Skip to content
You are offline. Some features may be unavailable.
AI Governance

Evidence that keeps AI governance grounded.

CraftedTrust helps teams inventory AI systems, evaluate vendors, publish trust material, and add stronger runtime evidence where it is actually needed.

Start Evidence Sprint AI Inventory Vendor Diligence MCP Trust

What the platform is for

AI governance breaks down when nobody can answer basic questions: what systems exist, who owns them, which vendors are involved, what evidence supports approval, and what changed after rollout. CraftedTrust keeps those questions in one evidence model.

MCP Trust fits inside that model as the public trust line for MCP servers. Runtime Gateway is the optional runtime layer when point-in-time review is not enough.

Visibility

AI Inventory

Track systems, owners, vendors, approval state, and data access before the sprawl becomes unmanageable.

Decision support

Vendor Diligence

Collect public proof, review notes, research, and open issues in a format buyers can actually use.

Public trust

MCP Trust

Registry search, scanning, certification, and buyer proof for MCP servers and publishers.

Runtime evidence

Runtime Gateway

Telemetry, policy checks, and live evidence for teams that need stronger controls after approval.

Built for where agent assurance is going

The Apr 15 AIUC-1 update is a signal that agent review is moving closer to approved interfaces, scoped permissions, logged actions, and monitored third-party access.

Approved agent interfaces

Know which MCP and agent endpoints are actually allowed

The buyer question is no longer just who the vendor is. It is which interfaces are approved, what runtime boundaries exist, and what gets blocked.

Verified identities

Tie agents to identities and scoped permissions

Stronger identity, role, key, and permission boundaries make it easier to prove who acted, what they could reach, and how long access lasted.

Logged actions

Keep tool actions and evidence exports reviewable

Buyers increasingly ask whether tool calls are validated, logged, and easy to export into a diligence packet instead of hidden inside runtime noise.

Third-party monitoring

Monitor connected third parties after approval

Dynamic MCP servers, agents, and registries make third-party monitoring part of the real operating model, not just a contract review step.

Read the AIUC-1 Q2 explainer Runtime Gateway
How teams usually start

Start with inventory and diligence

  • Inventory the systems and vendors already in use.
  • Sort by owner, risk, and approval status.
  • Collect public proof and open questions for the systems that matter.
How it expands

Add product lines only when they fit

  • Use MCP Trust when the decision involves a public MCP integration.
  • Use Runtime Gateway when live telemetry or policy controls are justified.
  • Use Touchstone when teams need deeper policy context or mappings.
Start Evidence Sprint Platform docs Research Platform support