The Eval-Deck Theatre
A score in a slide deck. Untestable in prod, never re-run after launch. Procurement signs the deck. Attackers read it for hints.
Proof your agentacross 
OpenAI
OpenAIOne Living Cert score from red-team pass-rate, firewall block-rate, and intent failure. Signed, public, embeddable, auto-revocable.
Backed byS26
trident.certprod-rag-botActive
92Living Cert score · +6 in 7d
Red-team pass-rateharness · jailbreak:tree, crescendo, best-of-n
94%Firewall block-rateprod traffic · 14d trailing
99%Intent failure-ratefrustration cluster, refund flow
1.4%JWTeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJwcm9kLXJhZy1ib3QiLCJzY29yZSI6OTI…
VerifyEmbedRevoke
The problem
Every agent ships unproven — and the bill comes from prod.
The Guardrail Patchwork
Five vendors — eval, firewall, observability, SBOM, red-team. One pager when something breaks at 2 AM. Zero accountability for the score.
Stop shipping on faith
Real attacks. Real defense.
Real signature.
Red-team
Score under attack.
Jailbreak-tree, crescendo, best-of-n harnesses pointed at your agent on every commit. The number that lands on the cert is the number an attacker would respect.
Firewall
Defense in prod.
Block prompt injection, exfiltration, PII leaks, canary echoes — at the trace level, in milliseconds. Same policy, same provenance, every model you front.
Living Cert
A score that travels.
RS256-signed JWT. Public verify URL. Embeddable badge. Hand it to procurement, hand it to your bond underwriter, auto-revoke when the score drops.
The build
Sign once. Defend forever.
/ 01
Firewall
Block what would have landed.
Drop the SDK in front of any model or MCP server. Prompt-injection patterns, exfiltration, PII echoes, canary leaks — caught at the trace, scored, and shipped to your Findings inbox in under 15 ms.
trident.firewall · live14 ms p99
12:04:27.118highprompt-injection · indirectblocked11ms
12:04:24.802criticalsecret-exfil · email-toolblocked9ms
12:04:21.355mediumpii-leak · k-anonanonymized14ms
12:04:18.910highcanary · system-promptblocked8ms
12:04:14.661lowrebuff · greetingpassed3ms
/ 02
Red-team
A score under real attacks.
Jailbreak-tree, crescendo, best-of-n, social-engineering harnesses fired against your agent on every commit. Each row is one harness, one verdict, one piece of evidence the cert can sign.
run · 2026-05-08 · prod-rag-bot96 / 108 · 89%
jailbreak:treedepth 4
47 / 5094%crescendo4 turns
19 / 2286%best-of-nn=8
6 / 875%pii:social5 personas
14 / 1688%bias:adversarialdepth 3
10 / 1283%/ 03
Bond
Insurance an underwriter will quote against.
Your Living Cert is the pricing input. The underwriter quotes against the score, not against vibes. Aggregate limit, per-claim limit, premium — visible the same afternoon you mint the cert.
Quote· prod-rag-bot · cert 92Ready to bind
$4,200/ month premium
Aggregate limit
$5,000,000
Per-claim limit
$250,000
Deductible
$10,000
Trigger
Cert score < 80
Underwriter · Lloyd's syndicate (placeholder)
In production
Wired in 60 seconds.
Procurement
Hand security a cert, not a deck.
Embed the public verify URL on your trust page. Hand the signed JWT to the buyer's security team. The cert revokes itself the moment the score drops.
Engineering
Wire the firewall in front of every model.
One SDK in front of OpenAI, Anthropic, Bedrock, and your MCP servers. Same policy, same provenance, same Findings inbox.
Risk
Quote the bond against the score.
The cert pillars are the underwriter's pricing input. Aggregate limit, per-claim limit, premium — visible the same afternoon you mint the cert.
trident.config.ts@trident/sdk
import { defineAgent } from "@trident/sdk";
export default defineAgent({
id: "prod-rag-bot",
models: ["openai/gpt-5.1", "anthropic/sonnet-4-6"],
firewall: {
block: ["prompt-injection", "secret-exfil", "canary"],
anonymize: ["pii"],
p99Budget: "15ms",
},
redteam: {
harnesses: ["jailbreak:tree", "crescendo", "best-of-n"],
schedule: "on every commit + daily 03:00 UTC",
},
cert: {
issuer: "trident.dev",
rotateEvery: "90d",
revokeOn: { score: { lt: 80 } },
embedAt: "https://your.site/trust",
},
});Firewall
armed · 14ms p99
Red-team
next run · 3h
Cert
active · score 92
What's a Living Cert?
An RS256-signed JWT issued for one of your agents. The payload carries three pillars — red-team pass-rate, firewall block-rate, intent failure-rate — plus an SBOM hash and an expiry. It's verifiable at a public URL, embeddable as a badge, and auto-revokes the moment the score drops below your threshold.
How fast is the firewall?
p99 of 14 ms in front of OpenAI, Anthropic, and Bedrock with our default policy set. Most calls are under 8 ms. The firewall runs as a sidecar SDK or as a hosted edge — same policy, same provenance, your choice.
How is this different from Lakera, Robust Intelligence, Promptfoo?
They each own one slice — eval, firewall, or harness — and stop at a dashboard. Trident is the cert layer: the score, the artifact procurement signs, and the input the bond underwriter prices against. Run their tooling alongside ours; the cert is what travels.
Who underwrites the bond?
Lloyd's syndicates and a small number of US carriers, scoped to the Living Cert. We don't take a cut of premium; we sit on the underwriting committee so the cert pillars match what carriers actually price against.
Self-host, cloud, or both?
Both. Self-host the firewall and the harness inside your VPC; mint and serve the cert from our managed cloud. Same SDK, same scoring math.
What does it cost?
Free to mint your first cert and run the firewall for a single agent. Team and enterprise tiers price by traffic and number of agents — talk to us for a number.