Insights

Notes on building AI
you can trust.

Field notes from engineering the trust lifecycle — from design-time validation with Plumbline to runtime trust and governance with AgentGuard.

PerspectiveFeatured

Trust starts before production.

Almost everyone building with AI has felt the same lurch: the demo was flawless, the launch went fine, and then — weeks later — an agent did something nobody can explain. A customer got a confidently wrong answer. An agent read the wrong document and acted on it. A field of sensitive data slipped into a response. And when the questions come, the evidence is scattered across three tools, or it was never captured at all.

The reflex is to add monitoring. Watch the traces. Chart the latency. And that helps — but it treats a symptom. Because the failures that surface in production were, almost always, written long before deployment: an agent loop with no iteration cap, a missing fallback when the model provider rate-limits, an untrusted input that reaches a tool-enabled prompt, a model quietly swapped with no guardrail. None of these show up when the demo works. All of them show up under real traffic.

Watching AI in production is not the same as trusting it. A runtime tool can only tell you what already happened.

Two guards, one lifecycle

This is why we think about trust as a lifecycle, not a dashboard. It has a left side and a right side, and both need a guard.

On the left — design-time — Plumbline reads the code before it ships. It's an open-source static analyzer that uses taint and dataflow analysis to reason about the real, structural properties of LLM and agentic code. It's deterministic, so the same code produces the same findings every run; it makes no network calls and sends no telemetry; and it emits SARIF, so its findings appear right alongside your other checks in CI. It catches the class of defect a code review misses — not because reviewers aren't careful, but because these are properties of behaviour, not syntax.

On the right — runtime — AgentGuard assures what's already live. It brings the whole interaction into one record: the trace, the guardrail decisions, the evaluation, the compliance evidence, and one honest Trust Score across all of it. It's scoped to the interactions you instrument, and it's honest by design — where the evidence isn't there, it says "insufficient data" rather than invent a number.

Plumbline guards the code before it gets there. AgentGuard guards it once it's live.

Why the whole line matters

You can buy a runtime observability tool from a dozen vendors. What you can't buy from any single one of them is coverage of the entire path — from the first commit in the IDE, through CI, into production, all the way to the audit. That end-to-end trust lifecycle is a story a runtime-only tool structurally cannot tell, because it never sees the left side of the line.

Trust isn't a feature you bolt on at the end. It's a property you build in from the first commit and prove all the way to the audit. That's the whole reason ActaClad exists — and it's why we ship both guards, not one.

More insights

Product
The honest Trust Score

How one number can be credible: gated on the weakest link, and honest enough to say "insufficient data" instead of a fake 100.

Coming soon
Security
AI's new front door

Prompt injection, jailbreaks, and PII leakage — the attack surface your firewall and DLP were never built to see.

Coming soon