Security & Compliance

The control plane is the
security posture.

Vertirite exists because deploying AI on regulated infrastructure requires a layer your existing PAM, SIEM, and OPA stack cannot give you: classification of intent, mode authority, and an append-only audit trail your auditors can sign.

Six principles. Non-negotiable.

01

Out-of-band authority

The mode that decides whether an AI action runs is set OUTSIDE the AI's reach. A compromised model, a prompt-injected agent, or a runaway script cannot escalate itself out of LOCKDOWN. The mode authority is a separate process with a separate trust boundary.

02

Code-reviewed capabilities

An AI agent gains a new capability the same way a junior engineer gains a new permission: by a pull-request to a reviewed YAML manifest. Adding a capability is never a runtime toggle. The audit log records the merge SHA next to every action that capability authorizes.

03

Cryptographic attribution

Every audit row is signed with a per-tenant key chain. A row cannot be removed without breaking the chain. Auditors can reconstruct the exact sequence of actions on any tenant in any time window — and verify the sequence was not tampered with.

04

Fail-closed on broker failure

If the Vertirite broker becomes unreachable, every protected system fails CLOSED — automated callers cannot act. The AI does not get to keep going on stale state during an incident. This is the opposite of every consumer AI tool's default.

05

Customer keeps the keys

On Enterprise (self-host), customer data never leaves customer infrastructure. On hosted tiers, encryption-at-rest uses your KMS keys; we hold the data path, you hold the key path. Revocation is one API call away.

06

Honest disclosure

Every posture above marked 'in-flight' or 'roadmap' is plainly labeled — not buried in fine print. We will not claim a control we have not implemented. If a buyer needs something not on this list, we'll tell you in the demo, not after the contract.

Posture matrix — honest version

What's operational today. What's in flight. What's roadmap. We will not claim a control we have not implemented.

Authentication
Mutual TLS + signed JWT (ES256). All tokens short-lived; refresh on every action.
✓ operational
Authorization
Per-tenant isolation; capability registry as a code-reviewed change; role-based middleware.
✓ operational
Audit log
Append-only; cryptographic per-row attribution; tenant-scoped read API.
✓ operational
Mode authority
Out-of-band: AUTONOMOUS / CONTROLLED / ESCALATION_REQUIRED / LOCKDOWN. The AI cannot override its own gate.
✓ operational
Approval queue
Web UI + CLI today. Webhook-out (Slack / Teams / ServiceNow / PagerDuty) on Business+.
✓ operational
Data-at-rest encryption
Postgres + filesystem encrypted via your KMS keys (AWS KMS, Azure Key Vault, GCP CMEK supported on Enterprise).
✓ operational
Data-in-transit
TLS 1.3 minimum on every external surface; mTLS internal.
✓ operational
Tenant isolation
All multi-tenant code paths thread tenant_id end-to-end. 2-tenant bleed test passing in CI on every PR.
✓ operational
Backup & DR
Weekly auto-backup with restore-test logged to fleet-maintenance log; weekly restore drill.
✓ operational
GDPR / CCPA delete
DELETE /v1/me cascades user data, tenant data, downstream LiteLLM team revocation.
✓ operational
BAA (medical)
Available on Enterprise tier; mutually executed before any PHI touches the system.
✓ available
SOC2 Type 2
Drata onboarding scheduled for Day 5 of launch (2026-05-05); 'in flight' letter available for procurement immediately after.
⏳ in flight
HIPAA Privacy & Security Rule
Self-attested compliance against Security Rule today; third-party assessment Q3 2026.
⏳ in flight
FedRAMP
FedRAMP Moderate tracked for 2027; specifically for federal-prime + healthcare-research customers asking for it.
ⓘ roadmap
Penetration testing
First annual third-party pentest scheduled Q3 2026; report shared with Enterprise customers under NDA.
⏳ scheduled

Architecture in one paragraph

A protected system runs surge-agentd, a small daemon that proxies every privileged action through Vertirite. The daemon authenticates with mTLS to the broker; the broker checks the action against the capability registry, the mode authority, and any active approval rules. Approved actions execute. Denied actions return a structured error with the audit row id. Every step appends to the audit log. The AI agent invoking the action has no access to the audit log, the capability registry, or the mode authority — those are out-of-band. The customer’s mode authority lives in their own process; we hold the policy contract, they hold the kill switch.

For a deeper architecture walkthrough, request the technical docs. For a 30-minute demo on your screen, see Theatre.

Need our SOC2 letter, BAA template, or pen-test report?

Email [email protected] with your company + tier interest. We respond within one business day during US business hours.

Email [email protected]