Security brief

How SecRouter secures AI use — end to end.

SecRouter sits as the single, deny-by-default gateway between your teams and every model. Every request is authenticated, authorized, routed, and logged; nothing reaches a model you didn't sanction, and data never leaves your boundary unless policy says so.

Deny-by-default · Self-hosted / GovCloud / air-gap · Tamper-evident audit

The control model

Four gates around every model

SecRouter is the only path from your applications to a model, and it refuses anything that isn't explicitly allowed. A request flows through authentication (who is this?), authorization (may they use this tier and model, within budget?), routing (which model is cheapest-capable?), and an egress gate (is this destination authorized for this data classification?) — and the entire path is written to a tamper-evident log. If any gate says no, the request never leaves the boundary.

Controls

What's enforced, by area

Identity & access

Every request carries a validated OIDC token from your IdP, with MFA asserted from the token. Authorization is deny-by-default.

  • OIDC SSO with MFA enforcement
  • RBAC from group / role claims
  • Per-group and per-user model allowlists
  • Lock an individual account below the org default

Data flow & egress

Each destination is allow-listed by host and tagged with the classifications it may receive. A request above its clearance is refused before any bytes leave.

  • Deny-by-default upstream allow-list
  • Data-classification gate per request
  • In-boundary or GovCloud endpoints only
  • No provider you didn't sanction

Audit & accountability

Every auth, authorization, routing, and usage event is recorded — metadata only, never prompt or response content — in a tamper-evident chain.

  • Hash-chained, tamper-evident log
  • Metadata only: counts, model ids, decisions, hashes
  • Traceable to an individual principal
  • Forward to your SIEM over syslog

Deployment & isolation

Run SecRouter on your own infrastructure — fully disconnected if required. You hold the keys; the config fails closed if it isn't safe.

  • Self-hosted, GovCloud (IL4–5), or air-gapped
  • No outbound calls required
  • Non-root, least-privilege runtime
  • Fail-closed startup validation

Cryptography

Token-signature verification and TLS run through the host crypto provider, so SecRouter inherits a FIPS-validated module when one is present.

  • FIPS-aware; fail-closed when FIPS is required
  • TLS 1.2+ with a FIPS cipher policy
  • Signed-token verification (no symmetric/none algs)
  • Terminate TLS at a validated front end, or natively

Compliance alignment

Controls map to NIST SP 800-171 Rev 2 and selected SP 800-172 enhancements — the technical baseline behind CMMC Level 3.

  • NIST 800-171 R2 control mapping
  • Selected 800-172 enhancements
  • CMMC Level 3 control mapping
  • Evidence exportable for assessors

On compliance: these are control mappings that accelerate your assessment, not a certification. Certification (SOC 2, FedRAMP, a CMMC assessment) is an organizational activity for your environment as a whole.

Shared responsibility

Where SecRouter ends and your environment begins

SecRouter enforces the application layer. Your environment provides the rest: a FIPS-validated crypto module (or a FIPS-terminating front end), your enterprise IdP and MFA, the network enclave (GovCloud or air-gap), time synchronization for the audit clock, and the SIEM that receives the audit stream. Map both halves and the accreditation boundary is clear.

Map SecRouter to your
compliance posture.

Request a briefing and we'll walk the control set against your environment and accreditation requirements.

Request a briefing Back to overview