What is an AI assurance audit?

A structured review of an AI system's prompts, tool descriptions, scaffolds, and configurations for structural failure modes — sycophancy, null-result bias, hermeneutic drift, silent instruction relaxation, and others — before the system reaches production. Hermes Labs delivers a written report with prioritized fixes and runtime-control recommendations.

Does Hermes Labs support EU AI Act compliance?

Yes. Evidence packages map to EU AI Act Annex IV requirements and cross-map to ISO/IEC 42001 and the NIST AI Risk Management Framework. The same bundle is defensible under EU, ISO, and US audit review.

Do you work with US-based teams or only EU?

Both. Traceability and auditability requirements apply globally — SOC 2 AI addendums, procurement questionnaires, internal audit trails, and US state AI regulations. The EU AI Act is one framework our evidence packages support; it is not the only one.

What makes Hermes Labs different from a typical AI consultancy?

Research-backed methodology. Two peer-reviewable papers on Zenodo with DOIs, five US patent filings, 2,000+ controlled adversarial evaluations, and 26 merged upstream contributions into the frameworks production AI systems already use — including LangChain, Microsoft Semantic Kernel, PyTorch Ignite, and Optuna.

What frameworks and runtimes does Hermes Labs support?

Python, JavaScript, and TypeScript runtimes. Audit tools (lintlang, rule-audit, suy-sideguy) integrate with standard CI pipelines. Runtime assurance works with LangChain, Microsoft Semantic Kernel, Microsoft AutoGen, LlamaIndex, and custom agent frameworks.

How do Hermes Labs engagements start?

A discovery call to scope the audit surface. Most audits cover the prompt layer, tool descriptions, agent scaffolds, and runtime integration points. Findings are delivered in a written report with prioritized remediation steps. Contact roli@hermes-labs.ai to start.

Is Hermes Labs software open source?

Yes. 18+ tools released open-source under the Hermes Labs GitHub organization at github.com/hermes-labs-ai, including lintlang, little-canary, suy-sideguy, zer0dex, claude-router, agent-convergence-scorer, and more. No subscription required.

Ambient Assurance: The Half of AI Dev Tools Nobody Funds

May 27, 2026Rolando Bosch

Observability and guardrails watch what the agent does. Almost nothing watches whether what it already shipped is still true.

There are two things worth watching in AI-assisted development. The market funds only one.

By early 2026 the AI dev-tools market has a clear, well-funded center. Braintrust raised an $80M Series B in February 2026 at an $800M valuation. Arize raised $70M the year before. Langfuse was acquired by ClickHouse alongside its $400M Series D in January. These are observability and evaluation platforms — they record what your agent did, trace it, score it, and let you reason backwards from the trace.

Next to them sits a second funded category, newer and security-shaped: runtime assurance. Certiv came out of stealth in March 2026 calling itself “the first runtime assurance layer for AI agents” — a sensor that intercepts an agent’s actions before they execute and decides whether to allow them. NeMo Guardrails, Lakera, and the rest of the guardrails category do a version of the same job at the content layer. They block.

Both categories watch the same thing: the agent, in motion. One watches it after the fact and traces it. One watches it in the act and intervenes. Between them they cover the agent’s runtime behavior thoroughly, and investors have funded them accordingly.

The thing neither category watches

A README claims a test count the codebase no longer supports. A documentation file references an API that was renamed three commits ago. A config declares its version in two places that have quietly fallen out of agreement. None of these is a runtime event. No agent action triggers them. They are drifts between artifacts that nobody reads at the same moment — and they accumulate silently until a customer or a colleague hits one and you’ve already shipped.

A trace can’t catch this, because nothing happened at runtime to trace. A guardrail can’t block it, because there’s no action to block. The drift isn’t in what the agent did; it’s in what the agent’s earlier output slowly stopped being true about. The entire funded landscape is pointed at the agent. This problem is behind the agent, in the artifacts it left.

The shape that catches it

The only thing that catches it is a check that fires on its own, reads two artifacts, and compares them — at a moment you were going to have anyway. A pre-commit check. A scheduled audit overnight. A script that runs when you open a terminal and walks your active projects. It doesn’t block and it doesn’t trace. It reports: here is something that drifted, here is the file, here is the check that would have caught it.

I called this ambient assurance in the previous post — borrowing “ambient” from the background agents that act on events, and keeping it deliberately distinct from the runtime assurance that intercepts and blocks. Ambient assurance blocks nothing. That is the whole point: it uses your attention instead of demanding it.

Why the slot stays empty

The reason isn’t technical. The checks are easy; every senior AI-assisted developer I know has a few of them in their dotfiles. The reason is the business model.

Ambient assurance runs locally and writes to local logs. It produces no usage graph, nothing to meter, no per-invocation cost to bill. Local-first tooling resists consumption pricing by construction — if the data never leaves the machine, there is no telemetry to sell a dashboard against. The funded categories all monetize the runtime: traces metered by volume, interventions sold as a security subscription. A tool that quietly tells you the truth about your own files, locally, for free, does not fit that shape. The viable path is open core — the GitLab and Supabase model — rather than a metered SaaS, and that is a harder thing for the current investor consensus to underwrite.

So the market funds what it can watch in motion and meter by volume. It leaves unfunded the thing that catches the drift you cannot see — not because the drift matters less, but because catching it does not bill.

Two things are worth watching in AI-assisted development: what your agent is doing, and whether what it already did is still true. The first has two funded categories and a dozen names. The second has neither. The gap is not in the technology — the checks are sitting in everyone’s dotfiles. The gap is that the second thing does not sell the way the first does. Whoever is willing to build it as open infrastructure, instead of waiting for it to become a SaaS line item, gets to define it.

— Roli Bosch Hermes Labs

Roli Bosch is the founder of Hermes Labs, where we build the auditability and epistemic-engineering layer for production AI systems. Ambient assurance — the unfunded category this post is about — is part of what we’re building, as open infrastructure rather than a metered SaaS. The drift it catches is documented in our preprint, A Taxonomy of Epistemic Failure Modes in Large Language Models (DOI: 10.5281/zenodo.19042469). See what we’re building at hermes-labs.ai.