amp; Deployment
LIBRAOS // v0.9
Runs in your environment Security & deployment

Your data never leaves your network.

LibraOS deploys inside your own environment — air-gapped if you need it. Every request passes a 3-tier firewall; every answer is source-cited and logged. The buyer most sensitive to AI risk starts here — so we built for them first.

01

On-premise, air-gapped if you need it.

One 59MB Go binary, inside your own environment. No vendor cloud, no data egress. Your documents, prompts, and model traffic stay on your network — the deployment model regulated and security-first buyers require.

Your infrastructure. Runs where your data already lives — on-prem, private cloud (VPC), or fully air-gapped with no outbound connectivity.

~2 weeks to production. And your existing OpenAI-compatible clients point at it unchanged.

SOC2 / HIPAA support. Deployment and workflows built to fit regulated compliance regimes.

02

The 3-tier AI Firewall.

Inbound and outbound traffic is screened for prompt injection, jailbreaks, and PII — in three escalating tiers. On AgentDojo, attack success drops 35% with defenses on while benign utility holds at 90.7%.

TIER 1 · REGEX

Pattern screening

Deterministic rules catch known-bad shapes — injection markers, exfiltration patterns, PII formats — before anything reaches a model.

TIER 2 · ML

Risk scoring

A fast classifier scores residual risk on what passes tier 1, catching the novel and obfuscated variants regex can't.

TIER 3 · LLM JUDGE

Adjudication

An LLM judge adjudicates the ambiguous remainder — the small fraction where intent, not pattern, decides.

Screening runs on both directions — a compromised prompt is stopped on the way in; a leaking answer is stopped on the way out.

03

Every claim traced. Every action logged.

Grounding and supervision are not add-ons — they are how the system answers at all.

SOURCE-CITED

Grounded output

Every answer traces back to a source document in corporate or project knowledge. If it can't ground a claim, it says so rather than guessing.

AUDIT TRAIL

Attributable

Every action a digital employee takes is logged and attributable to its task. If an auditor asks "what did the AI do?" — you have the record.

SUPERVISION

Scope line

Each employee acts below a confidence + scope line and escalates above it. External actions draft for human approval; the AI never crosses the line on its own.

04

Built to pass diligence.

ON-PREM Data never leaves your network AIR-GAPPED No egress required SOC2 / HIPAA Compliance support −35% Attack success · AgentDojo 90.7% Benign utility held ×3-CERTIFIED Every published number

Full methodology and per-run data available on request. Compatibility identifiers from earlier releases (env vars, OIDC client IDs, image tags) are honored indefinitely — no forced migration of wire or config surface.

SECURITY REVIEW

Bring your requirements.

A 30-minute call with our engineering team — deployment model, firewall configuration, audit and compliance posture, walked end to end.

libraos · security/review

Read the docs, or book a review with the engineering team.