Intelligence infrastructure must be as secure as the intelligence it carries.
MIOS is built for environments where security is not a feature — it is a precondition. Every architectural decision, from ingestion to storage to access, reflects this requirement.
Security architecture built for national-level deployments.
Sovereign by Default
Government deployments of MIOS operate within the client's jurisdiction. No intelligence data is routed through foreign infrastructure. Sovereign cloud and on-premise deployment options are available for all government contracts.
Zero Trust Access
Every access request — internal or external — is authenticated, authorized, and logged. No implicit trust based on network location. Role-based access controls govern all data access down to the record level.
End-to-End Encryption
All data in transit is encrypted with TLS 1.3. All data at rest uses AES-256 encryption. Intelligence briefing exports use client-specific key management. Encryption keys never leave the deployment jurisdiction.
Three deployment configurations for different security postures.
Sovereign Cloud
MIOS deployed on cloud infrastructure within the client's national jurisdiction. All data, processing, and model inference occurs within the sovereign boundary. Recommended for government and defence-adjacent deployments.
- Infrastructure within national jurisdiction
- No cross-border data transfer
- Client-managed encryption keys
- Dedicated tenancy, no shared infrastructure
- Compliant with national data protection frameworks
- MERDOT access requires explicit client authorization
Air-Gapped On-Premise
Fully isolated MIOS deployment on the client's own physical infrastructure. Zero network dependency for core intelligence functions. For environments with the highest security classifications.
- Deployed on client-owned hardware
- No internet dependency for core functions
- Periodic model and signature updates via secure channel
- Physical security controls at client discretion
- No telemetry or usage data leaves the environment
- Available for classified government environments
Managed Private Cloud
MIOS hosted on MERDOT's managed infrastructure with dedicated tenancy, enhanced access controls, and enterprise SLA. For enterprise and corporate intelligence deployments requiring maximum security without on-premise overhead.
- Dedicated cloud tenancy — no shared resources
- SOC 2 Type II compliant infrastructure
- Client-defined data residency options
- 99.9% uptime SLA with active incident response
- Quarterly security audits and penetration testing
- Full audit log export on request
Security controls across every system layer.
| Control Area | Measure | Standard |
|---|---|---|
| Data in Transit | TLS 1.3 enforcement across all connections | Mandatory |
| Data at Rest | AES-256 encryption for all stored data | Mandatory |
| Authentication | Multi-factor authentication for all operator accounts | Mandatory |
| Access Control | Role-based access with least-privilege enforcement | Mandatory |
| Audit Logging | Immutable audit trails for all data access events | Mandatory |
| Key Management | Client-managed keys for sovereign deployments | Default |
| Vulnerability Management | Continuous scanning + quarterly pen testing | Active |
| Incident Response | 24/7 security operations with defined SLA | Active |
OSIRIS AI operates within your security boundary.
The OSIRIS AI reasoning engine — including all model weights, inference infrastructure, and training pipelines — can be deployed entirely within the client's sovereign boundary. No intelligence data is sent to external AI providers or third-party model APIs.
OSIRIS does not use shared model infrastructure. Each institutional deployment maintains its own model instance. Training on client data (for customized models) occurs entirely within the deployment boundary.
For the highest-security deployments, OSIRIS operates in offline mode: models are pre-loaded and updated via secure channel, with no runtime external network calls required for intelligence generation.
Review our full security documentation.
Detailed technical security specifications, penetration testing summaries, compliance certifications, and deployment architecture documentation are available under NDA for qualified institutional evaluations.