Security & Architecture
We remove the "Is my data safe?" question from your sales cycle entirely. Every system we build defaults to maximum isolation — on-premise, encrypted at every layer, and auditable at every step.
Deployment Architecture
Every engagement starts with a security posture conversation. We match your infrastructure reality with the deployment model that best protects your data — without sacrificing performance.
Model weights, inference engine, API layer, and monitoring stack all run within your data center. Zero cloud dependency. Your hardware, your rules, your auditors.
Deployed inside your dedicated AWS, Azure, or GCP VPC. Network-isolated from public internet. Combines cloud elasticity with private-network security guarantees.
For defence, intelligence, and highly regulated verticals. The inference system has zero network connectivity. Updates delivered via offline signed packages on hardened media.
Data Protection
We don't encrypt at the perimeter and trust everything inside. We apply independent encryption at every layer of the stack — from raw storage to model weights to the API response.
// Encryption Stack — Layer by Layer
You hold the root key. We never have access to your encryption keys — architecture enforced, not policy enforced. If you revoke the key, the model is unreadable, instantly.
Bring Your Own Key (BYOK)Inference runs inside Intel SGX enclaves where supported — meaning even a compromised host OS cannot read the model weights or the inference data passing through the system.
Intel SGX · AMD SEVEvery service-to-service call is authenticated via mutual TLS with short-lived certificates. No implicit trust within the perimeter. Every request is verified, logged, and rate-limited independently.
mTLS · SPIFFE / SPIREEvery inference request, model access event, key rotation, and admin action is logged to a write-once, cryptographically chained audit trail. Tamper-evident and regulator-ready out of the box.
WORM Logs · SHA-256 ChainMaximum Isolation
For environments where any network connectivity is unacceptable — classified government systems, critical infrastructure, and tier-1 financial networks — we operate with complete physical isolation.
// Network Topology — Air-Gapped Mode
⚠ External / Internet Zone
📦 Update Transfer Protocol (Offline)
✓ Secure AI Zone — Fully Isolated
Model upgrades are delivered as cryptographically signed package bundles on hardened removable media. The receiving system verifies vendor signature, package integrity hash, and version sequence before applying — and rejects anything that fails.
All cryptographic operations — key generation, signing, encryption/decryption — run inside a FIPS 140-2 Level 3 certified HSM. Keys are non-exportable; the HSM physically destroys them on tamper detection.
Monitoring, alerting, and dashboards run entirely within the air-gapped perimeter. Logs never leave. Metrics are consumed by an internal Grafana instance with no external data plane.
Our air-gap deployment runbook has been tested against IL4, IL5, and TEMPEST-adjacent requirements. We provide architecture documentation suitable for submission to security review boards.
Regulatory Compliance
Compliance is not a checkbox we tick at the end. It is an architectural constraint baked into every design decision from day one. Here's what we cover — and how.
Health Insurance Portability and Accountability Act
All PHI processed by our healthcare SLMs stays within your HIPAA-compliant boundary. Business Associate Agreements (BAAs) included with every healthcare engagement.
General Data Protection Regulation (EU/UK)
Data residency, right to erasure, and processing lawfulness are all architecture-level guarantees. We support SCCs and can deploy within specific EU jurisdictions on request.
System and Organization Controls — Type II
Our own platform infrastructure holds SOC 2 Type II certification across all five Trust Service Criteria. Client-facing deployments include continuous monitoring controls that satisfy SOC 2 requirements.
International Information Security Standard
Our ISMS is certified to ISO/IEC 27001:2022. We extend our ISMS controls to client deployments, providing a documented security management framework that satisfies enterprise procurement requirements globally.
Payment Card Industry Data Security Standard
Fintech deployments that touch cardholder data are scoped and segmented per PCI DSS v4.0. We architect the model inference layer to operate outside cardholder data environments where possible.
Federal Risk and Authorization Management Program
For US federal agency deployments, we architect against FedRAMP Moderate and High baselines. Air-gapped deployments are compatible with IL4/IL5 requirements for classified workloads.
Every enterprise engagement includes a Compliance Documentation Package: SOC 2 report (under NDA), ISO 27001 certificate, data processing agreement templates, BAA (for healthcare), architecture diagrams cleared for security review boards, and a completed vendor security questionnaire (VSQ) covering the most common enterprise procurement requirements.
Threat Modelling
We run formal threat modelling (STRIDE) against every deployment. Here is the threat landscape we architect against — and how each one is mitigated at the system level.
| Threat Vector | Mitigation | Status |
|---|---|---|
| Model Weight Exfiltration | AES-256 at rest + SGX enclave | ● Mitigated |
| Training Data Leakage | DP training + data residency | ● Mitigated |
| Prompt Injection Attack | Input sanitisation + output guard | ● Mitigated |
| Model Inversion Attack | Differential privacy + rate limits | ● Mitigated |
| Supply Chain Compromise | Signed packages + SBOM | ● Mitigated |
| Insider Threat | Zero-trust + immutable audit log | ● Mitigated |
| API Credential Theft | Short-lived tokens + mTLS | ● Mitigated |
| Adversarial Input | Adversarial training + detection | ◐ Architecturally Contained |
We design assuming any single component can be compromised. Lateral movement is prevented through strict network segmentation, least-privilege identities, and encrypted channels between every service.
Seven independent encryption layers means an attacker who bypasses one faces six more. No single vulnerability results in data exposure. Each layer has independent key management.
Every service account, API token, and human operator starts with zero permissions. Access is granted specifically, scoped minimally, and expires automatically. No standing elevated access.
Model packages, configuration files, and update bundles are all signed and verified before execution. No unsigned artifact is loaded into memory. Trust is mathematical, not organisational.
Request a Security Architecture Briefing — a 60-minute session with our security team where we walk through your specific threat model, compliance requirements, and how our architecture addresses each one.