One governance discipline. Two tiers.
Every product enforces the same idea: a deterministic decision in the path of an AI action, before it executes, with a record you can replay. What changes between tiers is the assurance bar — from ordinary connected enterprise environments up to the air-gapped, mission-critical forward edge.
The surface-to-tier map
Where each product sits, what it governs, and the deployment it is built for. The flagship sets the assurance bar; the connected tier brings the same discipline to everyday environments.
| Surface | Tier | What it governs | Built for |
|---|---|---|---|
| High-Assurance Gateway | Flagship | AI interactions and agent actions at a cross-domain boundary — intercept, evaluate against deterministic policy, enforce one of its deterministic decisions, attest with a replayable receipt. | The forward edge: air-gap-capable, cross-domain, DDIL, mission-critical OT and defense autonomy. |
| Agent Governance | Connected | Autonomous-agent tool calls at the LLM-call boundary — the same deterministic, pre-execution decision, delivered as an in-path proxy / SDK layer. | Teams building autonomous AI systems in ordinary connected environments. |
| AI Chat Firewall | Connected | People using web-based AI assistants — a browser extension that inspects prompts and enforces policy before data leaves the browser. | Enterprises closing the shadow-AI gap at the point of use. |
| Governance Dashboard | Connected | Policy authoring, decision visibility, and the audit/receipt trail across the connected-tier surfaces. | Security and compliance teams operating the connected tier. |
The connected-tier surfaces (extension, proxy, dashboard) are available today. The High-Assurance Gateway is engaged through a briefing and deployment process. Accreditation status and deployment posture are discussed under briefing — see the candid roadmap below.
The gateway is the flagship
The High-Assurance Gateway is an external, deterministic, pre-execution enforcement layer — the AARM-aligned Protocol Gateway pattern. It intercepts every governed AI action, evaluates it against versioned policy with no model in the decision path, enforces one of its deterministic decisions, and writes a tamper-evident, replayable receipt.
It is built in Rust, with a Cedar policy engine, data diodes, protocol breaks, and parsers designed for formal verification (in progress), and is designed against NSA cross-domain standards. It sets the assurance bar the rest of the platform follows.
The decision engine
- ALLOWThe action is within policy. It proceeds.
- DENYThe action violates policy. It is blocked before it executes.
- MODIFYThe action is transformed into a safe form — redacted, downscoped, or stripped.
- DEFERThe action is held for asynchronous review.
- STEP_UPOn the roadmap (not yet shipping): stronger authorization — or a human in the loop — is required before it proceeds.
A model may inform a policy, but never makes the decision. The decision is deterministic policy over canonical inputs — which is what makes it replayable and accreditable.
The connected tier
The same governance discipline, delivered for ordinary connected enterprise environments. Available today.
AI Chat Firewall
A browser extension that inspects every prompt and enforces policy before sensitive data reaches a public AI service.
Agent Governance
An in-path proxy / SDK layer that makes deterministic, pre-execution decisions on autonomous-agent tool calls.
Governance Dashboard
Policy authoring, decision visibility, and the shared audit and receipt trail across the connected-tier surfaces.
Stated honestly
Buyers in this space do real diligence. Here is the honest line between what exists today and what is roadmap.
Today
- A deterministic gateway with a Cedar policy engine, a Merkle-logged replayable audit trail, data diodes, protocol breaks, and parsers designed for formal verification (in progress) — designed against NSA cross-domain standards.
- The connected-tier surfaces — browser extension, LLM proxy, and dashboard — running in ordinary connected environments.
- The deterministic decision engine and the no-model-in-the-decision-path architecture.
Roadmap — not yet true
- No Authorization to Operate. Not FedRAMP-authorized, not CMMC-certified, not NSA-certified, no IL4/5/6 accreditation.
- Tactical-edge non-functional targets — bounded sub-millisecond latency, validated true air-gap, formal non-bypassability — are being gated against an internal evaluation, not reported results.
- No production customers and no published usage or performance metrics. We have none to publish honestly.
Start where your assurance bar is
Try the connected tier today, or request a briefing on the flagship gateway for air-gapped and cross-domain deployment.