Security
Sealed by design.
Security here is a feature, shown with quiet confidence. Everything a CISO or a floor-level auditor needs to relax is built into the product, not bolted on after. It runs entirely inside your perimeter and never calls an external AI provider.
Sealed · zero egress
Live on every deployment. Outbound attempts are counted and logged; the count has never moved.
outbound attempts
0
external AI calls
0
Zero data egress
Outbound is default-deny at the firewall. No log line, prompt, or answer can leave your network. The deny log is your standing evidence; it stays empty.
On-prem & air-gap
Runs fully offline. No license phone-home, no telemetry, no model sync. Air-gapped installs ship as signed, hash-verified bundles.
Role-based access
Every role is scoped to explicit folder prefixes. Each ClickHouse query and vector search is filtered server-side, so a role can never read outside its scope.
Immutable audit trail
Every question is recorded and hash-chained to the previous row. Tamper is detectable; the ledger forwards to your SIEM over CEF.
Your own weights
Orbis is fine-tuned on your logs and served from your hardware. The weights never leave, never sync to a vendor, and are hashed for attestation.
Attestation pack
One export gives compliance the firewall rules, SBOMs, image digests, and signed model hashes: everything an auditor asks for, on demand.
How it's enforced
Egress is denied by default, and proven.
The host firewall denies all outbound traffic except your internal networks. Every blocked attempt is logged, so the deny log doubles as standing compliance evidence. A one-line test in your pipeline proves no container can reach the internet.
- Outbound is default-deny; only your internal network ranges are allowed
- Every service runs fully offline, with telemetry disabled
- Air-gapped installs verify signatures before anything runs
PASS
egress blocked
Every deployment proves, in its own pipeline, that no service can reach the public internet. The result and the empty deny log are recorded as standing evidence for your auditors.
Attestation pack
Everything compliance asks for, exported inside your network.
A single, current bundle you hand to auditors. Generated on demand from the live system, never fetched from us.
Firewall egress export
CSVthe egress ruleset and the empty deny log
Software bill of materials
SPDXevery image and package, versioned
Model weight hashes
TXTSHA-256 of every served weight file
Container image digests
TXTpinned digests for every running service
Signed attestation manifest
JSONthe above, signed with your key
Network diagram
PDFdata-flow + trust boundary reference
Independently attested
SOC 2 Type II and ISO 27001 aligned. Reports available under NDA.
Talk to security
Bring your compliance team. We speak their language.
We walk your security and audit teams through the trust boundary, the attestation pack, and the air-gap install, before a single log is ingested.