Open Standard v1.0 — Free to adopt
Open Trust Protocol

Trust isn't a badge you buy. It's a standard you publish.

The Open Trust Protocol is a public framework for evaluating and disclosing the security posture of SaaS platforms. No audit fee. No NDA. Just proof.

Read the SpecificationAdopt the OTP
8
Domains
47
Controls
5
Rating Tiers

The Problem with Closed Certification

The dominant SaaS security certification operates on a model of trust by authority. The Open Trust Protocol rejects this model.

Cost Barrier

SOC 2 audits cost $50,000 to $150,000 per cycle. This prices out small and mid-size software companies, leaving their customers with no way to evaluate security.

Confidentiality Wall

SOC 2 reports are classified as restricted-use documents, shared only under NDA. The public cannot read them. Customers see a logo, not evidence.

Badge Without Proof

Customers cannot verify what was tested, what scored well, what scored poorly, or what was excluded. The badge says "trust us" without showing the work.

Trust by Transparency

The Open Trust Protocol operates on three principles.

1

Publish the Standard

The domains, controls, and scoring methodology are public. Anyone can read the rulebook.

2

Publish the Evidence

Companies that adopt the OTP publish a Compliance Report showing their scores, their evidence, and their gaps. No NDA, no paywall.

3

Disclose the Gaps

Perfection is not required. Honesty is. Every control not fully implemented must be disclosed with its current status and remediation plan.

Verified Trust Architecture

No single point of trust. No self-reporting. Tamper-evident by design.

1

AI Audit

Claude Code scans the actual codebase against all 47 OTP controls. No self-reporting — AI reads the code and scores it.

2

Artifact Published

The audit report is published as a Claude Artifact — immutable, timestamped, and hosted by Anthropic. Not the company being audited.

3

E-Signed

The same report is e-signed via AdaptDoc with cryptographic verification. Published on opentrust.adaptensor.com.

4

Verified

Anyone can compare the artifact on claude.ai with the signed report on this site. Tamper-evident dual-source verification.

Security transparency should not be gated by ability to pay.

Customers deserve to read the evidence, not just see the badge.

Read the SpecificationRead the Manifesto