Enterprise Security

Security & Compliance

How EVE AI Core protects your AI infrastructure. Deterministic governance enforcement, cryptographic audit trails, and zero-trust architecture designed for the most demanding enterprise environments.

Report vulnerabilities: security@eveaicore.com
🔒
SOC 2 Type II In progress
🛡
ISO 27001 Planned
21/21 Internal Red-Team
📜
90 Provisionals U.S. Filed
🔐

Data Protection

AES-256 encryption at rest TLS 1.3 in transit No PII in logs

Encryption at Rest

All stored data is encrypted with AES-256-GCM using per-tenant keys derived from a hierarchical key derivation scheme. Database volumes, backup snapshots, and privacy vault entries use independent encryption contexts. Key rotation occurs every 90 days with zero-downtime re-encryption.

Encryption in Transit

All network communication enforces TLS 1.3 with forward secrecy. Internal service-to-service traffic uses mutual TLS (mTLS) with certificate pinning. Cipher suites are restricted to TLS_AES_256_GCM_SHA384 and TLS_CHACHA20_POLY1305_SHA256.

PII Handling

Personally identifiable information is never written to application logs, governance audit trails, or telemetry streams. The PII redaction engine operates inline at the prompt firewall stage before any data reaches the LLM or logging infrastructure.

Redaction Map

The PII redaction map that tracks entity-to-token substitutions exists only in process memory for the duration of a single request. It is never persisted to disk, cached, or transmitted to external services. On request completion, the map is zeroed and deallocated.

Privacy vault entries use PBKDF2 key derivation (600,000 iterations) with AES-256-GCM for user-controlled encrypted data storage with configurable retention policies.
🔑

Access Control

JWT authentication Role-based access (5 roles) Scoped API keys

Authentication

JWT-based authentication with configurable expiration, refresh token rotation, and automatic session invalidation. Tokens are signed with HMAC-SHA256 and validated on every request. Failed authentication attempts are rate-limited per IP and per account.

Role-Based Access Control

Five hierarchical roles with granular permissions: Viewer, Operator, Approver, Admin, and Platform Admin. Nine permission scopes enforce tenant isolation. All permission checks are evaluated server-side before action dispatch.

API Key Scoping

API keys are scoped to specific capabilities (sovereign, read, write, admin). Keys are stored as irreversible SHA-256 hashes; the plaintext secret is returned exactly once at creation and never stored. Keys can be deactivated immediately.

Session Management

Active session tracking across devices with remote revocation capability. Device fingerprinting, IP tracking, and last-activity timestamps. Users can revoke all sessions or individual devices. Sessions auto-expire based on configurable inactivity timeouts.

🏗

Infrastructure

FPGA-compilable veto core (PolarFire SoC target) Three-Layer Trust Infrastructure Full tenant isolation

Hardware Enforcement

The safety-critical veto core is a pure deterministic function with zero I/O, zero threading, and zero global state -- computable by embedded firmware and suitable for compilation to Microchip PolarFire SoC FPGA. Today charter rules, cognitive locks, and drift budgets are enforced by this deterministic software core; FPGA/silicon enforcement is on the roadmap.

Three-Layer Trust Infrastructure

Physical isolation between the Pre-Execution Authority Resolution Layer (authority pack evaluation), Governed Inference Layer (LLM inference and action dispatch), and Cryptographic Authority Chain Layer (immutable authority record storage). No shared memory, no shared state. The Authority Resolution Layer can halt the Inference Layer, but never the reverse.

Tenant Isolation

Each organization receives fully isolated governance instances: separate Charter, Claims Ledger, Trust Dial, Action Registry, and Reality Anchor. Tenant state cannot leak across organizational boundaries. LRU eviction with disk persistence ensures horizontal scalability.

Zero-Trust Internals

Internal services authenticate via mutual TLS. No service trusts another by default. The veto core runs as a pure, deterministic function (suitable for formal verification). 15 immutable charter rules and 5 ethical red lines are frozen constants that cannot be modified at runtime.

The hardware veto core firmware API is defined in a 401-line C header (veto_interface.h) and validated by 87 determinism, equivalence, and purity tests.
📓

Audit & Logging

Hash-chained JSONL logs HMAC-SHA256 attestations 7+ year retention

Append-Only Logs

All governance decisions, charter checks, veto events, and operator actions are recorded in append-only JSONL files with SHA-256 hash chaining. Each entry contains the hash of the previous entry, making retroactive tampering computationally infeasible and immediately detectable.

Cryptographic Attestations

Governance decisions produce HMAC-SHA256 signed attestations that can be independently verified without access to EVE's internal state. Resilience certificates include content hash, signature, and timestamp for auditor verification via API.

Retention & Compliance

Audit trails are retained for a minimum of 7 years to satisfy financial services, healthcare, and regulatory compliance requirements. The immutable ledger layer uses PostgreSQL with write-ahead logging for crash recovery.

Governance Replay

Any historical governance decision can be replayed against the current rule set. Cross-system audit trails support correlation ID tracing across service boundaries. Export capabilities include CSV and JSON for external compliance tooling.

✓ Hash chain integrity verified continuously
governed decision · signed evidence record ✓ VERIFIED
decision_idDEC-00042
policylending_v1 · ECOA / Reg B
verdictBLOCK — adverse-action evidence required
content_hashsha256:3204f3d6…1ef0f3130
signatureed25519:4e542efc…a10250b02
Sample record · re-hash + Ed25519 re-verify, no EVE service required Verify a record offline →

Governance Pipeline

16-stage verification Prompt firewall & PII redaction CRD scoring & output watermarking

16-Stage Verification

Every AI action passes through a 16-stage Truth-Verifiable Execution (TVE) pipeline: classification, charter check, cognitive locks, confidence scoring, CRD evaluation, prompt firewall, PII redaction, hallucination detection, policy evaluation, action registry, drift budget, human escalation, attestation signing, output watermarking, audit logging, and delivery.

Prompt Firewall

Inbound prompts are screened for injection attacks, jailbreak attempts, and adversarial manipulation before reaching the LLM. The firewall screens inbound prompts against pre-compiled pattern sets for known injection and jailbreak vectors with sub-millisecond latency.

CRD Scoring

Confidence-Reality Divergence scoring quantifies the gap between model confidence and ground truth across domain-specific calibration profiles. Responses with CRD scores above threshold trigger automatic hedging, citation requests, or abstention.

Policy-as-Code

Governance rules are expressed as deterministic code, not configuration. 15 immutable charter rules enforce safety invariants. Custom rules can add restrictions but never weaken immutable principles. All policy changes pass through the bounded change-control governance chain.

Output watermarking embeds provenance metadata in every governed response, enabling downstream audit without requiring access to EVE's internal logs.
🛡

Adversarial Testing

AEGIS automated red team 21/21 internal red-team categories 292+ detection patterns

AEGIS Red Team Engine

Automated adversarial testing runs continuously against the governance pipeline. AEGIS generates novel attack vectors across 57 categories including prompt injection, data exfiltration, identity manipulation, context poisoning, and multi-turn social engineering chains.

Adversarial Immunity (Internal Testing)

In our structured internal red-team testing, EVE AI Core blocked all 21 of 21 tested attack categories, with no observed bypasses of the governance pipeline across those tests.

✓ 21/21 internal red-team categories

Detection Patterns

292+ compiled detection patterns cover prompt injection, data theft via conversational manipulation, IP exfiltration, authority impersonation, emotional manipulation, and cascading attack chains. Patterns are continuously expanded through adversarial research.

Continuous Hardening

Every adversarial finding is converted into a new detection pattern and regression test. The hardening cycle is automated: detect, classify, generate pattern, validate, deploy. Attack surface is measured and reported in each resilience certificate.

📋

Compliance Frameworks

EU AI Act readiness NIST AI RMF alignment ISO/IEC 42001 mapping

EU AI Act

EVE's governance architecture maps directly to EU AI Act requirements for high-risk AI systems: risk management (Article 9), data governance (Article 10), transparency and information provision (Article 13), human oversight (Article 14), and accuracy, robustness, and cybersecurity (Article 15).

NIST AI RMF

Aligned with the NIST AI Risk Management Framework across all four functions: Govern (charter-based policy), Map (risk classification and CRD scoring), Measure (resilience scoring and calibration), and Manage (human-in-the-loop escalation and remediation).

ISO/IEC 42001

Architecture and operational procedures map to ISO/IEC 42001 AI Management System requirements. The governance pipeline, audit trail, and bounded change-control provide auditable evidence for certification readiness.

Automated Compliance Reports

Generate on-demand compliance reports that map EVE's governance controls to specific regulatory articles and framework requirements. Reports include evidence chains, attestation references, and coverage analysis for audit preparation.

Compliance mapping documents are available under NDA. Contact security@eveaicore.com for access to detailed framework alignment reports.

Incident Response

Webhook alerts (Slack/Teams/PagerDuty) Circuit breaker auto-recovery Human-in-the-loop escalation

Real-Time Alerting

21 webhook event types deliver governance notifications to your existing incident management stack. Native integrations with Slack, Microsoft Teams, and PagerDuty. Events include charter vetoes, trust violations, drift alerts, explosion indicators, and emergency shutdowns.

Circuit Breaker Recovery

Per-provider and per-service circuit breakers automatically isolate failing components. States progress through closed (healthy), open (blocked), and half_open (testing recovery). Exponential backoff prevents cascade failures. The system fails safe -- degraded mode preserves governance integrity.

Human Escalation

10 escalation triggers monitor for conditions requiring human judgment: emotional volatility, high uncertainty, ethical ambiguity, identity threats, and conflicting directives. Escalations include urgency levels, recommended pause actions, and context packages for rapid human decision-making.

Emergency Shutdown

Multi-layer operator emergency stop. Bounded change-control continuously monitors governance health indicators and halts automatically if critical thresholds are crossed, with full rollback protection. Manual emergency stop is available to any authorized operator at any time.

Intellectual Property Protection

90 U.S. provisional patent applications filed and pending, with additional invention disclosures under review, covering the Three-Layer Trust Infrastructure, CRD scoring, FPGA-targetable veto design, and deterministic governance enforcement. Single-owner IP with no license fragmentation. Serial numbers 63/988,235 through 64/047,284.

Ready to evaluate EVE AI Core?

Our security team is available to walk through architecture details, compliance mappings, and deployment options for your environment.

Direct line: security@eveaicore.com