Aegis 365
Executive Overview
Aegis 365 is an intelligent, eight-layer AI Trust Mesh that intercepts all prompts flowing from enterprise users to external Large Language Model (LLM) services. It detects, filters, anonymises, and governs sensitive data — including PII, PHI, source code, and trade secrets — before it ever leaves the organisation. It then re-hydrates the AI's response locally, so the end user receives a seamless experience while the enterprise maintains zero-knowledge data sovereignty.
Mission Statement: Aegis 365 ensures that even if an AI agent goes rogue, an administrator turns traitor, or the cloud is compromised by a nation-state actor, the data remains a secret. Aegis 365 protects the Intelligence Layer. The customer protects the Physical Layer.
Product Positioning
| Dimension | Standard Firewall | Aegis 365 AI Trust Mesh |
|---|---|---|
| Data Handling | Simple redaction (black bars) | Format-preserving encryption — maintains data structure |
| Filtering | Pattern matching (RegEx) | Semantic understanding — knows why it is sensitive |
| Feedback | Request blocked | Real-time developer coaching — suggests safer prompt logic |
| Architecture | Proxy-based | Zero-knowledge sidecar — no plaintext touches servers |
| Agent Support | None | Full agentic governance — stateful behavioural tracking |
| Threat Model | Single-prompt inspection | Temporal mosaic detection across entire session chains |
Target Market
| Attribute | Detail |
|---|---|
| Primary Buyer | CISO, Chief Privacy Officer, AI Governance Officer |
| Enterprise Size | 1,000 to 50,000+ employees |
| Primary Industries | Financial Services, Healthcare/BioPharma, Legal, Defense, Technology |
| Deployment Phase 1 | Azure Cloud (SaaS, Cloud-Dedicated, Hybrid Sidecar) |
| Deployment Phase 2 | On-Premise and Air-Gapped |
The Eight-Layer Trust Mesh
Aegis 365 is architected as an Active Privacy Orchestration platform. Unlike passive firewalls that inspect individual prompts, Aegis 365 maintains stateful context across agent sessions, semantically analyses intent, and enforces data sovereignty in real time.
Prompt → L0 → L1 → L2 → L3 → L4 → LLM → L4 → L5 → L6 → L7 → Response
│ │ │ │ │ │ │ │ │
Behaviour Intent PII/ Anon- Re- Geo- Proof Cache
Guardrail Shield PHI ymiser hydration route Notary Opt.
Layer 0 — Behavioural Guardrail (The Shield)
Layer 0 is the foundational enforcement point where an AI agent's intent becomes a real-world action. Unlike traditional firewalls that inspect text, L0 governs Agentic Intent and Operational Authority across all agent types — internal, third-party, and hybrid.
Key capabilities:
- Agent-agnostic interception — intercepts actions from any AI source: internal builds, OpenAI Assistants, Claude, or hybrid agents. Eliminates Shadow AI blind spots.
- Least-privilege enforcement — AI agents operate with minimum access required for a specific task. Minimises blast radius of a compromised agent.
- Action taxonomy — admins define and extend what constitutes a high-risk action. The taxonomy is dynamic and enterprise-extensible.
| Category | Examples | Risk | Default |
|---|---|---|---|
| A — Data Actions | Reading, writing, exporting, deleting files/databases | High | |
| B — Communication | Sending emails, Slack messages, calendar invites | Medium | |
| C — System Actions | Executing code, running scripts, calling internal APIs | High | |
| D — External Actions | Calling third-party APIs, web browsing, form submissions | High | |
| E — Financial Actions | Triggering payments, purchase orders, budget approvals | Critical | |
| F — Identity Actions | Impersonating users, escalating privileges, creating accounts | Critical | |
| G — Replication Actions | Copying agents, spawning sub-agents, chaining to other AI systems | Critical | |
| H — Inference Actions | Aggregating individually harmless data into sensitive patterns | High |
Stateful context engine:
- In-memory Redis-backed session state tracking parent-child agent relationships
- Sliding-window algorithm detects drip-feed sensitive data requests (Inference Attack / Mosaic Effect)
- Security-aware TTL: Low = 1 hour, Medium = 24 hours, High = 30 days, Critical = Indefinite freeze
- Background state-siphon process analyses Tier 1 cache for temporal aggregation patterns without introducing live response latency
Human-in-the-Loop (HITL) approval routing:
| Action Category | Default Approver | Timeout | On Timeout |
|---|---|---|---|
| Standard operational | Self (initiating employee) | 10 min | Auto-reject |
| Sensitive internal data | Direct Manager | 10 min | Auto-reject |
| Financial | Finance / Budget Owner | 5 min | Park and auto-reject |
| Data / Export | DPO or Security Team | 5 min | Park and auto-reject |
| System / API / Infra | DevOps / IT Admin | 5 min | Park and auto-reject |
| Policy / Permission change | AI Governance Officer / SOC | 5 min | Freeze and escalate |
Fail-closed protocol: If L0 analysis exceeds 200ms, the action is blocked by default — preventing latency bypass attacks. If Tier 1 hot cache is unavailable, all active agent sessions are paused until state integrity is restored.
Layer 1 — Intent Shield (The Inspector)
Layer 1 governs what the user or agent is trying to make the AI think. It applies semantic analysis to every prompt regardless of source, using a local Small Language Model (SLM) to detect adversarial intent before any data is inspected.
Confidence-scored behavioural contract:
| Confidence Level | Classification | L1 Action |
|---|---|---|
| High confidence — malicious | Confirmed attack | Hard block, log, notify SOC |
| Medium confidence — suspicious | Ambiguous intent | Surgical correction — strip adversarial fragment, pass clean intent |
| Low confidence — unclear | Borderline | Pass through with warning flag appended to prompt context |
Role-based transparency model:
| User Profile | Transparency Level | Notification Behaviour |
|---|---|---|
| Standard employee / High-risk flagged | Silent | Prompt corrected, generic safe response — attacker cannot distinguish blocked from unhelpful |
| Trusted employee / Developer | Educational Nudge | "Aegis 365 optimised your prompt for privacy" — no specifics revealed |
| Admin / AI Governance Officer | Full Transparency | Complete diff view — detected, stripped, passed content with confidence score |
Source-agnostic semantic normalisation: L1 treats every prompt with equal scrutiny regardless of origin. The Semantic Normalisation Engine strips all formatting, encoding, and transport context before SLM analysis.
Aegis Collective Intelligence (ACI) — a continuously updated SLM model with:
- Global Threat Model — centrally maintained from anonymised attack signals across all deployments
- Local Enterprise Brain — per-deployment fine-tuning; enterprises flag false positives to build proprietary contextual model
- Shadow Update Protocol — only gradient signals or anonymised mathematical attack patterns transmitted; zero plaintext leaves enterprise
- Dark Mode — defence/government deployments receive global updates but contribute no signals back
Layer 2 — Inspector
Layer 2 answers the question: what is in this prompt? It identifies and classifies every piece of sensitive data using a three-engine consensus model, providing Static Context tiles that L0 uses for Mosaic Effect (temporal) detection.
Sensitivity taxonomy:
| Category | Examples | Sensitivity | Governing Framework |
|---|---|---|---|
| PII | Name, email, SSN, passport, biometrics | High | GDPR, CCPA |
| PHI | Medical records, diagnoses, prescriptions | High | HIPAA |
| Financial | Credit cards, bank accounts, transaction data | High | PCI-DSS |
| Credentials | API keys, passwords, OAuth tokens, certificates | Critical | — |
| Source Code | Proprietary algorithms, internal repositories | Critical | — |
| Trade Secrets | Formulas, pricing strategies, M&A data | Critical | — |
Industry extension modules:
| Module | Data Categories | Primary Regulation |
|---|---|---|
| Defense and Government | CUI, ITAR/EAR specs, clearance-level markers | ITAR, EAR, NIST 800-171 |
| Legal and M&A | Attorney-client privilege, litigation details, deal codenames | Legal privilege doctrine |
| BioPharma | Molecular structures, clinical trial results, compound IDs | FDA, EMA, IP law |
| FinServ | SWIFT codes, non-public earnings, internal risk models | Banking secrecy, SEC |
Aegis Private Semantic Map: Enterprises upload internal project names, codenames, and proprietary terminology. The L2 SLM builds a client-specific sensitivity index — never shared with the global model. Terms are matched semantically, not literally. Each tenant's map is cryptographically isolated.
Consensus engine — dynamic escalation protocol:
| Path | Trigger | Resolution |
|---|---|---|
| Fast Path | Regex and NER agree | Immediate processing, no escalation |
| Conflict Path | Regex and NER disagree | Local SLM invoked as semantic tiebreaker |
| Override Path | Enterprise configures category-specific rule | Admin-defined tiebreaker overrides default |
Layer 3 — Anonymizer (The Mask)
Layer 3 replaces every sensitive element with a synthetic equivalent — without breaking the prompt's meaning or structure for the downstream LLM.
Anonymisation depth levels:
| Level | Method | Trigger | AI Utility |
|---|---|---|---|
| Level 1 — Redaction | Full removal with type marker: [API_KEY_REDACTED] |
Credentials, source code, critical secrets | Low — intentional context break |
| Level 2 — Typed Tokenisation | Structure-preserving synthetic token: [USER_1]@[DOMAIN_1].com |
Corporate, HR, internal identifiers | Medium — maintains grammar |
| Level 3 — Synthetic Plausibility | Context-aware synthetic data generation | PHI, clinical records, BioPharma R&D | High — maintains reasoning capability |
Secure State Map (shared L3/L4 architecture):
- Single interface layer controls read/write — L3 writes outbound mappings, L4 reads inbound mappings
- Once assigned, mapping is immutable for the duration of session TTL
- Same real-world entity receives same token across multiple prompts within TTL window
- Cryptographically isolated per tenant — no map bleed across enterprise boundaries
Triple-guard re-identification protection:
- Pre-emptive collision risk — L3 evaluates every token combination for unique re-identification potential. High Re-ID Risk triggers automatic token generalisation.
- Entity cluster SDG — when prompt contains multiple sensitive entities in relational context, Level 3 Synthetic Data Generation is mandatory.
- Post-inference redaction — L4 scans all LLM responses for inference markers ("This seems to be...", "I assume...") and intercepts de-masking attempts.
Layer 4 — Hydration Brain
Layer 4 makes Aegis 365 invisible to the end user. It intercepts the LLM's response, re-hydrates synthetic tokens back to real values locally, and delivers a seamless answer — all before the user sees a single character. Re-hydrated values exist only in the ephemeral UI render layer and are never written to persistent storage.
Re-hydration decision hierarchy:
- Hard Mask — never re-hydrate admin-defined categories (SSNs, PHI, Critical credentials)
- Role Clearance Check — clearance-first gate; L4 queries L0 Auth to verify user's clearance
- User-Origin Priority — tokens the user themselves introduced are always re-hydrated first
- Policy Overlay — admin-configured department-level or role-level masks
- Full Re-hydration — never the global default; explicit admin setting only
Mask-on-Hover UI:
- High-sensitivity tokens rendered as masked token
[USER_88]in all UI contexts - Real value displayed only on deliberate hover action — requires clearance validation at moment of hover
- Every successful hover-reveal logged in L6 as a discrete data access event
- Screen-share protection: mask-on-hover is default for all roles
Self-healing state-pulse check:
- Before every prompt leaves L3, L4 verifies all active token TTLs exceed expected LLM response latency plus safety buffer
- Tokens approaching TTL expiry receive automatic lease extension — logged in L6
- If state-pulse check fails, session is paused and user notified before prompt is dispatched to LLM
Layer 5 — Sovereignty Border (The Border)
Layer 5 ensures every prompt reaches only the LLM endpoints that are legally permitted to receive it — based on data classification, user location, enterprise jurisdiction, and applicable regulatory framework.
Sovereignty precedence framework:
| Priority | Variable | Rationale |
|---|---|---|
| 1 — Legal Mandate | Applicable law of data subject's jurisdiction | Non-negotiable — no enterprise policy overrides hard legal prohibition |
| 2 — Data Classification | L2 sensitivity classification drives permitted regions | PHI, Financial, Defense data carries inherent jurisdictional constraints |
| 3 — Enterprise Policy | CISO/Legal-defined configuration | Enterprise liability decisions |
| 4 — User Location | Employee's physical or registered jurisdiction | Applies when data classification has no harder constraint |
| 5 — Enterprise Incorporation | Country of corporate registration | Lowest default priority |
Critical continuity modes:
| Mode | Action | Best For |
|---|---|---|
| Mode A — Strict Block | Fail-closed. Request rejected immediately | Banking, Defense, High-PII |
| Mode B — Sovereignty Queuing | Encrypted prompt held in cold storage with sovereignty lock | Non-urgent agentic workflows |
| Mode C — Break Glass | Request routed to on-premise or private VPC local SLM | Business-critical workflows |
Aegis Compliance Registry: Continuously maintained covering GDPR, HIPAA, CCPA, Swiss banking law, ITAR, UK GDPR, PDPA, and extensible for new jurisdictions. Registry updates are pushed automatically to all deployments. Enterprises may delay but not permanently block compliance updates.
Layer 6 — Proof Notary
Layer 6 transforms Aegis 365 from a security tool into a legally defensible compliance instrument. By default, L6 stores only cryptographic hashes and Zero-Knowledge Proofs — never plaintext.
Three-artifact tiered disclosure model:
| Artifact | Contents | Access Method |
|---|---|---|
| Compliance Certificate | ZKP — verifiable proof of masking, routing, policy enforcement | Public verification endpoint — no decryption |
| Operational Metadata Log | Timestamps, risk scores, data type intercepted, anomaly tags | CISO dashboard — role-gated, real-time |
| Sealed Evidence Package | Dual-key encrypted full reconstruction | Break Glass Protocol — dual key required |
Break Glass Protocol (eight-step sequence):
- Legal officer submits formal access request with case reference
- Dual key authorisation — Legal key holder and CISO key holder authenticate within 15-minute window
- Scope definition — access scoped to specific session IDs or time range
- Meta-Log generation — immutably records who requested, who authorised, what scope, what time
- Meta-Log distribution — real-time notification to Board-designated compliance officer and external partner
- Timed access window — configurable window (default 4 hours), then automatically re-sealed
- Access audit — every action during window logged
- Post-access report — automated report distributed to all key holders
Litigation Hold: Legal teams may flag specific sessions for indefinite hold, suspending TTL expiry on associated Vault entries until released by dual-key authorisation.
Layer 7 — Semantic Optimiser
Layer 7 makes Aegis 365 economically compelling. It recognises semantically equivalent prompts and serves cached, pre-filtered answers — reducing LLM costs by 30-40% and cutting response time to milliseconds.
Cache architecture principle: Intelligence is cached. Visibility is computed in real time. The cache never stores clearance-specific or re-hydrated responses — only anonymised LLM output in token form.
Tiered cache ownership:
| Classification | Cache Scope | Sharing Boundary | TTL |
|---|---|---|---|
| Low / Public | Enterprise-wide | All authenticated users | 24 hours |
| Medium / Proprietary | Departmental | Cryptographically enforced boundaries | 4 hours |
| High / Restricted | Per-user private | Single user only | 1 hour |
| Critical / PII / PHI / Financial | No cache — bypass | N/A | Every request fresh |
Performance contract:
| Operation | Maximum Latency |
|---|---|
| Semantic hash computation | 10ms |
| Vector distance comparison | 20ms |
| Cache retrieval | 15ms |
| L4 re-hydration on cache hit | 50ms |
| Total cache hit response time | Under 100ms |
| Full LLM round-trip baseline | 2,000ms — 8,000ms |
| Minimum latency improvement | 20x faster |
Inference attack detection: When vector distance is close but semantic intent has shifted toward data aggregation, cache hit is intentionally suppressed. Mosaic tile detection cross-references new prompt against L0 Stateful Context Store.
System-Wide Architecture
Performance: The 450ms Sprint
Research shows 500ms is the perceptual threshold where users feel delay is system-induced. Aegis 365 targets 450ms total overhead — protection feels like a natural pause.
| Segment | Layers | Budget | Execution Mode | Primary Activity |
|---|---|---|---|---|
| Inbound Gateway | L0, L5, L7 | 50ms | Parallel | Action check, sovereignty routing, cache lookup |
| Semantic Inbound | L1, L2 | 150ms | Parallel | SLM intent check and PII classification |
| Data Transformation | L3 | 100ms | Sequential (after L1/L2) | Anonymisation and Secure State Map write |
| Return Path | L4, L6 | 150ms | Streaming | Token re-hydration and ZKP generation |
| Total | L0-L7 | 450ms |
Latency Profiles
| Mode | Latency Tolerance | Processing Strategy | Security Depth |
|---|---|---|---|
| Human interactive | 450ms hard ceiling | Stream processing — L4 re-hydrates as tokens arrive | Optimised |
| Agentic background | 2,000ms — 5,000ms | Batch processing — full response assembled | Maximum — deeper SLM, full re-ID scan |
Scalability
| Metric | Target |
|---|---|
| Concurrent sessions per cell | 5,000 — zero degradation |
| Burst capacity per cell | 500 RPS |
| Maximum concurrent users (multi-cell) | 50,000+ |
| Cell sizing unit | 1 cell per 5,000 users |
| Storage backend | Redis (Hot Cache) + DynamoDB (Cold/Audit) |
Graceful Security Degradation
| Load Level | Threshold | Strategy | Action |
|---|---|---|---|
| Normal | Below 80% | Full Depth | All eight layers active — deep SLM inference |
| High | 80% — 95% | Selective Bypassing | L7 bypassed; L1/L2 switch to high-speed regex |
| Critical | Above 95% | Priority Load Shedding | Low-priority deferred; PII/Financial NEVER degraded |
Security & Threat Model
Responsibility Boundary
| Domain | Owner | Scope |
|---|---|---|
| Intelligence Layer | Aegis 365 | Semantic integrity, agent governance, data anonymisation, compliant routing, audit proofs |
| Physical Layer | Customer | Hardware security, endpoint protection, network encryption, TLS/VPN |
| Nation-State Final Stand | Both | Aegis 365 provides zero-knowledge architecture and air-gap fallback; customer provides private infrastructure |
Distributed Trust Architecture — Rogue Admin Controls
| Control Mechanism | Description |
|---|---|
| MPC Key Splitting | Shamir's Secret Sharing — master decryption keys split across CISO, Legal Counsel, and third-party HSM. Minimum two of three required to reconstruct. |
| Policy Immutability | Global Floor policies require Dual Hardware Token approval — two separate physical tokens, two separate individuals. Single-admin modification triggers immediate SOC alert. |
| No-Single-Admin Plaintext | Even Global Admin sees L2-classified metadata only. Plaintext access generates undeletable High-Value Access alert. |
| HSM Requirement | Third-party HSM physically separate from enterprise infrastructure — cannot be hosted on same network as Aegis 365 deployment. |
Deployment Models
| Model | Description | Primary Buyer |
|---|---|---|
| Cloud-Managed SaaS | Multi-tenant Azure infrastructure — cryptographic tenant isolation | SME, startups, low-sensitivity workloads |
| Cloud-Dedicated | Single-tenant, BYOK, dedicated compute — managed in enterprise Azure tenant | Mid-market enterprises |
| Hybrid Sidecar | Privacy pipeline on-premise, cloud for non-sensitive ops and ACI | Banks, Pharma, Tech — lead offering |
| On-Premise | Full stack in enterprise data center — enterprise-operated | Regulated industries |
| Air-Gapped | Fully disconnected — no cloud dependency | Defense, Government, sovereign nations |
Hybrid Sidecar layer split (Data Gravity Rule): Sensitive data must never leave the enterprise perimeter in plaintext.
| Environment | Layers | Reason |
|---|---|---|
| On-Premise Sidecar (Mandatory) | L0, L1, L2, L3, L4 | Raw prompt content and real values must never leave enterprise boundary |
| Cloud-Managed Hub (Permissible) | L5, L6, L7, ACI | Operate on metadata, anonymised tokens, cryptographic proofs only |
Integrations
LLM Connector Architecture
| Tier | Type | Target |
|---|---|---|
| Tier 1 | Native Connectors | OpenAI, Anthropic, Google Gemini, Azure OpenAI, AWS Bedrock |
| Tier 2 | Universal Adapter | Llama, Mistral, custom enterprise models, open-source LLMs |
| Tier 3 | OpenAI-Compatible Gateway | LangChain, AutoGPT, LlamaIndex, CrewAI, Microsoft Semantic Kernel |
Drop-In Deployment: Aegis 365 exposes an OpenAI-compatible endpoint. The enterprise changes their BASE_URL environment variable and their entire AI stack is instantly secured — zero code modifications required.
Enterprise Identity Integration
| Identity System | Protocol |
|---|---|
| Azure Active Directory | OIDC, SAML 2.0 |
| Okta | OIDC, SAML 2.0 |
| Active Directory on-prem | Kerberos, LDAP |
| Google Workspace | OIDC |
| SCIM 2.0 | Automated user lifecycle |
SIEM Integration and SOAR Orchestration
| Layer | Event Type | Delivery Mode | Priority |
|---|---|---|---|
| L0 / L1 | Adversarial intent, blocked action, replication attempt | Real-time push — Syslog CEF/LEEF | Critical |
| L2 / L3 | PII detection, anonymisation event, re-identification risk | Real-time push | High |
| L4 | Re-hydration failure, map corruption, inference block | Real-time push | High |
| L5 / L6 | Sovereignty routing, audit heartbeat, Break Glass event | Scheduled pull | Medium |
Aegis 365 receives inbound commands from SOAR platforms (Microsoft Sentinel, Splunk SOAR, Palo Alto XSOAR). Example: Sentinel detects compromised user externally → sends freeze command → all active AI agent sessions for that user are hard-frozen within 500ms.
Compliance & Certification Roadmap
| Timeline | Milestone | Market Access |
|---|---|---|
| Month 0-3 | SOC2 Type I + ISO 27001 + Bridge Letter | Early adopters, tech startups, POC |
| Month 4-9 | SOC2 Type II + FedRAMP Ready + StateRAMP + HIPAA + GDPR Art. 28 | Mid-market, global, healthcare, EU |
| Month 10-18 | ISO 42001 + BSI C5 + IRAP + PCI-DSS + ISO 27701 | Global strategic accounts, FinServ |
| Month 18+ | Full FedRAMP ATO + ITAR + ENS + TX-RAMP | US Federal, defense, Spanish public sector |
Admin Role Hierarchy
| Role | Scope | Can Configure | Cannot Do |
|---|---|---|---|
| Global Admin — CISO | Entire deployment | Global Floor policies, deployment topology, certification posture | View plaintext without MPC quorum |
| AI Governance Officer | Policy and anomaly | Layer policies, sensitivity thresholds, SLM fine-tuning approval | Access plaintext, modify infrastructure |
| Legal Counsel | Audit and evidence only | Litigation Hold flags | Modify policies, view operational metadata |
| Department Admin | Department scope | Department cache, sensitivity overrides within global ceiling | Access other departments, view prompt content |
| SOC Analyst | Security events only | Alert thresholds, SOAR playbooks | Modify policies, access audit logs |
| Developer | Integration and testing | API keys, connector configuration, sandbox environment | Access production data, modify security policies |
| Read-Only Auditor | Compliance evidence | Nothing | Modify anything, access operational data |
Use Cases
Enterprise AI Governance
A global financial institution deploys Aegis 365 across 20,000 employees using LLMs for customer support, compliance analysis, and code generation. Every prompt is inspected by all eight layers. Customer PII is anonymised before reaching OpenAI via Level 3 synthetic generation. Source code from the engineering team is redacted via Level 1. Non-compliant geo-routing requests are blocked at Layer 5. The CISO has full audit trail via Layer 6 compliance certificates.
Rogue Agent Containment
An AI agent compromised through indirect prompt injection attempts to exfiltrate internal pricing data by drip-feeding queries across multiple sessions. Layer 0's temporal mosaic detection identifies the pattern, Layer 1's Intent Shield flags the adversarial behaviour, and the session is frozen. The SOC receives a real-time alert via SIEM integration.
Multi-National Compliance
A pharmaceutical company operates across EU, US, and APAC regions. Aegis 365's Sovereignty Border (Layer 5) ensures patient data from EU clinical trials is routed only to GDPR-compliant endpoints within the EU. US operational data routes to US regions. Any cross-border data movement is logged immutably in Layer 6.
FAQ
Q: Does Aegis 365 require modifying application code?
A: No. Aegis 365 exposes an OpenAI-compatible endpoint. Change your BASE_URL and the entire AI stack is instantly secured — zero code modifications required.
Q: What latency does Aegis 365 add?
A: The total target overhead is 450ms — designed to feel like a natural pause in the AI's thought process. Cache hits return in under 100ms (20x faster than a fresh LLM call).
Q: Can an admin bypass Aegis 365?
A: No single admin can. The Distributed Trust Architecture uses MPC key splitting (Shamir's Secret Sharing) requiring two of three key holders (CISO, Legal Counsel, third-party HSM). Policy changes require dual hardware token approval.
Q: How is the ACI SLM updated without leaking data?
A: The Shadow Update Protocol transmits only gradient signals or anonymised mathematical attack patterns — zero plaintext leaves the enterprise. Dark Mode deployments receive updates but contribute no signals.
Q: What happens if Aegis 365 fails?
A: Fail-closed by design. If L0 analysis exceeds 200ms, the action is blocked. If the hot cache is unavailable, sessions are paused. If sovereignty endpoints are unreachable, traffic is severed at the gateway. Better zero AI productivity than AI agents running blind without the Trust Mesh.
Q: What is the difference between Aegis 365 and a traditional AI firewall?
A: Traditional firewalls use pattern matching (RegEx) and simple redaction. Aegis 365 uses semantic understanding, format-preserving encryption, stateful agentic governance, temporal mosaic detection, geo-sovereignty routing, zero-knowledge proofs, and a collective intelligence SLM continuously updated across all deployments.