Your data never leaves your network.
LibraOS deploys inside your own environment — air-gapped if you need it. Every request passes a 3-tier firewall; every answer is source-cited and logged. The buyer most sensitive to AI risk starts here — so we built for them first.
On-premise, air-gapped if you need it.
One 59MB Go binary, inside your own environment. No vendor cloud, no data egress. Your documents, prompts, and model traffic stay on your network — the deployment model regulated and security-first buyers require.
Your infrastructure. Runs where your data already lives — on-prem, private cloud (VPC), or fully air-gapped with no outbound connectivity.
~2 weeks to production. And your existing OpenAI-compatible clients point at it unchanged.
SOC2 / HIPAA support. Deployment and workflows built to fit regulated compliance regimes.
The 3-tier AI Firewall.
Inbound and outbound traffic is screened for prompt injection, jailbreaks, and PII — in three escalating tiers. On AgentDojo, attack success drops 35% with defenses on while benign utility holds at 90.7%.
Pattern screening
Deterministic rules catch known-bad shapes — injection markers, exfiltration patterns, PII formats — before anything reaches a model.
Risk scoring
A fast classifier scores residual risk on what passes tier 1, catching the novel and obfuscated variants regex can't.
Adjudication
An LLM judge adjudicates the ambiguous remainder — the small fraction where intent, not pattern, decides.
Screening runs on both directions — a compromised prompt is stopped on the way in; a leaking answer is stopped on the way out.
Every claim traced. Every action logged.
Grounding and supervision are not add-ons — they are how the system answers at all.
Grounded output
Every answer traces back to a source document in corporate or project knowledge. If it can't ground a claim, it says so rather than guessing.
Attributable
Every action a digital employee takes is logged and attributable to its task. If an auditor asks "what did the AI do?" — you have the record.
Scope line
Each employee acts below a confidence + scope line and escalates above it. External actions draft for human approval; the AI never crosses the line on its own.
Built to pass diligence.
Full methodology and per-run data available on request. Compatibility identifiers from earlier releases (env vars, OIDC client IDs, image tags) are honored indefinitely — no forced migration of wire or config surface.
Bring your requirements.
A 30-minute call with our engineering team — deployment model, firewall configuration, audit and compliance posture, walked end to end.
Read the docs, or book a review with the engineering team.