Trust Center

Security & Compliance

Self-hosted Rust binary. Zero egress. Built on FIPS 140-3 validated cryptography via AWS-LC. Every AI agent action cryptographically signed and recorded in a tamper-evident hash-chain.

Compliance & Regulatory Frameworks

NERC CIP-015-1
FERC Order 907 internal network security monitoring profile. Application-layer cryptographic evidence of AI agent actions inside the Electronic Security Perimeter. Enforcement deadline September 2, 2028.
DORA Article 12
Tamper-evident logging profile for EU financial entities. Append-only hash-chain with Merkle tree aggregation. Register of Information format support. Enforced since January 2025.
FINMA 08/2024
Swiss Financial Market Supervisory Authority AI governance guidance. Explainability and traceability controls implemented in the audit chain. Compatible with Swiss Banking Act Article 47 data sovereignty requirements.
EU AI Act Annex VIII
Article 12 automatic logging for high-risk AI systems. Annex VIII registration export endpoint. Article 14 human oversight metadata. Enforcement August 2, 2026.
FIPS 140-3 (library-validated)
Daylite is built on AWS-LC, which holds NIST CMVP Certificate #4816. Daylite itself is not product-certified — we inherit the library validation. This satisfies SOC 2, HIPAA, FINMA, DORA, and commercial enterprise procurement. FedRAMP High requires product-level CMVP (roadmap post-Series A).
NIST 800-53 Rev 5
20 controls mapped across AU (audit), SC (systems and communications protection), AC (access control), and SI (system integrity) families. Control mapping queryable at /v1/compliance/nist-800-53.
SOC 2 Type II
Audit in progress with CPA-grade attestation partner. Evidence packages and SOC 2 bridge letter available on request. Target completion Q3 2026. Email security@daylite.ai.
Self-Hosted / Air-Gap
Single Rust binary in your VPC, bare-metal server, or air-gapped OT network. No telemetry. No cloud dependency. Zero egress. Deploys via Docker, Helm, or Zarf. CLOUD Act and FISA 702 immune by architecture.

Identity & Audit Trail

SHA-256 Hash-Chain Audit — Append-only, HMAC-SHA-256 signed, tamper-evident. Every agent action records tenant, actor, timestamp, prior hash. Merkle tree aggregation every 10 seconds. Offline verification via /v1/audit/verify.

Per-Step Agent Identity (UUIDv7) — Every tool call, state change, and policy decision attributed to a specific agent via time-sortable UUIDv7. Enables exact regulator reconstruction under FINMA 08/2024 explainability and NERC CIP forensic investigation.

Enterprise SSO (OIDC) — Okta, Microsoft Entra ID, or any OpenID Connect provider. PKCE flow. HMAC-SHA-256 signed session cookies. No local password storage.

SCIM 2.0 Provisioning — RFC 7644 user and group management. Deprovision in your IdP and the user's API keys, sessions, and permissions revoke instantly. Zero stale access.

SIEM Integration — Splunk HEC in OCSF format. Batched delivery (100 events / 5s). HMAC-signed webhooks. MITRE ATT&CK event taxonomy. Forwards policy violations directly to Dragos, Nozomi, or Splunk OT.

mTLS — WebPkiClientVerifier with your internal CA. Required or optional client certificate modes. Zero-trust network access for agent-to-agent communication.

Agent Execution Controls

WASM Sandbox Isolation — Every tool handler runs in an isolated wasmtime sandbox. 32MB memory cap, epoch-based timeout. A compromised agent cannot reach the host, network, or other tenants. Mitigates MCP Inspector RCE class of vulnerabilities.

MCP 5-Step Policy Engine — Every tools/call passes through: secret scan → PII scan → classification ceiling → tool policy → cryptographic sign. Denied tools hidden from agent tool lists entirely.

Phantom Token Vault — Agents see UUIDs, not real API keys. Secrets swapped at the proxy edge. A prompt-injected agent cannot exfiltrate credentials.

5-Tier Data Classification — PUBLIC / INTERNAL / CONFIDENTIAL / CUI / SECRET. Classification determines routing: CONFIDENTIAL data routes to local models only. Enforced by the engine.

PII/PHI Auto-Redaction — SSNs, credit cards (Luhn-validated), emails, phone numbers detected and redacted before data reaches any external LLM or service. Configurable per vertical.

Outbound DLP Inspector — Every HTTP call from every connector passes through PII scan, secret scan, and classification check. CONFIDENTIAL data cannot leave the perimeter.

Architecture & Supply Chain

Single Rust Binary — Memory-safe, no Python, no Node.js, no runtime dependencies. 500+ tests, zero clippy warnings. cargo-deny enforces: no ring, no native-tls, no GPL. RustSec advisory check on every PR.

Encryption — TLS 1.3 via rustls with aws-lc-rs provider. AES-256-GCM at rest with AAD=tenant_id. BYOK from environment, external KMS, or file. API keys stored as SHA-256 hashes.

CycloneDX SBOM — Software Bill of Materials generated in CI for every release. Deterministic dependency tree. Cosign-signed container images. Verifiable supply chain.

Durable Execution — Audit events survive container restarts via PostgreSQL checkpointing. Full Jitter backoff, dead letter queue, per-side-effect idempotency. No lost audit records.

Integration Patterns — SDK for LangGraph, AutoGen, kagent, or custom frameworks. WASM filter for Solo.io agentgateway, Tetrate Agent Router, Istio. Syslog / HTTPS forwarder for Dragos, Nozomi, Splunk OT SIEMs. Never a replacement — always a cryptographic overlay.

Security Contact

Penetration test executive summaries, evidence packages, CAIQ v4 responses, and compliance questionnaires available on request. Email security@daylite.ai. We respond within 24 hours. Vulnerability disclosure program forthcoming on /.well-known/security.txt.