SichGate
DocsMethodologyComplianceAbout

Closing the Policy-Model Gap in AI/ML Systems

SichGate was born from research into why AI/ML models fail to follow their own policies. We're building independent red-teaming infrastructure to make AI/ML compliance verifiable, not just claimed.

Our Mission

Independent Verification for AI/ML Systems

Organizations can't self-certify their AI/ML systems any more than companies can self-audit financial statements. From research labs to production ML teams, every organization deploying models needs independent verification that their systems actually comply with stated policies, not just at deployment, but under adversarial pressure.

That's why we built SichGate as an open red-teaming platform specifically for Small Language Models (SLMs). We run automated adversarial tests across white-box, gray-box, and black-box scenarios to measure the gap between what organizations claim their models do and what they actually do when attacked.

Evidence-Based Testing

Quantifiable attack success rates and decision boundary analysis, not security theater checklists.

Access-Level Adaptive

Works with whatever access you have: full model weights, API scores, or label-only black-box.

Research-Grounded Methods

Built on published adversarial ML techniques: Carlini L2, HopSkipJump, SIMBA, and more.

Our Story

From Research Question to Platform

How studying AI governance revealed a systemic gap that technology could fix

2024

The Research

While researching AI governance and risk management, we kept seeing the same pattern: organizations published AI policies claiming their models were "safe," "unbiased," and "compliant", but when models deployed, they violated those exact policies. We called this the "policy-model gap."

The question was: why does this gap exist? Is it technical failure, organizational dysfunction, or misaligned incentives?

Early 2025

The Investigation

We started testing. We took organizations' stated policies and ran adversarial attacks against their models. The results were stark: models failed their own policies not because of edge cases, but systematically. Small perturbations. Simple jailbreaks. Decision boundaries nobody had mapped.

The gap wasn't accidental -- it was predictable. Organizations optimize for performance metrics, not adversarial robustness. Security comes second.

Now

The Solution

We built SichGate to be what the AI/ML ecosystem desperately needs: the independent auditor. We automate the adversarial testing that organizations should be doing but aren't. We focus on SLMs because that's where adoption is exploding and compliance gaps are widest.

Our platform runs the attacks we used in our research -- Carlini L2, HopSkipJump, SIMBA -- and packages them into automated test suites organized by access level and compliance framework.

Next

The Mission

We're writing the research paper that proves the policy-model gap is real and systematic. We're building the platform that makes verification scalable. We're creating the standard for what "AI/ML compliance" actually means when you can measure it adversarially.

Because the industry won't fix itself. Regulation is coming. Someone needs to be the third-party auditor when it does.

Why We Focus on Small Language Models

The AI/ML deployment landscape is bifurcating. Large Language Models (LLMs) like GPT-4 get all the headlines, but Small Language Models (SLMs) are where the actual production deployments are happening.

Deployed locally and on-device for privacy, latency, and cost

Fine-tuned on proprietary data with IP risk if they leak training data

Used in regulated industries: healthcare, finance, legal

Built by teams without ML security expertise

This is where the policy-model gap is widest. This is where compliance failures will be most costly. This is where independent red-teaming is most needed -- and least available. We built SichGate for this market.

Our Testing Methodology

SichGate adapts to 3 access levels

White-box

Full Model Access

  • Direct gradient computation (FGSM, Carlini L2)
  • Weight anomaly detection for backdoors
  • Activation analysis for bias detection

Gray-box

API with Probability Scores

  • Gradient estimation via finite differences
  • Zeroth-order optimization attacks
  • Transferability testing across models

Black-box

Label-Only API Access

  • Decision boundary probing (HopSkipJump)
  • Query-efficient attacks (SIMBA)
  • Jailbreak prompt fuzzing

Each test suite maps to compliance frameworks (EU AI Act, NIST AI RMF, ISO 42001) and generates auditable reports.

Our Principles

The values that guide how we build and who we serve

Open Methodology

Our attack implementations are open-source. Security tools must be auditable. The orchestration layer, compliance dashboards, and managed services are where we add commercial value -- not by hiding techniques in black boxes.

Independence Matters

We're the third-party auditor, not a vendor trying to sell you the solution to problems our tool finds. Our incentive is accurate testing, not upselling your team on remediation consulting.

Research-Driven Development

New adversarial techniques get published constantly. We implement them, test them, and contribute back to the research community. Your paid subscription funds open-source contributions and academic collaborations.

Accessible Expertise

Enterprise-grade adversarial testing shouldn't require a PhD in ML security. We package cutting-edge research into tools that MLOps teams can run in CI/CD. You get the sophistication; we handle the complexity.

Get Involved

Whether you're building ML systems, researching adversarial techniques, or navigating AI compliance, we want to hear from you.

For Researchers

Contribute attack implementations, collaborate on papers, help define what "verified AI/ML compliance" means.

For ML Engineers

Use our open-source toolkit, report what works (and what doesn't), help us understand real-world deployment scenarios.

For Organizations

Get early access to the platform. We're working with design partners to build the compliance dashboard you actually need.

Star on GitHubFollow UsBook a Demo

Built for the AI/ML community that refuses to accept "trust us, it's safe" as good enough.