Across the A&D supply chain — primes, tier-1 suppliers, and the small subs that hold the same CUI — export-controlled technical data and Controlled Unclassified Information cross AI boundaries the same way any other data does: pasted into a chat window, attached to a prompt, handed to an autonomous agent. Containment.AI enforces at the point of use with deterministic decisions, no model in the decision path, and fail-closed defaults. (Pre-ATO; no production deployments yet.)
A Technology Control Plan and a CMMC assessment describe what is supposed to happen. Neither one intercepts the keystroke when an engineer drops a controlled drawing, a flight-test dataset, or a propulsion spec into a public LLM. That interception is a different layer — and it's the layer that actually prevents a deemed export.
Necessary. Not sufficient. A control plan doesn't stop a paste.
Enforcement happens at the keystroke and the action, not at the audit.
When a stress engineer pastes an ITAR-controlled airframe analysis into a public LLM to "summarize the findings," a Technology Control Plan doesn't help.
Containment.AI's runtime layer is built to block the submission.
ITAR and EAR-controlled technical data — and the CUI that flows down to every sub on the program — crosses LLM boundaries through ordinary employee workflows. Documentation tells an engineer it's against policy. The runtime layer is designed to stop the submission before the data leaves the endpoint, and to write a tamper-evident record of the decision.
Two adoptable tiers today, plus a flagship gateway for cross-domain and air-gap-capable environments — all one governance discipline.
Chrome extension that inspects employee prompts to ChatGPT, Claude, Gemini, and other web AI services in real time. Designed to block export-controlled, ITAR/EAR-flagged, and CUI-bearing submissions before they leave the endpoint.
Deterministic guardrails that authorize autonomous agent actions before execution — pre-execution evaluation against your policy, no probabilistic fallbacks, no LLM-judging-LLM.
An AI cross-domain solution designed against NSA cross-domain standards (not NSA-certified). One-way data diodes, protocol breaks, and a parsing path designed for formal verification (in progress, not yet attested) — an edge-ready, air-gap-capable architecture for the mission-critical end of the program.
Containment.AI is pre-ATO and has no production deployments yet. We do not claim FedRAMP authorization, FIPS validation, or an Authorization to Operate, and an ATO path is a roadmap item — not something we hold today. Compliance platforms operate at the documentation and authorization layer; we operate at the runtime enforcement layer. The two are complementary.
Our underlying cross-domain technology is designed against NSA cross-domain standards, and we are building the parsing path toward formal verification (verification in progress, not yet attested). Our compliance roadmap — SOC 2 Type II, ISO 27001, FedRAMP — is detailed on our compliance page. Containment.AI is also aligned with AARM v1.0 — the Cloud Security Alliance runtime-governance specification for autonomous AI agents (attestation forthcoming).
A 30-minute briefing. We'll walk through how the runtime layer is designed to intercept an export-controlled paste and authorize agent actions pre-execution, with the audit log written as the decision is made — and where the gateway fits for cross-domain and air-gap-capable environments.
We are onboarding a small number of aerospace & defense design partners. See the design-partner tier for details.
Or email enterprise@containment.ai directly.