# Security and Sovereignty Controls

> Canonical page: https://saig.terraxon.eu/docs/security/
> Last updated: 2026-06-16

## Fail-closed posture

SAIG operates with a fail-closed security model. Unknown operations, unrecognized providers, unresolvable models, and unclassifiable residency are denied by default. There is no permissive fallback.

## Sovereignty modes

| Mode | Behavior |
|------|----------|
| **Standard** | Route to any configured provider |
| **EU-Only** | Only providers with EU data residency |
| **Swiss-Only** | Only providers with Swiss data residency |
| **Air-Gapped** | No external provider calls permitted |
| **Custom** | Tenant-defined residency rules |

## Provider residency enforcement

Before routing a request, SAIG validates the target provider against the active sovereignty mode. Non-compliant egress is blocked. The decision is recorded in the audit trail.

## Outbound PII verification

After anonymization and before provider egress, SAIG performs a final outbound verification to confirm no detected PII remains in the request payload.

## Emergency kill switch

An emergency kill switch can instantly block all AI traffic across the organization for incident response scenarios.

## Abuse and threat detection

SAIG detects 22 abuse types including prompt injection, jailbreak attempts, phishing, data exfiltration, social scoring, and manipulation. Detected threats trigger automated incident creation.

## Authentication and access control

All API endpoints require OIDC Bearer tokens (Keycloak). Role-based access control governs console and API access across 8 defined roles.