Trust Center

Security & Compliance

Self-hosted Rust binary, air-gap capable, zero egress. Daylite gates each agent tool-call against policy before it runs, then records what was requested, what policy decided, and what actually ran in an append-only, hash-chained, signed log you can verify offline.

Standards Alignment

The approach maps to NIST SP 800-53 controls, and tracks the direction of NIST's emerging Control Overlays for Securing AI Systems (the COSAiS work, NISTIR 8605 series). This is alignment for credibility, not a certification claim.

NIST 800-53 Rev 5
Controls mapped across AC (access and information-flow enforcement, AC-3 and AC-4), AU (audit protection and non-repudiation, AU-9 and AU-10), SC (cryptographic protection), and SI (input validation and integrity). Mapping queryable at /v1/compliance/nist-800-53.
FIPS 140-3 (library-validated)
Daylite runs its cryptography through AWS-LC, a FIPS 140-3 validated cryptographic library. Daylite itself is not CMVP product-certified. Commercial enterprise procurement under SOC 2, HIPAA, and DORA accepts library-level validation. FedRAMP High requires product-level CMVP, which is on the roadmap.
SOC 2
In progress with Drata. Not yet certified, and we do not claim it is. Evidence packages available on request. Email security@daylite.ai.
Self-Hosted / Air-Gap
Single Rust binary in your VPC, bare-metal server, or air-gapped network. No telemetry, no cloud dependency, zero egress. Data stays in your environment, outside the reach of cloud-provider jurisdiction. Docker ships today; a Helm chart is on the roadmap.

Daylite also supports regulatory profiles for DORA Article 12 logging and EU AI Act Annex VIII export. High-risk EU AI Act obligations phase in on timelines extended into 2027.

Identity & Audit Trail

SHA-256 Hash-Chain Audit: Append-only, HMAC-SHA-256 signed, tamper-evident. Every agent action records tenant, actor, timestamp, prior hash. Offline verification via /v1/audit/verify.

Per-Step Agent Identity (UUIDv7): Every tool call, state change, and policy decision attributed to a specific agent via time-sortable UUIDv7. Enables exact regulator reconstruction and forensic investigation under DORA Article 12.

Enterprise SSO (OIDC): Okta, Microsoft Entra ID, or any OpenID Connect provider. PKCE flow. HMAC-SHA-256 signed session cookies. No local password storage.

SCIM 2.0 Provisioning: RFC 7644 user and group management. Deprovision in your IdP and the user's API keys, sessions, and permissions revoke instantly. Zero stale access.

SIEM Integration: Splunk HEC in OCSF format. Batched delivery (100 events / 5s). HMAC-signed webhooks. MITRE ATT&CK event taxonomy. Forwards policy violations directly to Dragos, Nozomi, or Splunk OT.

mTLS: WebPkiClientVerifier with your internal CA. Required or optional client certificate modes. Zero-trust network access for agent-to-agent communication.

Runtime Enforcement at the Tool-Call Boundary

MCP Policy Gate: Every tools/call passes through secret scan, PII scan, classification ceiling, and per-tool policy before it runs. The verdict is allow, deny, or require human approval. A denied tool never executes, and it never appears in the agent's tool list.

WASM Sandbox Isolation: Tool handlers run in an isolated wasmtime sandbox with a memory cap and an epoch-based timeout. A compromised handler cannot reach the host, network, or other tenants.

Phantom Token Vault: Agents see UUIDs, not real API keys. Secrets swapped at the proxy edge. A prompt-injected agent cannot exfiltrate credentials.

5-Tier Data Classification: PUBLIC / INTERNAL / CONFIDENTIAL / CUI / SECRET. Classification determines routing: CONFIDENTIAL data routes to local models only. Enforced by the engine.

PII/PHI Auto-Redaction: SSNs, credit cards (Luhn-validated), emails, phone numbers detected and redacted before data reaches any external LLM or service. Configurable per vertical.

Outbound DLP Inspector: Every HTTP call from every connector passes through PII scan, secret scan, and classification check. CONFIDENTIAL data cannot leave the perimeter.

Architecture & Supply Chain

Single Rust Binary: Memory-safe, no Python, no Node.js, no runtime dependencies. cargo-deny enforces no ring, no native-tls, no GPL. RustSec advisory check on every PR.

Encryption: TLS 1.3 via rustls with aws-lc-rs provider. AES-256-GCM at rest with AAD=tenant_id. BYOK from environment, external KMS, or file. API keys stored as SHA-256 hashes.

CycloneDX SBOM: Software Bill of Materials generated in CI for every release. Deterministic dependency tree. Cosign-signed container images. Verifiable supply chain.

Durable Execution: Audit events survive container restarts via PostgreSQL checkpointing. Full Jitter backoff, dead letter queue, per-side-effect idempotency. No lost audit records.

Integration Patterns: OpenAI-compatible proxy and SDK for custom frameworks. Syslog / HTTPS forwarder to SIEMs such as Splunk (OCSF). Never a replacement, always a cryptographic overlay.

Security Contact

Penetration test executive summaries, evidence packages, CAIQ v4 responses, and compliance questionnaires available on request. Email security@daylite.ai. We respond within 24 hours. Vulnerability disclosure program forthcoming on /.well-known/security.txt.