Vigilant Architect (ASSP)
Made autonomous AI viable for security operations inside regulated, air-gapped environments
Code-complete, 355 tests passing
Context
Security teams in regulated environments face a widening gap. Modern AI can transform how they work, but the platforms that deliver that capability live in the cloud — off-limits in air-gapped and high-compliance settings. Without infrastructure that can safely run autonomous AI agents on-premise, these teams are forced to choose between modern capability and compliance, with nothing in between. That choice is the real cost of the gap.
Constraints
The platform had to run entirely on-premise with zero cloud dependency and be deployable in air-gapped environments. Every action an AI agent takes had to be auditable and reversible — hallucinated output could not become a finding, and no agent could exceed its authorized scope. It had to support multiple distinct security workflows from a single unified control surface, while keeping each workflow fully isolated from the others and from the host.
Approach
Designed the platform around a single principle: in a regulated environment, an AI that cannot prove the provenance of every action it takes has no place operating autonomously. Every architectural decision — how agents are scoped, how their outputs are challenged, how authority is delegated and kept bounded — flows from that. Built end to end, from control plane to sandbox runtime, with accountability designed in from the first commit.
Impact
Code-complete across every planned capability, with 355 tests passing and zero regressions. Ready for on-premise deployment in regulated environments where cloud-based AI tooling is not an option. Demonstrates that autonomous AI in security operations can be done responsibly — with compliance, auditability, and reversibility built in from the start rather than retrofitted.
Lessons
The hardest problem was not making the AI capable — it was making it accountable. Auditability cannot be bolted on at the end; the moment an AI can take an action that cannot be verified or reversed, trust collapses and the platform becomes unusable in the environments it was built for. "Can we prove this is safe?" had to come before "does this work?" on every decision.
Back to Projects