Security · AI Governance

Enterprise security.
AI governance.

Every AI request flows through a 7-stage governance pipeline. Every user action is logged. Every data access is traceable. Built for regulated manufacturing from day one.

Render 028 · Security Posture
/security/posture
Pipeline 7 Stage AI pipeline
Controls 6 AI controls
Roles 0 RBAC roles
Coverage 100% Audit coverage
All security layers operational SSO · MFA · Bcrypt 12 · TLS GDPR · CCPA ready //
AI Security Pipeline

Seven layers. On every request.

No AI request reaches an LLM without flowing through every stage. The pipeline is non-bypassable, fully audited, and runs synchronously on each call.

Render 029 · AI Pipeline Diagram
/security/ai-pipeline
// 01 Team Guard // 02 Kill Switch Global · division · team // 03 Rate Limit 60 RPM default // 04 Budget Check Daily token budget // 05 Scope Validate Data boundary check // 06 LLM Call Claude or GPT // 07 Audit Log Non-blocking // Request In Response Out //
// Pipeline summary

Non-bypassable. Fully audited.

Every agent request transits all seven stages in order. A failure at any stage blocks the call and writes a denial event to the audit log. There is no admin override and no fast path for "trusted" callers.

The 7-stage architecture means no single misconfiguration can leak data, blow a token budget, or violate scope. Defense is layered, not perimeter.

Synchronous stages 7 of 7
Bypass paths 0
Default rate limit 60 RPM
Audit coverage 100%
Kill switch latency 0 ms cache
// 7 stages · 0 bypass paths Synchronous · non-blocking audit Layered defense · not perimeter //
AI Controls

Six controls. Granular.

Each control is independently configurable per team and per division. Defaults are conservative. Loosen them only where your operating model requires.

Render 030 · AI Controls Matrix
/security/ai-controls
Control / 01

Kill Switches

Three levels at global, division, and team scope. Instant shutdown with zero caching delay. No staged ramp-down required.

Levels · 30 ms cache
Control / 02

Scope Registry

Declarative data boundaries between agents. Safety agents cannot query Finance models. Cross-domain access requires explicit registration.

DeclarativePer-agent
Control / 03

Rate Limiting

Per-user and per-team requests-per-minute via Redis. Default 60 RPM. Configurable up or down per team based on workload.

60 RPM defaultRedis-backed
Control / 04

Token Budgets

Daily token budget per team. Soft warning at 80% of budget. Hard stop at 100%. No surprise bills, no runaway agent loops.

Soft 80% · hard 100%Daily reset
Control / 05

API Key Management

Per-team encrypted keys with rotation policy. Per-team model allowlists. Bulk update on compromise. Keys never appear in logs or in transit unencrypted.

Encrypted at restAllowlisted
Control / 06

Security Monitor

Validates access on every request. Violations logged with full context: caller, scope attempted, rejection reason, timestamp.

Per-requestFull context
// 6 controls · per-team configurable Conservative defaults Independently versioned //
Platform Security

Enterprise authentication.
Data protection.

A specification sheet for the platform's identity, access, and data-protection layer. Every entry is shipping in production today.

Render 031 · Platform Security Sheet
/security/platform-spec
Identity Authentication
Single Sign-On (SSO) SAML 2.0 and OIDC. Identity provider integration.
SAML · OIDC
Multi-Factor Authentication TOTP for admin and executive roles. Step-up on sensitive actions.
TOTP · step-up
Auth Rate Limiting 5 login attempts per 60 seconds. Lockout after 5 failed attempts.
5 / 60s
Password Hashing Bcrypt with 12 rounds. Configurable up. Pepper available.
Bcrypt 12
Access Control RBAC
Role-Based Access Control 12 built-in roles. Per-department permissions. Custom roles supported.
12 roles · per-dept
Audit Trail Every mutation logged with actor, timestamp, before and after state.
100% coverage
Session Management Configurable session timeout, idle timeout, and concurrent session limits.
Configurable
Encryption and Data In transit and at rest
Transport Encryption TLS 1.2+ enforced site-wide. HSTS preload eligible.
TLS 1.2+
Data at Rest AES-256 disk encryption. Per-tenant key isolation.
AES-256
Backup Strategy Daily encrypted snapshots. Point-in-time recovery within retention window.
Daily · PITR
Privacy and Compliance Regulatory
GDPR Data subject export. Right to erasure. Anonymization workflows.
Export · erase
CCPA Do-not-sell flag honored at the consent ledger. Annual disclosure ready.
Do-not-sell
Industry Compliance ITAR, CMMC, FDA 21 CFR, AS9100, IATF 16949, ISO 9001 ready.
6 frameworks
// Platform security specification SSO · MFA · RBAC · AES-256 · TLS 1.2+ Production v1 //
Get the deep dive

Security questions?

Walk through the complete architecture during your demo. Bring your IT lead, your CISO, or your auditor. Cortrova will answer every question on the record.

Request a Security Demo → Explore Trunnion AI