Security & Trust

Security is architecture,
not a feature.

Ulfberht is built for environments where a data breach, a compliance gap, or a single unauthorized transmission carries regulatory and operational consequence. Every design decision reflects that.

Request Security Documentation View Certification Status

Principles

Four non-negotiables

These are not product differentiators. They are the conditions under which we agreed to build this platform.

Principle 01

Zero Trust by Default

Every agent-to-agent communication is verified. No implicit trust between components, sessions, or services. Trust is granted by explicit cryptographic scope, not by position in the pipeline.

Every message treated as potentially compromised until verified. No lateral movement possible by design.

Principle 02

Air-Gap Ready

Full on-premises deployment with zero external calls. Your data, your models, your network boundary. Ulfberht operates entirely within your infrastructure when deployed on-premises -- nothing leaves your environment.

Designed for classified, clinical, and highly regulated environments where external connectivity is not permitted.

Principle 03

Cryptographic Integrity

Hash-linked audit trails. Tamper-evident governance records. Every verification decision is cryptographically sealed. Zero-knowledge compliance proofs allow you to demonstrate regulatory adherence without exposing the underlying data.

Auditors receive proofs of process -- not raw data. Patient records, proprietary inputs, and confidential business data stay private.

Principle 04

No Training on Your Data

Your AI outputs are verified, not stored. We do not train models on customer data. We do not retain outputs beyond the active verification session. Your data is not Ulfberht's product. It never was. It never will be.

This applies to all deployment modes: cloud, on-premises, and air-gapped. No exceptions by tier, contract size, or use case.

Certification Status

Built for regulated environments

Ulfberht is architected for the frameworks your compliance and legal teams already operate under. Certifications are pending. We note current design intent and architecture posture -- not certifications we have not yet obtained.

US | Security Pending

SOC 2 Type I

SOC 2 Type I certification pending. Security, availability, and confidentiality trust service criteria addressed in architecture.

US | Healthcare Pending

HIPAA

HIPAA compliance pending. PHI handling, minimum necessary access, and audit logging designed to HIPAA Security Rule requirements.

EU | AI Pending

EU AI Act

EU AI Act compliance pending. Architecture addresses Article 14 (human oversight) and Article 15 (accuracy and robustness). Oversight tier classification and claim verification provide the technical mechanism these articles require.

US | AI Risk Pending

NIST AI RMF

NIST AI RMF alignment pending. Verification layers address the four RMF functions: GOVERN, MAP, MEASURE, and MANAGE. Behavioral pattern detection and audit trails address measurable risk tracking requirements.

US | Federal Pending

FedRAMP

FedRAMP authorization pending. Infrastructure architecture addresses FedRAMP control families. On-premises and air-gapped deployment options support federal environment requirements where cloud authorization is restricted.

International | Security Pending

ISO 27001

ISO 27001 certification pending. Information security management controls address Annex A requirements. Access control, cryptography, operations security, and supplier relationships addressed in system design.

EU + US | Privacy Pending

GDPR / CCPA

GDPR and CCPA compliance pending. Data subject rights architecture, PII detection in AI outputs, right to erasure support, and data residency options designed to support these obligations.

International | AI Mgmt Pending

ISO 42001

ISO 42001 certification pending. AI management system requirements addressed. Risk assessment, impact analysis, and continual improvement processes designed to align with the ISO 42001 AI governance framework.

"Pending" indicates architecture intent and active pursuit, not formal certification status. Formal certification documentation and security questionnaire responses available upon request.

Data Handling

Where data flows -- and where it stops

Ulfberht processes AI outputs through a verification pipeline. Data flows in, governance decisions flow out. Nothing is stored beyond the active session.

INPUT

AI output received

Claims extracted, context read, session scoped

VERIFY

Six-layer verification pipeline

Data processed in-memory within your environment

OUTPUT

Verified result delivered

Confidence score, claim status, audit record written

STOP

Session closes. Nothing retained.

No persistent storage of AI input or output data

Encryption

In transit and at rest

In transit: TLS 1.3 minimum. Older protocol versions disabled.

At rest: AES-256 encryption. Keys managed per customer in cloud deployments.

Customer-managed encryption keys available for enterprise tier.

Data Residency

Your data, your region

Cloud deployment: region selection available (US, EU, AP).

On-premises: data never leaves your physical infrastructure.

No cross-region data transfer without explicit customer authorization.

Individual Rights

Right to erasure

Data subject access request (DSAR) process supported.

Deletion requests honored across all stored configuration and audit log data.

PII detection in AI outputs flags data that may require handling under GDPR / CCPA.

Infrastructure

Three deployment modes. One security posture.

Every deployment mode maintains the same security architecture. The difference is boundary ownership, not security level.

Option A

Cloud

Hosted on SOC 2 pending infrastructure. Managed by Ulfberht. Customer configures access controls, selects data region, and manages encryption keys.

SOC 2 pending infrastructure
VPC isolation per tenant
Region selection: US, EU, AP
Managed updates and patching

Option B

On-Premises

Deployed within your infrastructure. Your network, your servers, your policies. Ulfberht provides the software layer. Your team controls the environment.

No external connectivity required
Integrates with existing IAM
Customer-controlled update schedule
Suitable for regulated industries

Option C

Air-Gapped

Fully isolated deployment. Zero external calls. Designed for classified, clinical, and critical infrastructure environments where network isolation is a hard requirement.

Zero external network dependency
Offline license verification
Physical media update delivery
Targeting FedRAMP-adjacent environments

Access Control

Identity and authorization

Role-based access control (RBAC) with least-privilege defaults. Granular permission scopes per user, team, and integration.

SSO / SAML 2.0 support for enterprise identity providers. SCIM provisioning for automated user lifecycle management.

MFA enforced for all administrative and privileged access paths. Hardware key support available.

Network Security

Isolation by default

VPC isolation per customer deployment. No shared networking between tenants in cloud mode.

No public-facing administrative endpoints. Management interfaces restricted to private network access.

Egress filtering enforced. Outbound connections explicitly allowlisted -- no implicit internet access from the verification pipeline.

Monitoring

Real-time visibility

Structured security event logging with immutable audit trail. Every access, every action, every governance decision logged.

Anomaly detection on authentication patterns and API usage. Threshold alerts for unusual access volumes or timing.

Customer-accessible security event export for SIEM integration. Splunk, Datadog, and custom webhook delivery supported.

Responsible AI

The governance system has governance.

A verification platform that cannot be verified is not a security product. Ulfberht's governance layer applies the same scrutiny to its own evaluators that it applies to your AI systems.

This is not a philosophical position. It is an architectural requirement. If our evaluators drift, your AI outputs receive false confidence scores. That failure mode is designed out, not monitored for.

Self-monitored Explainable decisions Canary-tested

Canary Testing

Known-failure inputs are continuously passed through the governance pipeline. When the system begins approving outputs it should flag -- a drift indicator -- automatic recalibration triggers before any customer output is affected.

Explainable Governance Decisions

Every governance decision includes a reasoning chain. Why was this claim flagged? Which behavioral pattern was detected? What evidence supports the confidence score? No black-box verdicts. Your compliance team can read every decision.

No Governance Bypass

No agent within the platform can modify its own governance constraints. Permission to skip verification cannot be granted at runtime, only at the deployment configuration level -- and only to roles with explicit administrative authority. Bypassing governance is an auditable event, not a silent override.

Security Documentation

Request our security package.

For enterprise procurement and compliance review: security questionnaire responses, architecture documentation, data flow diagrams, and subprocessor list available upon request under NDA.

Request Documentation View Platform Architecture

Formal certification documentation and security questionnaire responses available upon request. "Pending" reflects certification intent and current architecture posture at time of writing and does not constitute a certification claim or compliance guarantee. Contact your legal and compliance team to assess suitability for your regulatory environment.