Solution · Sovereign Deployment

Air-gapped. Full Griffin lineup. No internet egress.

Safeguard runs in sovereign and classified environments on customer-owned GPU, with no internet egress, full audit log export, and the entire model family — through Griffin Zero (671B-MoE) — installed on-prem. Built for regulated public-sector workloads and defence supply chains.

STQC

Ready

FedRAMP

HIGH Ready

CMMC

L3 Aligned

Egress

What sovereign means here

Three guarantees, no asterisks.

Sovereign is not a marketing tier. It is a deployment topology with measurable properties — and we ship the evidence.

Physically isolated control plane

Control plane and inference cluster live on customer-owned hardware. No shared tenant boundary, no shared key material, no shared logs.

Customer-controlled keys + audit

Bring-your-own KMS, hardware-rooted signing, and a full audit log export every action emits — in JSON and CycloneDX, signed.

Full model lineup on-prem

Lion at the edge, Eagle in the cluster, Griffin Lite through Griffin Zero (671B-MoE) all run on-prem with no calls to Safeguard's cloud.

Deployment shapes

Same brain, four isolation levels.

Pick the shape that matches your data-residency and trust boundary. The lineup stays consistent end-to-end.

Shared cloud

Multi-tenant

Multi-tenant inference, fastest onboarding, per-tenant isolation at the prompt and KV cache layer.

Dedicated cluster

Single-tenant

Single-tenant inference on isolated VPC hardware. No cross-tenant traffic, deterministic latency, SHA-pinned weight attestation.

VPC-isolated

Customer VPC

Customer-controlled VPC, bring-your-own-key encryption, no cross-tenant traffic. Inference plane sits inside your network perimeter.

Sovereign / air-gapped

On-prem GPU

No internet egress, on-prem GPU, full audit-log export. Suits regulated, classified, and sovereign workloads.

Compliance alignment

Frameworks the deployment is designed to satisfy.

Pre-mapped control narratives, evidence packages on demand, and exports in the formats your auditor already accepts.

SOC 2 Type II

ISO/IEC 27001:2022

FedRAMP HIGH

CMMC Level 3

NIST SP 800-161

EO 14028

NIS2

DORA

STQC

Customer-specified regulatory frameworks

Operations posture

How it runs inside the wire.

Posture, in writing

Model weights signed and verified at install with SHA-pinned attestation.
Per-tenant inference isolation — no cross-tenant prompt or KV cache reuse.
Full audit log export in JSON and CycloneDX, signed at emission.
On-prem GPU sizing scales from 2x H100 (Growth) to 22x H100 multi-AZ (Mature).
Customer-controlled break-glass workflow with hardware-rooted approval.

Where the risk lives today

Four surfaces sovereign workloads have to defend.

No internet egress

Vulnerability feeds, model updates, telemetry — all need approved one-way conduits. The platform has to ship signed, verified, offline bundles, not assume a callback URL.

Customer-controlled key material

Model weights, audit logs, every piece of evidence must stay inside the boundary. Bring-your-own KMS, hardware-rooted signing, and audit exports your team alone can read.

Sovereign accreditation

STQC, FedRAMP HIGH-ready, CMMC L3 require explicit architectural decisions — control plane topology, key custody, evidence retention — not a retrofit at audit time.

Full model lineup parity

Sovereign customers should not get a watered-down lineup. Griffin Zero (671B-MoE) runs on-prem on customer hardware, with the same SHA-pinned attestation as shared cloud.

Current threat landscape

What the threat model actually contains.

Nation-state-class adversary
Adversarial robustness is a release gate, not an aspirational metric. Every build is regression-tested against red-team prompts.
We address this through Guardian runtime guardrails
Supply-chain compromise of training data
Corpus provenance and signed weights verified at install. Every artefact carries a chain of custody.
We address this through Signed SBOM + attestation
Insider risk
Capability scoping on agent tool calls, audit-log signing, hardware-rooted break-glass approval.
We address this through Capability scoping + audit
Coordinated disclosure inside the boundary
Internal-only research/disclosure mailbox; no external CVE channel touches classified findings.
We address this through On-prem disclosure workflow
Regulator audit packets on demand
Evidence is a query against signed history — not a project assembled fresh for each review.
We address this through Compliance evidence pipeline

Quantified benefits

Quantified benefits for sovereign deployments.

Measured on an air-gapped programme of record — same accreditation bar, dramatically less manual evidence work.

Metric	Before Safeguard	With Safeguard
Audit packet generation	3 weeks	1 hour
Critical-CVE remediation (air-gapped)	6-8 weeks	5 days
Model lineup parity with shared cloud	60%	100%
Evidence retention + export	Ad-hoc	Automated, signed
Adversarial regression detection	Monthly review	Per-build
Tool consolidation across SCIF	7+ tools	1
STQC / FedRAMP / CMMC evidence	4 separate packets	1 unified packet

On your hardware. Under your keys.

Talk to the team about on-prem GPU sizing, signed offline bundles, and the evidence packages your ATO or sovereign-readiness review needs.