Bart Labs · ForgeShield · Solutions

Chain of custody for what your AI touches.

Every desk sees a different risk in the same AI conversation. Pick yours, and watch the ninety seconds built for it — what’s scrubbed inbound, retained per tenant, and provable to compliance later.

The complete walkthrough · start here

Six minutes, four acts — protect, retain, prove, and put your documents to work. Watch this first for the whole system, before you pick a desk below.

ForgeShield walkthrough · 4 acts · 6:01
ForgeShield walkthrough · 6:01

Transcript coming with captions.

Now find your desk — Finance & Insurance, Health & Wealth, or Knowledge — and watch the 90 seconds built for it.

AI governance, evidenced — not just claimed.

The newest layer of ForgeShield: a registry, a control-pack engine, and a governance broker that turn “we govern our AI” into something you can point an examiner at.

AI System Registry & EU Risk Tiering

Beta

A first-class registry of every AI system in use, with EU-aligned risk tiers. Systems tiered “unacceptable” are structurally refused activation.

Incident Lifecycle & HITL Approvals

Beta

Open → investigating → disclosed → closed, with an approval workflow that forbids self-approval. Every mutation rides the same audit chain as everything else.

EU AI Act Control-Pack Engine

Beta

Seven control packs, 44 controls, live-scored today. A control never shows LIVE without a real, failable probe behind it.

AICM Crosswalk

Beta

Maps ForgeShield’s controls into the CSA AI Controls Matrix, which carries its own crosswalk into ISO 42001 and NIST AI 600-1. “Contributes,” never “Equivalent,” until a human verifies it.

MCP Governance Broker

Beta

Sits between your agents and the tool servers they call over MCP, writing a per-call audit record onto the same chain. Ships pass-through today; default-deny allowlisting is next.

Merkle-Chained Audit Trail

GA

Every gateway-routed exchange seals into a Merkle-chained (ZKAT) audit entry the moment it crosses the gateway — tamper-evident, and checkable without trusting our runtime.

ForgeShield never claims a certification it doesn’t hold. Every capability above is evidence you can verify against source — “helps you evidence,” never “compliant.” Maturity tags are carried verbatim from our own engineering catalog.

Now in early access

Whatever your world, put it on the record.

Talk through how ForgeShield fits your workflows — Finance & Insurance, Health & Wealth, Knowledge, or all three.

Request a walkthrough