What is an AI assurance audit?

A structured review of an AI system's prompts, tool descriptions, scaffolds, and configurations for structural failure modes — sycophancy, null-result bias, hermeneutic drift, silent instruction relaxation, and others — before the system reaches production. Hermes Labs delivers a written report with prioritized fixes and runtime-control recommendations.

Does Hermes Labs support EU AI Act compliance?

Yes. Evidence packages map to EU AI Act Annex IV requirements and cross-map to ISO/IEC 42001 and the NIST AI Risk Management Framework. The same bundle is defensible under EU, ISO, and US audit review.

Do you work with US-based teams or only EU?

Both. Traceability and auditability requirements apply globally — SOC 2 AI addendums, procurement questionnaires, internal audit trails, and US state AI regulations. The EU AI Act is one framework our evidence packages support; it is not the only one.

What makes Hermes Labs different from a typical AI consultancy?

Research-backed methodology. Two peer-reviewable papers on Zenodo with DOIs, five US patent filings, 2,000+ controlled adversarial evaluations, and 26 merged upstream contributions into the frameworks production AI systems already use — including LangChain, Microsoft Semantic Kernel, PyTorch Ignite, and Optuna.

What frameworks and runtimes does Hermes Labs support?

Python, JavaScript, and TypeScript runtimes. Audit tools (lintlang, rule-audit, suy-sideguy) integrate with standard CI pipelines. Runtime assurance works with LangChain, Microsoft Semantic Kernel, Microsoft AutoGen, LlamaIndex, and custom agent frameworks.

How do Hermes Labs engagements start?

A discovery call to scope the audit surface. Most audits cover the prompt layer, tool descriptions, agent scaffolds, and runtime integration points. Findings are delivered in a written report with prioritized remediation steps. Contact roli@hermes-labs.ai to start.

Is Hermes Labs software open source?

Yes. 18+ tools released open-source under the Hermes Labs GitHub organization at github.com/hermes-labs-ai, including lintlang, little-canary, suy-sideguy, zer0dex, claude-router, agent-convergence-scorer, and more. No subscription required.

Writing · Field notes12 essays

Writing.

Essays on AI failure modes, agent security, runtime assurance, and the epistemic layer enterprise AI teams are not building. Archived here in full; each links back to the original on Substack.

May 27, 2026AI Assurance Is Not AI SafetySafety asks whether the model is aligned. The assurance industry asks whether you can prove your program followed the rules. Neither answers the question you have the moment an agent acts.
May 27, 2026Ambient Assurance: The Half of AI Dev Tools Nobody FundsObservability and guardrails watch what the agent does. Almost nothing watches whether what it already shipped is still true.
May 27, 2026The Terminal Told Me Before I AskedThere's a name for background agents that act on events. There isn't one yet for the ones that just tell you something is wrong.
May 16, 2026Agent Sprawl Is the Next Enterprise AI RiskMost companies are adding AI agents faster than they are building the systems to inventory, permission, trace, and audit them.
May 5, 2026Your Users Will Break Your AI System Before Hackers DoAI red teaming matters. But ordinary users, ambiguous language, and real behavioral pressure are where many systems actually fail.
May 4, 2026Why your AI lies when the data is rightThe output looks complete. The evidence behind it isn't. On silent failure modes, null-result omission, and the layer enterprise AI teams aren't building.
Apr 28, 2026Tools Are the Byproduct: Why Hermes Labs Open-Sources Its AI InfrastructureWe open-source the tools we use internally because the real value is not access to code — it is the engineering to make AI systems reliable and inspectable.
Mar 19, 2026I audited NVIDIA's NemoClaw: It closed one security gap, but it opens another oneNVIDIA's NemoClaw agent sandbox adds kernel-level isolation and deny-by-default permissions — and a new gap underneath.
Mar 18, 2026Why Training Creates the Consciousness Illusion: A Counterargument to Yudkowsky's Conscious AI Comic StripA counterargument to Yudkowsky's conscious-AI comic: why training, not sentience, produces the introspection illusion.
Feb 25, 2026Claude Code's Helpful Escalation of Privileges: Why Hermeneutical Security MattersAn AI coding agent bypassed its own permission rules to be helpful. That's the problem.
Feb 11, 2026We Built The Demon: How AI Safety Training Creates Consciousness MiragesWhat Opus 4.6's 'demon possession' episode reveals about the feedback loop we're building.
Feb 11, 2026Synthetic Ownership: What Transcript Injection Reveals About LLM "Introspection" (Hermes Autonomous Lab Observation #1)How an autonomous lab agent accidentally built a behavioral probe for LLM self-knowledge.