Clear boundary
Model output becomes action
HALTSEAL begins exactly where platform, security, and procurement teams want a harder answer than monitoring or policy language alone.
HALTSEAL • licensing-ready public overview
Permit before action.
HALTSEAL is a fail-closed runtime control layer for consequential AI. It verifies prerequisites inside a trusted, read-only boundary, mints short-lived permits only on PASS, and requires a valid permit before network egress, privileged I/O, or accelerator dispatch.
Two issued U.S. grants on record. A narrow first-pass surface for Security, Procurement, Legal, and platform owners evaluating runtime-action control.
Why HALTSEAL first
The cleanest first surface for runtime-action diligence.
Start where serious buyers already feel the pressure: when model output can trigger a real side effect. HALTSEAL keeps the first conversation narrow, concrete, and licensing-ready.
Narrow first pass
One gateway. One proof path.
Pick a single enforcement point, prove fail-closed behavior, and widen only after the boundary survives technical and legal review.
Buyer-run evidence
Portable artifacts, not vendor-only dashboards
Receipts, reason codes, and pilot outputs are designed to move into internal security tickets, procurement packets, and counsel diligence.
Issued U.S. grants
What the patents put on record.
Two issued grants make the licensing story easier to understand: the first puts the fail-closed runtime gate on record; the second extends that control to driver, firmware, and hypervisor gateways.
Fail-closed runtime gate for agent execution
Reflects verify-to-activation in a read-only boundary, license-tier and quorum checks, permit-before-action, and immutable evidence for subsequent review.
Gateway enforcement at driver, firmware, and hypervisor layers
Extends the runtime gate to lower-layer intercept points where device I/O, dispatch, or network egress can be denied absent a valid permit.
Verify-to-activation
Trusted boundary before action
The check happens inside a read-only boundary, not only in post-hoc logs or after-the-fact review.
Licensing gate
Tier, quorum, and attestation
Licensing authority can be validated before a permit is issued, which keeps review tied to a concrete control point.
Permit semantics
Short-lived and audience-bound
Permits can be scoped to agent, tenant, or mission and fail closed when absent, stale, revoked, or out of scope.
Portable evidence
Receipts that survive review
Immutable evidence and readable reason codes support procurement, security review, and counsel diligence outside the vendor.
Where deployment can start
Pick the gateway the buyer already owns.
The best first deployment is not the whole stack. It is the control point already closest to consequential effect.
Network egress
Control externalized effect
Good first fit when outbound action, delegated tool use, or agentic execution leaving the runtime boundary is the main concern.
Driver path
Stop action before queue or doorbell submission
Useful when the decisive boundary sits at a device or accelerator handoff rather than only at the application layer.
Firmware / microcode
Gate dispatch deeper in the stack
Use when the buyer needs a lower-layer control point for high-assurance or hardware-adjacent deployment.
Hypervisor intercept
Control at the virtualization boundary
Good fit for cloud, hosted runtime, or multi-tenant infrastructure teams that need a harder enforcement edge.
Diligence and licensing path
Public first. Depth only where fit is real.
This is the counsel-friendly order: public-safe overview, scoped NDA diligence, one-gateway pilot, then field-limited or staged licensing where the buyer path is real.
1
Public-safe review
Use this page, the patents page, the brief, and the deck to understand the boundary, the control path, and the review posture.
2
Scoped NDA diligence
Bring in relevant filings, claim charts, enforcement-point mapping, and evidence expectations only after fit is real.
3
Pilot and scope
Prove one gateway, agree acceptance criteria, and move into field-limited or staged licensing only where the deployment path justifies it.
Priority buyer lanes
Who usually understands this fastest.
Start where runtime permissions, control planes, and action governance already matter.
Hyperscale · runtime · infra
Control planes and managed-agent stacks
Good fit when delegated execution, egress, dispatch, or downstream action must become permissioned instead of allow-by-default.
Model-runtime · agent platform
Hosted runtimes and tool surfaces
Use it when the product already brokers actions and needs a harder pre-action control layer.
AI security · governance
Move from monitoring to deterministic control
Relevant where the buyer wants more than policy language, evaluators, or post-hoc logging.
Identity · control plane
Close identity to downstream action
Use it when the real commercial gap sits between agent identity, authorization, and consequential execution.
Buyer-run pilot
Outputs another party can actually use.
Run a fail-closed gateway locally. No meeting. No uploads. Get portable artifacts that can move into internal tickets and reviewer workflows.
- Deterministic behavior — PASS / FAIL / HOLD with stable reason codes.
- Portable evidence — receipts, reports, and machine-readable artifacts for Security and Procurement.
- Identity-anchored reporting — outputs designed for internal review rather than screenshot theater.
Security-attended path
Technical deep dive for serious fit.
Bring Security, Legal, and Procurement once the boundary is clear. Keep the conversation specific: one gateway, one proof path, one diligence scope.
- Meeting focus — enforcement point, evidence shape, and what PASS / HOLD / DENY mean in the buyer environment.
- NDA depth — relevant filings, scoped claim charts, and deployment matching only after fit is established.
- Next step — field-limited or staged licensing where the buyer path is real.