Security & Compliance
Self-hosted Rust binary, air-gap capable, zero egress. Daylite gates each agent tool-call against policy before it runs, then records what was requested, what policy decided, and what actually ran in an append-only, hash-chained, signed log you can verify offline.
Standards Alignment
The approach maps to NIST SP 800-53 controls, and tracks the direction of NIST's emerging Control Overlays for Securing AI Systems (the COSAiS work, NISTIR 8605 series). This is alignment for credibility, not a certification claim.
Daylite also supports regulatory profiles for DORA Article 12 logging and EU AI Act Annex VIII export. High-risk EU AI Act obligations phase in on timelines extended into 2027.
Identity & Audit Trail
SHA-256 Hash-Chain Audit: Append-only, HMAC-SHA-256 signed, tamper-evident. Every agent action records tenant, actor, timestamp, prior hash. Offline verification via /v1/audit/verify.
Per-Step Agent Identity (UUIDv7): Every tool call, state change, and policy decision attributed to a specific agent via time-sortable UUIDv7. Enables exact regulator reconstruction and forensic investigation under DORA Article 12.
Enterprise SSO (OIDC): Okta, Microsoft Entra ID, or any OpenID Connect provider. PKCE flow. HMAC-SHA-256 signed session cookies. No local password storage.
SCIM 2.0 Provisioning: RFC 7644 user and group management. Deprovision in your IdP and the user's API keys, sessions, and permissions revoke instantly. Zero stale access.
SIEM Integration: Splunk HEC in OCSF format. Batched delivery (100 events / 5s). HMAC-signed webhooks. MITRE ATT&CK event taxonomy. Forwards policy violations directly to Dragos, Nozomi, or Splunk OT.
mTLS: WebPkiClientVerifier with your internal CA. Required or optional client certificate modes. Zero-trust network access for agent-to-agent communication.
Runtime Enforcement at the Tool-Call Boundary
MCP Policy Gate: Every tools/call passes through secret scan, PII scan, classification ceiling, and per-tool policy before it runs. The verdict is allow, deny, or require human approval. A denied tool never executes, and it never appears in the agent's tool list.
WASM Sandbox Isolation: Tool handlers run in an isolated wasmtime sandbox with a memory cap and an epoch-based timeout. A compromised handler cannot reach the host, network, or other tenants.
Phantom Token Vault: Agents see UUIDs, not real API keys. Secrets swapped at the proxy edge. A prompt-injected agent cannot exfiltrate credentials.
5-Tier Data Classification: PUBLIC / INTERNAL / CONFIDENTIAL / CUI / SECRET. Classification determines routing: CONFIDENTIAL data routes to local models only. Enforced by the engine.
PII/PHI Auto-Redaction: SSNs, credit cards (Luhn-validated), emails, phone numbers detected and redacted before data reaches any external LLM or service. Configurable per vertical.
Outbound DLP Inspector: Every HTTP call from every connector passes through PII scan, secret scan, and classification check. CONFIDENTIAL data cannot leave the perimeter.
Architecture & Supply Chain
Single Rust Binary: Memory-safe, no Python, no Node.js, no runtime dependencies. cargo-deny enforces no ring, no native-tls, no GPL. RustSec advisory check on every PR.
Encryption: TLS 1.3 via rustls with aws-lc-rs provider. AES-256-GCM at rest with AAD=tenant_id. BYOK from environment, external KMS, or file. API keys stored as SHA-256 hashes.
CycloneDX SBOM: Software Bill of Materials generated in CI for every release. Deterministic dependency tree. Cosign-signed container images. Verifiable supply chain.
Durable Execution: Audit events survive container restarts via PostgreSQL checkpointing. Full Jitter backoff, dead letter queue, per-side-effect idempotency. No lost audit records.
Integration Patterns: OpenAI-compatible proxy and SDK for custom frameworks. Syslog / HTTPS forwarder to SIEMs such as Splunk (OCSF). Never a replacement, always a cryptographic overlay.
Security Contact
Penetration test executive summaries, evidence packages, CAIQ v4 responses, and compliance questionnaires available on request. Email security@daylite.ai. We respond within 24 hours. Vulnerability disclosure program forthcoming on /.well-known/security.txt.