Company

We are building the system of record for AI obligations.

Enterprises are putting AI into decisions that regulators, carriers, and auditors will ask them to defend. Castle exists so that the answer to "show us your AI governance" is an export you can hand over, already assembled, owned, and independently verifiable, instead of a project you scramble to reconstruct. We start with insurance, and we stay independent of the platforms we govern.

Where we are, stated plainly

Castle is founder-led and in early access: built and tested, not yet live-proven with a production customer or auditor, and holding no certifications. We are onboarding our first design partners now. Everything on this site is described honestly, with built, opt-in, and roadmap features distinguished, and regulatory summaries offered for orientation, not as legal advice.

01 / Why Castle exists

The obligation is the thing that matters, and it keeps falling between systems

Every AI system an enterprise deploys carries obligations: what a contract promised, what a regulation requires, what a carrier expects, who signed off, and what would prove it if someone asked. Those obligations live in different systems, owned by different teams, and the connection between them lives in email threads and spreadsheets. When a regulator or a carrier finally asks, the evidence has to be reconstructed under a deadline.

GRC tools track frameworks and checklists. Castle tracks the obligation itself: mapped to its owner, connected to the model, vendor, and contract it came from, and tied to the evidence that proves it is handled. That is the difference between a compliance report and a system of record.

AI makes this urgent. Models and autonomous agents now take actions inside underwriting, claims, and fraud workflows faster than governance can keep up, and the people who answer for that risk need one place to see what they owe and prove it.

02 / What we believe

Four principles we build against

Proof over assertion

An audit answer should be verifiable by the person receiving it, on their own machine, without taking our word for it. Castle produces signed evidence a carrier or examiner can check offline.

Determinism over guesswork

No language model decides your risk tier, your control status, or your compliance posture. Decisions come from rules you can read, so the same inputs always produce the same answer.

Honest by default

We tell you what is built, what is opt-in, and what is on the roadmap. We do not claim customers, certifications, or live results we do not have. Stage-honesty is a feature, not a weakness.

Independent of what we govern

Castle governs AI regardless of which platform runs it. We stay neutral toward the model providers and tools we sit above, because oversight only means something when it is independent.

03 / How we work

Depth in one industry before breadth across many

We are insurance-first on purpose. Carriers, MGAs, and TPAs face a governance question that is already on the calendar, with named regulators, dated bulletins, and carrier diligence flowing down through program agreements. We would rather solve that completely than spread thin across industries that are not asking yet.

We build with design partners, not for a roadmap in a vacuum. New capability is added when a real prospect pulls it, so what ships is grounded in an actual governance problem rather than a feature list. The verifiable-evidence engine underneath generalizes beyond insurance, but we earn that expansion by winning the first vertical first.

This is a discipline about what we sell and say. It keeps the product deep where it counts and keeps our promises honest.

04 / Who is behind Castle

Founder-led, built by people who have governed AI in regulated operations

Ben Crooks, founder of Castle
Ben Crooks
Founder

Castle comes out of building and governing AI systems inside regulated financial and insurance operations, where the gap between "we deployed a model" and "we can prove how it is governed" is a real and growing liability. Castle is the tool we wanted on the inside: one system that turns scattered obligations into evidence you can defend.

We are building an advisory bench across insurance, GRC, and security, and looking for a GRC-native co-founder or advisor. If that is you, the last section is how to reach us.

05 / What we are not

Clear about our edges

  • We are not a runtime firewall or an identity broker. Castle governs and proves controls; it does not replace your security stack.
  • We are not a law firm. Regime mappings are reference material for your counsel to review, not legal advice or regulator endorsement.
  • We are not a black box. If a decision cannot be explained from a rule you can read, it does not belong in Castle.
  • We are not pretending to be further along than we are. Early access means early access.
06 / Work with us

Become a design partner

If you own AI governance, vendor risk, compliance, legal, security, or advisory work for a regulated enterprise, we would like to see the obligations your current tools cannot connect and walk the full pass with you live.