PRODUCT · ATTESTED MIRROR

The model store you can put in front of an auditor.

Frontier weights with cryptographic provenance, witness panel review, and a Merkle log that any independent verifier can validate. Built for organizations that can't ship "trust us" as a security architecture.

View pricing ↓ Schedule demo

the problem

Pulling weights from a public hub is a procurement question your security team can't answer.

Where did those weights come from? What was the training corpus? Have they been modified since publication? When the model behaves unexpectedly in production, can you prove what version was running? On HuggingFace, the answer to all four questions is "we don't know." For most internal experiments that's fine. For ATO, FDA SaMD, IEC 61508, or NERC-CIP, it's a stop-work.

the solution

Every weight signed, every promotion witnessed, every claim verifiable.

Tier-gated promotion

QUARANTINE → HARDENED → SEALED. Promotion requires witness signatures from the panels relevant to your use case. Demotion is a single revocation signature; cascades are automatic.

Witness panel review

Nine panels covering medical (FDA-SaMD), AI safety (NIST AI-RMC), threat (MITRE ATT&CK), defense (DARPA-AIT), industrial (IEC 61508), grid (NERC-CIP), finance (SEC), reproducibility (ACM), and universal (Cosmic).

Rekor anchoring

Every promotion, demotion, and cosignature appended to a Merkle log with full inclusion proofs. Cross-mirror gossip propagates checkpoints. Independent verification at any time.

Independent verification

The sf-verify tool ships as a 465-line Python script with no Apex dependencies. Your security team can validate every claim without trusting our infrastructure.

Quantization-aware

INT8 / INT4 / FP8 derivatives chain back to their sealed FP16 base through signed compile manifests. The trust chain doesn't break when the airframe needs a 4-bit quant.

Drift detection

Reverification runs on schedule. Witness rotation, key compromise, and revoked publishers are caught and propagated automatically. Your customers see the demotion the moment it lands.

who it's for

Three procurement constraints we built this for.

Defense primes

JADC2, CDAO, and program offices that need attested AI under DoD SWFT and ATO frameworks. Mirror runs in your VPC; signatures roll up to your audit pipeline.

Regulated medical

Hospital systems, medical device manufacturers, and clinical research organizations bound by FDA SaMD, HIPAA, and the EU AI Act high-risk classification.

Sovereign infrastructure

Grid operators (NERC-CIP), water utilities, financial institutions, and national AI initiatives where the provenance posture is itself a procurement requirement.

pricing

Annual subscription. Per organization, not per user.

Pricing reflects the curation work, not the storage cost. Every customer gets the full catalog, full witness coverage, full audit trail.

Pilot

$50K/ yr

First-year pilot for a single program of record. Full catalog, single VPC deployment.

Top 30 frontier models, fully attested
Single VPC mirror deployment
Witness panels relevant to your industry
Quarterly catalog refresh
sf-verify CLI included
Email support, business hours

Start pilot

Enterprise

$100K/ yr

Standard tier for production deployments across multiple programs or regions.

Full catalog, all tiers
Multi-region mirror with cross-mirror gossip
All nine witness panels
Monthly catalog refresh
Custom witness panel onboarding
24/7 support with named TAM
Drift alerts via your SIEM

Talk to sales

Sovereign

Custom

National-scale deployments, classified networks, or regulated industries with bespoke witness requirements.

All Enterprise features
Bespoke witness panel composition
On-premises mirror with local keystore
Source-code escrow available
FedRAMP / IL5 path support
Dedicated engineering liaison

The trust substrate is already running.

See the live demo. Run the verifier. Audit the source. Then talk to us about the version that fits your network.

See it live → Other products