We Built the AI Safety Protocol
Context Relay Protocol™ (CRP) is an open HTTP-header standard for AI context governance, safety signalling, and automated compliance evidence.
Authored by AutoCyber AI Pty Ltd. Powers CRP Comply. Submitted to IETF, IANA, IEEE SA, and ISO/IEC JTC 1/SC 42.
What CRP Is
CRP is a protocol, not a product. It defines a vendor-neutral wire format — 58 HTTP headers, an envelope-packing algorithm, a 13-stage decision provenance engine, a safety-policy directive language, and a HMAC-chained audit trail — that any LLM client, any gateway, any observability tool, in any language, can implement.
It solves two operational problems at once: context management (unbounded windows, automatic continuation, coherent flow across calls) and AI safety & governance (hallucination scoring, fabrication detection, Safety Policy enforcement, automated EU AI Act / ISO 42001 / GDPR / NIST AI RMF evidence).
The protocol is implemented by an open reference library, deployed in production inside our products, and offered as a managed gateway service. The specification itself is open and free to implement — under standards-body submission to IETF, IANA, IEEE SA, and ISO/IEC JTC 1/SC 42.
What It Solves
Context Management
Unbounded output windows. Automatic continuation across calls. Coherent flow. No more truncation mid-task.
AI Safety Signalling
Hallucination risk scoring, fabrication detection, distortion detection, contradiction detection — on every call, in headers.
Compliance Evidence
Cryptographically verifiable EU AI Act, ISO 42001, GDPR, and NIST AI RMF evidence — emitted automatically per call.
Products Built on CRP
The protocol is real because real products run on it.
On the Standards Track
CRP is under review with the bodies that govern global protocol standards.
HTTP Field Name Registry — provisional CRP-* headers
Internet-Draft: draft-vidiniotis-crp-headers
Internet-Draft: draft-vidiniotis-crp-safety-policy
Project Authorization Request (PAR)
New Work Item via Standards Australia (DISR)
Technology Partner application
From open standard to enterprise-ready
The CRP™ specification is open and free to implement. AutoCyber AI builds the reference products on top — for compliance evidence, gateway enforcement, visualisation, and audit.
CRP Comply
Compliance evidence
Automated, tamper-evident compliance evidence for the EU AI Act, ISO/IEC 42001, GDPR, and NIST AI RMF. From CRP headers to audit-ready reports.
CRP Gateway
Policy enforcement
A drop-in HTTP gateway that enforces CRP safety policies, prompt-injection mitigations, and safety-budget controls at the edge — provider-agnostic, zero lock-in.
CRP Visualise
Audit & insight
Interactive views of context envelopes, provenance graphs, and decision chains — for security teams, auditors, and AI governance officers.
CRP Scan
Risk discovery
Continuous scanning of AI pipelines for CRP non-conformance, missing safety headers, and policy drift. Built for the OWASP LLM Top 10 (2025).
All CRP products are built on the open Context Relay Protocol™ specification. The protocol itself remains open and provider-agnostic; the reference implementation is licensed under the Elastic License 2.0.
CRP in the AI Stack
┌────────────────────────────────────────────────┐ │ A2A — Agent-to-Agent communication │ ├────────────────────────────────────────────────┤ │ MCP — Model Context Protocol (tools) │ ├────────────────────────────────────────────────┤ │ CRP — Context Relay Protocol ◀ AutoCyber AI │ │ Context governance · Safety signals │ │ Audit chain · Compliance evidence │ └────────────────────────────────────────────────┘
MCP gives agents tools. A2A lets agents communicate. CRP is the foundation layer that gives every AI call the safety, context, and audit chain it needs to be trusted in production.
Read the Full Specification
17 normative documents. Open and free to implement. Hosted on crprotocol.io.