Safety is the requirement not the feature.
We do not treat safety as something we add on top of a system that already works. It is the bar a system has to clear before it ships at all. This page covers what that means in practice and how to reach us if you find something wrong.
Six rules. They apply to every release.
Safety is the deployment gate.
If a model or product is not safe to ship, it does not ship. There is no internal commercial review that can override this.
The runtime is what we secure.
A model is one input. What we control, in practice, is the runtime around it: which weights run, where inference happens, what each tool call is allowed to do, and who approves it.
A human approves every consequential action.
Every Dropstone tool call that touches a real system passes through a human approval. The same gate applies on Fast, Pro, and Heavy.
External oversight, not just internal review.
The Governance and Advisory Council and the Research Integrity Council operate outside the executive team. They can decline a release on safety grounds.
Open methods, open results.
Evaluation scripts, methodology, and benchmark numbers are public. We would rather be checked than trusted.
Honest about what we cannot prove.
No one can prove a frontier model is free of embedded behaviour. The runtime is what keeps that uncertainty from becoming an execution risk. We say so out loud.
Where each commitment lives.
Each of the rules above is written up in a longer document. These are not marketing pages. They are how we work, in the same words our team uses internally.
Found something? Tell us.
We respond to credible reports about a security vulnerability or unsafe model behaviour within one business day. Pick the channel that fits.
Read our disclosure policySafety is not a section of the site.
It is the rule the rest of the site is built against. If what you read here does not match what we ship, write to us and we will fix one or the other.