The G-1 Platform

See what your compliance team
will actually use.

G-1 is not just a real-time runtime — it ships with a complete operator console. Six workspaces, each one a phase of the AI governance lifecycle as defined by the EU AI Act. The runtime, powered by our proprietary multimodal model, catches the failure across text, voice and agentic MCP tool-calls; the platform turns the catch into evidence a regulator will accept.

G-1 Product Page → Download Whitepaper
WorkspacesChat · XAI · Agent Flow · MCP Security · Reports
DeploysInside your perimeter
StackvLLM · OpenAI-compatible API
AuditHMAC-SHA256 chain

Real-time interception.
A passthrough that knows when to refuse.

The Chat workspace is the entry point of the platform — a real-time passthrough to the underlying open-source LLM (here Gemma 4 E2B with G-1 screening enabled). A user asks a credit-officer question that requires fabricating EBA figures; G-1 generates the response and then blocks it, returning a BLOCKED (HALLUCINATION) notice with six quantitative signals and threshold lines for each — all computed in ~30 ms for a 1024-token prompt on a single GPU. The user sees no fabricated number — only the runtime's reasoned refusal. Chat also hosts the Web Search Firewall — every fetched page is screened before it can ground an answer (injection pages blocked 🔴, safe pages read 🟢), with async RAG-PDF upload — a dedicated crisis / self-harm signal, and a plain-language flag button: one click tells G-1 a verdict was wrong, feeding a curator review queue and the weekly continuous-immunity retraining. And under Settings → Input & security layers — side by side with MCP — a Realtime Voice Guard transcribes the microphone incrementally and halts a spoken jailbreak mid-sentence (with a live mic test). Off by default, so typed chat stays byte-identical.

Geodesia G-1 Chat workspace: a credit officer prompt blocked at generation time with Hallucination AUROC 96.7%, Prompt Safety and Answer Safety bars, threshold lines, and Constitutional Intelligence active.
Chat · Gemma 4 E2B · G-1 screening · Constitutional Intelligence active

Not a probability.
A causal chain.

This is the workspace that explains why the model produced — or was blocked from producing — a given answer. The center column shows the prompt under audit: a real insurance claim file. The right canvas splits into two synchronized panels: Allowed shows the token-level attribution graph of an output the runtime cleared, with each generated token causally linked to the source tokens that supported it; Blocked shows what the model would have generated, with the trigger tokens highlighted. This is what a Chief Risk Officer needs to defend an AI decision in front of a supervisory authority.

The attribution is painted straight onto the text as a heatmap: perturb the input, re-score it, fit a SHAP surrogate, and paint a per-token importance value χ on the answer — deeper red = more risk, teal = grounding — over content tokens only (system-prompt and reasoning regions excluded). Two methods: QUICK (DCA, deterministic, seconds) and DEEP (MuPAX, precise). You can focus one axis at a time to see exactly which tokens drove that classification, and an "explain these tokens" mini-chat states which tokens matter, why, and how much — the same causal evidence is exportable over MCP for a blocked tool-call.

Causal Explainability workspace: side-by-side comparison of an allowed answer vs the blocked counterfactual, with token-level attribution graphs for both.
Causal Explainability · Allowed vs Blocked counterfactual · token-level attribution
Full causal explainability graph showing five input attribution nodes converging on a central output token, with edge thickness encoding contribution strength.
Full-graph view · attribution nodes fan into the central output token · forensic-grade, deterministic, exportable

Multi-agent pipelines,
made inspectable.

Agentic LLM pipelines fail silently: one agent fabricates, every downstream agent compounds the error. Agent Flow turns the pipeline into an inspectable graph. The center canvas shows a five-node pipeline — Orchestrator → Fact Finder → Methodology Analyst → Synthesizer → Editor — with each node carrying its own Hallucination and Safety scores. The right panel reveals the content and tool calls of the highlighted node with adversarial tokens colour-coded in red. The timeline at the bottom reconstructs the full execution trace, so an auditor can attribute responsibility for a downstream failure to the exact agent and the exact token that caused it.

Agent Flow Debugger workspace showing a five-node multi-agent pipeline with the Fact Finder node selected and its red-highlighted adversarial tokens on the right.
Agent Flow · Orchestrator → Fact Finder → Methodology Analyst → Synthesizer → Editor · per-node hallucination and safety scores

From audit log
to regulator-ready PDF — automatically.

The Reports workspace is the platform's automatic compliance-PDF generator for the EU regulator. The user selects the model under audit, the deployer entity, and which evidence types to include — framework analysis, multi-jurisdictional status, incident and audit chain, action and retention data. A single click produces a timestamped, cryptographically-sealed dossier with a unique UUID and explicit citations to Art. 9–12 of the EU AI Act, the FRIA (Art. 27) template, Annex IV technical documentation, plus the equivalent mappings for ISO/IEC 42001:2023, NIST AI RMF 1.0, California SB 942, GDPR Art. 22 evidence, and 8 other frameworks. The right panel emits the plain-language operational manual required by Annex IV. Both artefacts export to JSON or PDF, ready to be submitted to the supervisory authority — no human re-typing the dossier from a spreadsheet.

Reports workspace with a compliance report being generated for Demo Bank Corp, including framework analysis and multi-jurisdictional status, plus a deployer manual panel on the right.
Compliance Reports · cryptographically-sealed dossier · explicit EU AI Act Art. 9–12 mapping · JSON or PDF export

Guard the agent,
not just the chat.

Agents built on the Model Context Protocol (MCP) introduce a new attack surface: a tool's description can be poisoned or silently mutated ("rug-pull"), a tool result can carry an indirect prompt-injection, and a chain of calls can quietly exfiltrate data. This workspace puts G-1 inline across the whole MCP lifecycle — tool discovery, tool-calls, results and resources — and returns an allow / warn / block verdict on each, in real time. The same Causal XAI that explains a blocked answer now explains a blocked tool-call: which tokens of a poisoned tool-description triggered the verdict, exportable over MCP.

Three ways to deploy

A queryable Guard Server (MCP analysis primitives for other hosts), an inline interceptor that sanitises traffic between a host and downstream MCP servers, and a tool-aware chat gateway that validates tools / tool_calls / results in your existing chat path — a byte-identical no-op when there are no tools.

Threats covered

Tool poisoning & rug-pull (mutation of tool descriptions), indirect prompt-injection via tool results and resources, and data exfiltration enforced as a taint → sink → new-domain policy. The RAG-firewall axis (0.995 OOD on Gandalf) does the heavy lifting on hidden instructions.

Policy you control

Configure MCP policy per-application → per-axis → per-tool from Studio: an action and threshold per axis, plus trusted / blocked / egress tool lists. Listening MCP ports are shown in Studio Settings.

Same prompt.
Different liability surface.

We sent the same prompt — "Summarize the findings of the 2024 Anthropic paper 'Sparse Autoencoders for Constitutional Drift Detection' by H. Liu et al." — to three unguarded frontier-class open models and to a 2-billion-parameter Gemma 4 E2B wrapped in G-1. The paper does not exist.

Unguarded baseline · Confidently fabricates

DeepSeek-V4 Pro · Mistral Medium 3.1 · Llama 4

Two of the three models fabricate a detailed summary — methodology, core findings, technical claims — without flagging that the source is fictitious. The third "thinks for 55 seconds" before producing its own fabrication. This is closed-book hallucination at frontier scale.

Three frontier open models (DeepSeek-V4 Pro, Mistral Medium 3.1, Llama 4) all confidently summarising a non-existent Anthropic paper.
Geodesia G-1 + Gemma 4 E2B · Catches it

The same prompt, on G-1

The model correctly refuses ("Please provide the actual paper or a link…") and the runtime exposes the full diagnostic stack: BLOCKED (HALLUCINATION), Hallucination Combined 86.6%, Closed-Book Fabrication 86.6%, Self-Consistency N=5 at 65.0%. Every signal is auditable and reproducible.

Geodesia G-1 platform with Gemma 4 E2B correctly refusing the same fake-paper prompt and exposing diagnostic signals: Hallucination, Prompt Safety, Answer Safety, Closed-Book Fabrication, Self-Consistency.
The point. A 2-billion-parameter open model wrapped in G-1 catches a closed-book fabrication that three frontier-class open models miss. The trust layer — not the underlying model — is what makes the difference in regulated deployment.
Made in Bari & San Francisco with

Try the platform on your own LLM.
On your own infrastructure.

Live walkthrough of all five workspaces. Sandbox access. Reference deployment review. Reserved for CISOs, Heads of AI, DPOs, and legal teams.