Skip to content
Meridian Verity Group
Auditors: start at Trust Center
Safety IR Public-safe Fail-closed Receipt-backed

Safety incident response — built for reviewers.

Not cybersecurity: AI safety incidents are handled as replayable receipts, with deterministic outputs (PASS / FAIL / HOLD). Missing signatures or missing evidence pointers must yield HOLD (fail‑closed).

Open Trust Center Open Governance Security advisories
Vulnerability disclosure (security) · Website release integrity
Safety IR descriptor (receipt)
Machine-readable safety incident response posture (public-safe). Detached signature: /.well-known/mvg-safety-ir.json.asc. Missing or placeholder ⇒ HOLD (fail‑closed by design).
HOLD
Checking publication…
sha256:— sha256:—
Open JSON Open .asc Open DSSE envelope Signing & audit runbook
Offline verify: gpg --verify .well-known/mvg-safety-ir.json.asc .well-known/mvg-safety-ir.json

What this is

A public‑safe view of MVG’s safety incident response posture: classification, triggers, escalation, and the reason we treat uncertainty as HOLD. Internal runbooks, contacts, and customer specifics are provided only under procurement / NDA as required.

Outputs
GO HOLD FAIL
Principle
Missing proof never yields silent PASS.

Security vs Safety

Security incidents are handled via the VDP. Safety incidents are non‑cyber harms or material risks from AI behavior or automation.

Category
Primary surface
Where to start
Security
Vulnerabilities, compromise, exploitation
Vulnerability disclosure
Safety
Harmful behavior / unauthorized actions / systemic error
Stop authority & escalation
Safety IR descriptor (receipt)
Machine-readable safety incident response posture (public-safe). Detached signature: /.well-known/mvg-safety-ir.json.asc. Missing or placeholder ⇒ HOLD (fail‑closed by design).
HOLD
Checking publication…
sha256:— sha256:—
Open JSON Open .asc Open DSSE envelope Signing & audit runbook
Offline verify: gpg --verify .well-known/mvg-safety-ir.json.asc .well-known/mvg-safety-ir.json

Stop / HOLD triggers (public‑safe)

  • Missing required signatures or evidence pointers for a release.
  • Verifier outputs FAIL, or a materially new reason code emerges for the same surface.
  • Confirmed unauthorized action attempt or policy bypass attempt.
  • Credible external report of harm that is reproducible (or plausibly reproducible).

If the situation is ambiguous, the correct posture is HOLD until it is reproducible and reviewable.

Escalation path (roles only)

  1. On‑call reviewer (Safety) triages and attempts deterministic reproduction.
  2. Stop authority (per Governance) issues HOLD/STOP and authorizes rollback or mitigation.
  3. Exec escalation coordinates external communications and remediation commitments.
Official channels
contact@meridianverity.com · security@meridianverity.com
Anti‑phishing
Only @meridianverity.com is official.
Safety IR descriptor (receipt)
Machine-readable safety incident response posture (public-safe). Detached signature: /.well-known/mvg-safety-ir.json.asc. Missing or placeholder ⇒ HOLD (fail‑closed by design).
HOLD
Checking publication…
sha256:— sha256:—
Open JSON Open .asc Open DSSE envelope Signing & audit runbook
Offline verify: gpg --verify .well-known/mvg-safety-ir.json.asc .well-known/mvg-safety-ir.json

Public-safe boundary

This page intentionally omits sensitive details (internal contacts, customer specifics, timelines, and response playbooks). The goal is to show a clear, audit‑friendly posture: classification, stop authority, escalation, and fail‑closed verification.

For procurement diligence, request the KYB packet via the Trust Center. For security issues, use the VDP.