessary, but it is rarely what their customers came to buy.
Apeiris is building it once, in the open, so others can focus on what makes their products different.
Ship the trust features customers expect before you can afford a compliance team.
Ground your trust page and security questionnaires in named controls, primary-source citations, and framework language, not unsupported prose. Use the Advisor for self-assessment and give customers verification they can run themselves.
The corpus is CC BY 4.0. The read tooling is Apache-2.0. There is nothing to buy before you start.
Your runtime detects. Apeiris explains.
Stop rebuilding the assurance intelligence behind every finding.
As security products mature, their teams inherit the same work: mapping findings to frameworks, tracking regulatory change, explaining detections, and keeping citations current. That is necessary work, but it is operational drag on the product customers came to buy.
Apeiris maintains the open, signed knowledge layer behind it, and is developing the embedded reasoning interface with design partners.
{ "finding": "Unauthorized MCP tool invocation", "severity": "High" }{
"finding": "Unauthorized MCP tool invocation",
"control_relationship": "direct",
"required_evidence": [
"tool registry snapshot",
"invocation authorization record"
],
"missing_evidence": ["invocation authorization record"],
"evidence_verdict": "insufficient",
"related_compositional_obligations": ["object-binding", "temporal-revalidation"],
"citation_count": 4
}Expand to inspect affected controls, framework relationships, compositional dependencies, and primary-source citations.
The full response resolves each control to its canonical apeiris:// URI with its validation objective and blocking posture, each framework relationship with typed fit and basis, the compositional obligations implicated by the finding, and citations into the captured primary texts. Explore the same chains today through the Evidence Proof Map and the API reference.
The corpus and read tooling are live today. The embedded reasoning runtime is in development with design partners.
Design the reasoning interface with us Try the corpus against your findings
When someone asks “why did the AI do that?”, there should be a better answer than “the vendor said it was okay.”
The audience is larger than security engineering. It includes second-line risk, internal audit, counsel, the board, external auditors, and regulators.
They need a conclusion they can examine: which obligations applied, which controls addressed them, what evidence was required, what evidence was present, and where the gaps remained.
The shared, signed baseline Apeiris publishes lets internal teams, vendors, and independent reviewers make those claims checkable.
The commercial layer sits around that open foundation: update feeds with service levels, support, signed evidence statements, tenant-specific overlays, and assurance pilots.
Extend the shared layer.
Model providers, cloud platforms, identity providers, agent gateways, security platforms, and standards bodies can do more than consume Apeiris.
They can publish signed overlays and crosswalks, map product controls to the shared vocabulary, and expose assurance evidence in a form that customers and other tools can interpret consistently.
The enrichment layer exists for exactly this purpose.
Why open?
The web grew around shared languages. Operating systems became portable through shared interfaces. Identity systems interoperate through shared protocols. Security teams coordinate through shared identifiers.
AI assurance still lacks a shared foundation.
Apeiris is building a common assurance language that products, enterprises, and independent reviewers can inspect and use without asking permission.
The corpus is openly licensed. The read tooling is Apache-2.0. Every published artifact is signed and independently verifiable.
Open should not require trust in Apeiris. Verify the exact artifacts yourself.
Every published artifact is SHA-256-pinned in an Ed25519-signed manifest. A partner, customer, or auditor can confirm in the browser that the artifact they received is byte-for-byte the artifact Apeiris published.
Verify it nowOne ecosystem, six ways in.
Access the corpus, SDK, and MCP tooling
Reference the shared vocabulary and primary-source lineage
Add assurance capabilities to your product
Integrate the reasoning layer as it develops
Receive governed updates, support, and service levels
Compose obligation proofs from evidence
How we can work together now.
| You are... | Start here |
|---|---|
| Building an AI product | Use the corpus, SDK, MCP, and verification tooling |
| Operating a security product | Integrate the corpus and help shape the reasoning interface |
| Governing enterprise AI | Evaluate the proof model and define an assurance pilot |
| Providing a platform | Map product controls and design signed overlays |
Live today: corpus, schemas, mappings, SDK, MCP, verification and planning tools.
In development with partners: embedded reasoning and tenant-specific assurance workflows.
Build with Apeiris
Tell us what you are building, securing, governing, or extending.
Start with the open corpus Discuss a partnership