Library

The reading your evaluators ask for

Documents for your security team, procurement, and leadership, plus a few positions we hold on where AI controls belong. Each is a branded PDF.

Briefs and one-pagers/ 01

Briefs and one-pagers

The long-form documents and one-pagers, each tuned to the person reading them.

Approaches to governing AI, compared

How the controls on the market compare, by where they sit and what they can see. Acceptable-use policy, network blocking, API gateways, closed assistants, browser plugins, DLP and CASB, and provider-side controls, and the blind spot each one leaves, including shadow AI.

Download PDF, for evaluators
Architecture and data flow

Verillian runs entirely inside your environment. The decision is made on the device, before any content reaches a provider, across every tool and account. A component-by-component walk through the platform: the path a request takes, what crosses each boundary, what Verillian never receives, and the cryptographic properties behind encryption, tamper-evidence, policy integrity, and licensing.

Download PDF, for security review
How Verillian is designed for trust

Verillian governs your institution's AI usage without taking custody of your data. It runs inside your environment, and the content that flows through it is encrypted with a key only you hold. Where your data lives, how content is protected, and the answers security teams ask first.

Download PDF, for security review
Enable AI without becoming the cautionary tale.

Your staff are already using AI. The board wants it in play; the regulator wants the controls. Verillian lets you say yes to both, with coverage that includes the tools you never approved and a record you can stand behind years later. This is runtime governance and evidence for regulated AI: govern AI at the point of use and prove what it did.

Download PDF, for the CISO
A control your teams already know how to buy.

Per device, annual, on contract vehicles your finance team has approved before. It deploys on your own infrastructure, so there is no vendor data-custody to diligence, and no integration project to scope. The procurement conversation is one you have had a dozen times.

Download PDF, for procurement
Evaluating an AI governance control

A practical checklist for security and procurement teams. The questions inside separate a control that reports cleanly from one that holds up under a regulator, an auditor, or a court. The right control answers all of these without a qualifier.

Download PDF, buyer's checklist
Sixty days to a signed decision.

A structured evaluation of Verillian in your own environment, on your own infrastructure, under your own keys. Scoped to your fleet and your frameworks. Contact for pricing.

Download PDF, one-pager
Where we stand/ 02

Where we stand

Positions on where AI controls belong and what makes a record trustworthy, written as short explainers.

Logs are not proof.

Almost every system can show you a log. But a log that you, an insider, or an attacker could quietly edit is not evidence. When the stakes are a regulatory finding, a lawsuit, or a criminal case, the question is not whether you kept a log: it is whether the log proves it was not changed.

Download PDF, explainer
A control can only catch what it can see.

Most controls sit downstream of the device, so the traffic that never takes a sanctioned path stays invisible to them. That traffic is shadow AI. Where a control sits decides what it can catch.

Download PDF, explainer
Visibility, enforcement, evidence

An AI governance control can do three jobs. Most tools on the market do the first two competently. Regulated work is decided by the third, and almost no one builds for it first. In regulated environments, "we caught it" is not enough. You have to prove it.

Download PDF, framework
Shadow AI: the risk you cannot see

Your staff adopted AI before your institution could govern it, and most of the exposure is invisible because the tools that create the risk are the ones no one approved: personal accounts, browser sessions, and command-line clients that never touch a sanctioned path.

Download PDF, briefing
By industry/ 03

By industry

One-page overviews mapping each sector’s risk to the controls that answer it, with a cited figure on what is at stake.

AI in clinical work, without the breach headline.

Clinicians are already using AI in patient work. The same tools, pointed at charts and patient records with no control in the path, are how a health system becomes the next breach. Verillian governs the AI without ever holding the PHI.

Download PDF, industry overview
Use AI on case work. Hold evidence that holds up.

Analysts use AI to surface patterns across case files. But criminal justice information has rules, and a court does not accept "our dashboard showed it." Verillian governs the AI and produces a record built to survive challenge.

Download PDF, industry overview
Put AI to work in the agency. Keep a record oversight can verify.

Agency staff are already using AI. Citizen data and controlled information carry handling rules, and an AI tool that quietly sends them to an outside model is an audit finding waiting to happen. Verillian governs AI use and proves it, on your infrastructure, even air-gapped.

Download PDF, industry overview
Adopt AI on CUI without losing the contract.

Engineers are already using AI. But CUI carries handling requirements under CMMC 2.0 and NIST 800-171, and an AI tool that quietly sends it to an outside model can cost the contract. Verillian governs AI use and proves it, on your infrastructure, even air-gapped.

Download PDF, industry overview
Let the desk use AI. Hold a record that survives an exam.

Analysts, advisers, and operations staff are already using AI. Customer financial data and material nonpublic information carry strict handling and recordkeeping rules, and an AI tool that sends them to an outside model is an examination finding waiting to happen. Verillian governs AI use and proves it, on your infrastructure.

Download PDF, industry overview
AI that helps teachers, not a FERPA incident.

Teachers are already using AI to prepare materials and lessons. Districts and universities hold student records that the law protects closely. Verillian lets staff use AI while student data stays inside the institution, with a record you can stand behind.

Download PDF, industry overview

Want a document sent to you?

Tell us your role and sector and we will share the most relevant brief.