Security and Sovereignty Controls
Fail-closed posture
SAIG operates with a fail-closed security model. Unknown operations, unrecognized providers, unresolvable models, and unclassifiable residency are denied by default. There is no permissive fallback.
Sovereignty modes
| Mode | Behavior |
|---|---|
| Standard | Route to any configured provider |
| EU-Only | Only providers with EU data residency |
| Swiss-Only | Only providers with Swiss data residency |
| Air-Gapped | No external provider calls permitted |
| Custom | Tenant-defined residency rules |
Provider residency enforcement
Before routing a request, SAIG validates the target provider against the active sovereignty mode. Non-compliant egress is blocked. The decision is recorded in the audit trail.
Outbound PII verification
After anonymization and before provider egress, SAIG performs a final outbound verification to confirm no detected PII remains in the request payload.
Emergency kill switch
An emergency kill switch can instantly block all AI traffic across the organization. This is designed for incident response scenarios where immediate cessation of AI operations is required.
Abuse and threat detection
SAIG detects 22 abuse types including prompt injection, jailbreak attempts, phishing, data exfiltration, social scoring, and manipulation. Detected threats trigger automated incident creation.
Authentication and access control
All API endpoints require OIDC Bearer tokens (Keycloak). Role-based access control governs console and API access across 8 defined roles.