Security and privacy your procurement team can move with.
Start with what we can share publicly, then request a security package tailored to your review process.
What we can share publicly
No fake badges. No synthetic metrics. If you need something specific for vendor due diligence, request it and we will respond with what is available for your process.
Security overview (PDF)
High-level security and privacy overview suitable for initial vendor screening.
OpenAI transparency
EU AI Act system cards, risk classification, and your rights for all 11 AI systems.
OpenOpenAPI spec + API surface
Reference the current versioned API spec and implemented endpoint inventory.
OpenLooking for the sub-processor list?
Published in full at /legal/subprocessors. No form, no NDA. For deployment-specific details, use the request form below.
Open infrastructure.
Open roadmap.
Open evidence.
Procurement teams can verify what we run, what we ship, and what we've changed — without filing a ticket. Five live surfaces, one URL. No NDA required for any of these pages.
Status
Live service status, 30-day uptime, integration health, 60-second poll.
View statusSBOMs
Per-artifact CycloneDX 1.5 + SPDX 2.3, cosign-signed, EU-CRA aligned.
Download SBOMsRoadmap
Public product roadmap — what we're shipping next quarter.
View roadmapChangelog
Versioned release notes — every shipped feature, dated.
Read changelogAI Systems
Mistral provider, model cards, training-data posture, FRIA evidence.
Open AI registryRequest a security package
Tell us what you need for due diligence. We will reply by email with the next best step.