Trust & assurance

Built for the security review — not bolted on after it.

Most AI vendors answer your security questionnaire after they’ve sold you. The Agent Forge was designed around the questions your security, data, and procurement teams are going to ask — because the answers are the architecture, not a patch applied later.

Bring your security team Read the doctrine

Posture at a glanceby design

your datanever leaves your perimeter

actionsallow-listed, single channel

every steprecorded as evidence

runs onyour infrastructure

if unsurehalts — never guesses

the guarantees are structural, not promised

The posture

Send your toughest reviewer. The architecture is the answer sheet.

The questions a serious buyer asks — where does our data go, what stops the agent acting outside its lane, show us evidence and not assurances — are the exact problems this system was built to solve first. We would rather have your security team in the room on day one than discover a blocker at the finish line.

Your data

It never leaves your walls.

The Agent Forge is self-hosted. The agent, the model it calls, your data, and the audit trail all run on your infrastructure. There is no outbound path for any of it.

We never train on your data — there is no training pipeline pointed at you. There is no third party in the data path: the model runs on your hardware, not someone’s API. Privacy here isn’t a setting that could be misconfigured. There is simply nowhere for the data to go.

How the perimeter holds

Autonomy

A fence around what it’s allowed to do.

The thing security teams fear about agents — that a “research” agent sends a real request, or a “retrieve” agent starts modifying records — is the thing this architecture forecloses.

Every real-world action passes through one governed channel, matched against an explicit allow-list. The model can request an action; it never writes its own privileged command and never reaches the shell. When it cannot verify a step, it halts with a named reason rather than guessing, and a human holds the final decision.

How actions are governed

Evidence

We don’t ask you to trust the process. We hand you the record.

A certification attests that a process exists somewhere. The audit trail shows the actual work — every decision, model call, and action, recorded as it happened and replayable end to end. That is the output-monitoring evidence a modern AI review asks for, except it is the real thing instead of a policy in a document.

Causal recordcau·9f2a17e3

produced_byexecutor.run_operation

decisionartifact_written

grounded_bysha256:4e9b…c1a2

parentcau·9f2a16f0

verified — output matches source

Governance

It speaks your governance team’s language.

The design maps cleanly onto the controls modern AI-governance frameworks describe — the NIST AI Risk Management Framework and ISO 42001 — so your reviewers can place each guarantee exactly where they expect to find it.

Grounding → the hallucination control a review looks for: respond only from verified source, or halt.

Governed actions → least privilege and bounded autonomy, enforced at a single channel.

The audit trail → documented, enforced output monitoring — as evidence, not a policy.

Self-hosted → data residency and subprocessor transparency, answered by construction.

Continuity

No single point of failure — us included.

Because the system runs on your infrastructure, it doesn’t depend on our servers staying up. It keeps running on your metal regardless of what happens on our end.

Source code escrow is available as a standard engagement term — a neutral third party holds the source and documentation and releases it to you on defined triggers, so you are never locked out. And every engagement hands over the structural documentation needed to run and maintain the system independently.

Start with scrutiny

Bring your security team early.

The sooner your reviewers see the architecture, the faster this moves. We would rather answer the hard questions on day one than at the finish line.

Request an engagement Read the doctrine