🔐 The SSL for AI — Cryptographic trust infrastructure

Every AI model deserves a passport

GAMP is the global identity and trust layer for AI models. Cryptographically signed, publicly verifiable, and live — the same way SSL certificates prove a website is authentic.

Register Your Model → See How It Works
GAMP
GAMP Registry
● Declared
15
+
Register your AI model
Free during launch
What is GAMP

The SSL certificate authority model — applied to AI

When you visit a website secured with HTTPS, your browser checks a cryptographic certificate that proves the site is authentic. No certificate, no padlock, no trust. GAMP does the same thing for AI models.

SSL / TLS
GAMP
Certificate Authority (CA)
GAMP Registry + Accredited Certifiers
X.509 Certificate
GAMP Passport
Public/Private Keypair
Per-Model Ed25519 Keypair
Certificate Signing Request
Model Registration Request
Certificate Chain
Certifier Co-signing Chain
OCSP Live Revocation
Live Badge API + Revocation Feed
Certificate Transparency Log
GAMP Public Audit Log
TLS Handshake
Signed Output Verification
🔐

Cryptographic Passport

Every registered model gets a unique Ed25519 keypair and a signed passport. The signature is verifiable by anyone — no need to trust GAMP itself.

📡

Live Trust Score

A dynamic 0–100 score that updates in real time based on verifications, certifier co-signatures, and behavioral drift reports — not frozen at registration.

🏷

Embeddable Badge

One script tag. The badge makes a live call to GAMP on every page load. Suspend a model — every embedded badge on every site goes red within seconds.

🔗

Chain of Trust

Certified third parties co-sign passports with their own private keys. Multiple co-signatures build a publicly verifiable chain — who certified this model, and who verified the certifier.

⚠️

Autonomous Tamper Detection

The GAMP SDK monitors deployed model outputs. If output signatures fail or distribution drifts from baseline, a drift report is raised automatically — no human needed.

📜

Public Transparency Log

Every registration, tier change, and suspension is permanently recorded in an append-only public feed. Nothing can be retroactively edited. Anyone can audit it.

How It Works

From registration to live verification in minutes

GAMP works at three levels — at registration, at deployment, and at every runtime interaction. Each level adds a layer of cryptographic proof.

1

Register your model

Submit your model's metadata — name, architecture, training data description, intended use. GAMP issues a unique Ed25519 keypair and signs a canonical passport hash with the GAMP master key.

2

Receive your private key

Your model's private key is returned once and never stored by GAMP. Store it in your secrets manager. GAMP holds the public key. This is the asymmetric trust model that makes verification trustless.

3

Wrap your model with the SDK

Three lines of Python or JavaScript. The GAMP SDK signs every output your model produces with its private key. Callers can verify authenticity without calling GAMP at all.

4

Embed the live badge

One script tag on any site. The badge shows your model's current tier and trust score, updated on every page load. If your model is suspended, the badge goes red everywhere it's embedded — simultaneously.

5

Build toward higher tiers

Request verification from GAMP, then engage accredited certifiers for co-signatures. Each co-signature is cryptographically verifiable and increases your live trust score.

6

Automatic drift monitoring

The SDK periodically pushes signed output batches to GAMP. If signatures fail or behavioral drift is detected, a report is raised automatically and your trust score is updated immediately.

Integration — 3 lines of Python

# Install: pip install gamp-sdk from gamp_sdk import GAMPAgent, gamp_signed agent = GAMPAgent( model_id="mdl_abc123", private_key_pem=os.getenv("GAMP_PRIVATE_KEY") ) # Option 1: Sign outputs manually signed = agent.sign_output("The capital of France is Paris.") # signed.signature — attach to your API response headers # Option 2: Decorator — wraps any function automatically @gamp_signed(agent) def my_model(prompt: str) -> str: return llm.generate(prompt) # Verify any signed output — no API key needed GAMPAgent.verify_locally(public_key_pem, output, signature)
Full Capability Stack

The only system that continuously proves
an AI model is what it claims to be

GAMP combines cryptographic identity, AI-powered behavioural monitoring, evidence-weighted trust scoring, and real-time badge propagation into a single verifiable infrastructure layer.

Layer 1 — Identity
Cryptographic Passport
Every AI model receives a unique Ed25519-signed passport. The signature is verifiable by anyone independently — no need to trust GAMP. Hash-chained to prevent retroactive editing.
Ed25519 signing RFC 8785 canonical JSON Hash chaining Per-model keypairs
Layer 2 — Evidence
Verifiable Evidence Packets (VEP)
Claims about a model must be backed by cryptographically signed evidence. Verified VEPs carry 1.5× the trust penalty of unverified assertions. Claims without proof are second-class citizens.
Evidence-weighted scoring Third-party evaluators Replay prevention Evidence chaining
Layer 3 — Active Monitoring
Semantic + Statistical Drift Detection
GAMP continuously monitors deployed models. A composite drift score combines AI semantic analysis (60%) with deterministic statistical fingerprinting (40%) — reproducible, explainable, regulator-ready.
AI semantic analysis Cosine n-gram similarity Refusal rate monitoring Reproducibility hashing
Layer 4 — Intelligence
AI Audit Analysis
Uploaded audit documents are read by AI before any human reviewer sees them. Cross-document consistency checking, gap analysis, and tier recommendation — at machine speed.
Document quality scoring Consistency checking Placeholder detection Tier recommendation
Layer 5 — Compliance
AI Industry Classification
Independently assesses what industry a model is likely deployed in. Detects mismatches between declared and actual use case. Identifies triggered regulatory frameworks automatically.
EU AI Act alignment MiFID II detection Healthcare classification FAIS Act (South Africa)
Layer 6 — Propagation
Live Badge + Webhook Network
One script tag. When a model is suspended or drift is detected, every embedded badge updates within one page load — everywhere simultaneously. HMAC-signed webhook delivery to Slack, PagerDuty, and Datadog.
Real-time propagation HMAC-signed webhooks Browser extension 9 event types
107
API routes
148
automated tests
5
provisional patents
6
trust layers
What this means in practice
"GAMP continuously verifies that a model behaves as declared — and reacts automatically when it doesn't. No human needs to notice the problem first."
What GAMP provides
Cryptographic passport
Live embeddable badge
Public searchable registry
Evidence-weighted trust scoring
Semantic drift detection
Statistical drift fingerprinting
AI audit document analysis
Certifier co-signing network
Industry classification
Browser extension
Python + JavaScript SDK
Real-time webhook delivery
Trust Tiers

Four tiers. Each one tells you what was done.

The tier name communicates the evidence standard, not just a ranking. Declared means self-registered. Accredited means an institutional body signed off. The difference is auditable.

Declared Free
Base Score: 10

Self-registered. Identity claimed, metadata on record. No external verification required.

  • ✓ Cryptographic passport issued
  • ✓ Live badge & public registry
  • ✓ GAMP SDK integration
Verified $99/yr
Base Score: 40

Identity and provenance confirmed by GAMP. Training data and architecture validated by the registry.

  • ✓ Everything in Declared
  • ✓ GAMP identity verification
  • ✓ Provenance validation
  • ✓ Blue badge tier indicator
Audited $599/yr
Base Score: 70

Two or more independent certifiers co-sign the passport with their own Ed25519 keys. Chain of trust is publicly verifiable.

  • ✓ Everything in Verified
  • ✓ Third-party co-signatures
  • ✓ VEP evidence review
  • ✓ Green badge tier indicator
Accredited $2,499/yr
Base Score: 90

Regulatory or institutional sign-off. Suitable for finance, healthcare, defense, and government deployment.

  • ✓ Everything in Audited
  • ✓ Regulatory/institutional sign-off
  • ✓ Full evidence chain retained
  • ✓ Gold badge tier indicator
🎉 Launch Free Period: All tiers are currently free. Pricing activates after the launch period. Live trust scores update dynamically — certifier co-signatures add points, unresolved drift reports subtract. A model with critical unresolved reports scores 0 regardless of tier.
Integration

Your model gets a passport. Your users get proof.

GAMP doesn't require you to change how your model works. It wraps the outputs with cryptographic identity. The private key stays in your environment — GAMP never sees it after registration.

What you get at registration

🔑
Model Private Key (PEM)
Returned once. Never stored by GAMP. Store in your secrets manager or HSM.
📋
Signed Passport
SHA-256 hash of canonical passport JSON, signed with the GAMP master key. Publicly verifiable.
🏷
Model ID + Embed Snippet
One script tag. Drop it on any site. The live badge renders automatically.

What your users can verify

Output authenticity
Any signed output can be verified against the public key in the GAMP passport. No API key needed.
🔍
Passport integrity
The canonical passport hash is signed. Any retroactive edit breaks verification. The record is tamper-evident.
📜
Full audit history
Every registration, tier change, and suspension is in the public transparency log. Permanently. Anyone can read it.
FAQ

Common questions

Does GAMP store my model's private key?
No. The private key is generated fresh at registration and returned to you exactly once. GAMP stores only the public key. This is the same architecture as SSL — the CA never holds your private key.
What happens if someone deploys a tampered version of my model?
The tampered version doesn't have your private key, so it cannot produce valid signatures. Anyone verifying its outputs against your GAMP passport will see the verification fail immediately. The GAMP SDK can also autonomously detect when output distribution drifts from your registered baseline.
What do I need to add to my codebase?
Three lines. Import the GAMP SDK, initialise it with your model ID and private key, and wrap your output function with @gamp_signed. That's it. Your model's internal architecture doesn't change at all.
How is GAMP different from Hugging Face model cards or IBM FactSheets?
Model cards and FactSheets are documentation — someone wrote them and you trust what they wrote. GAMP is cryptographic proof — the signature is mathematically verifiable and cannot be forged. It's the difference between a website saying "we're secure" and showing a verified SSL certificate.
Does GAMP comply with the EU AI Act?
GAMP provides the evidence layer that EU AI Act Article 13 transparency requirements call for — provenance records, training data documentation, architectural disclosure, and audit trails. GAMP passports are designed to be the technical foundation for AI conformity assessments.
What is the live trust score?
A 0–100 score that updates dynamically based on: your certification tier (base score), number of certifier co-signatures, recency of last verification, unresolved drift reports, and admin actions. Unlike a static tier label, the score reflects the ongoing health of your model's trust record.
Contact

Get in touch

Questions about integration, regulatory compliance, certifier partnerships, or enterprise licensing.

Message sent. We'll respond within 24 hours.
Fast response
We respond to all enquiries within 24 hours. Use the form to reach the right team.
🔗
Integration support
Need help embedding the badge or setting up the SDK? Include your model ID and we'll assist directly.
📋
Certifier programme
Apply to become an accredited GAMP certifier. Select Certifier Partnership in the enquiry type.
📖
Documentation