Technology

Technology Architecture

How we combine FPGA packet processing, local GPU inference, and federated learning to protect networks that cannot connect to the cloud.

Architecture

Three Layers, One Appliance

Layer 1

Fast Path (FPGA)

The Xilinx Alveo U25N SmartNIC handles known threats at the hardware level before they ever reach the CPU. This includes DDoS mitigation, SYN flood protection, port scan detection, and blocking of known malicious IPs and C2 beacons. Because these operations happen in FPGA fabric, they add less than 1 ms of latency and consume zero CPU cycles for 99% of traffic. The FPGA is programmable, allowing threat signatures to be updated via firmware patches without hardware replacement.

Layer 2

Smart Path (AI)

The AI engine runs on an 8-GPU Intel Sparkle cluster with 192 GB of combined VRAM. This enables inference on the largest open-source models — including Llama 3.1 405B and DeepSeek — entirely on-device. Models are quantized to INT8 for efficiency and fine-tuned on OT/ICS-specific traffic patterns. The behavioral engine builds a per-network baseline and flags deviations in real time: lateral movement between hosts, unusual DNS queries, encrypted tunnels, and data exfiltration attempts.

Layer 3

Workflow Engine

A local LLM acts as an analyst-in-a-box. It reads raw alerts from Layer 1 and Layer 2, correlates them into incidents, maps them to the MITRE ATT&CK framework, and generates human-readable reports. Output formats include SOC playbooks, executive summaries, SOAR integration tickets, and breach notification drafts. All processing happens on-device. No alert data leaves the appliance.

Security Architecture

Built Secure by Design

Secure Enclave

Intel TDX + ARM CCA + TPM 2.0. Model weights are encrypted in memory at all times. Tamper detection circuits monitor the chassis; any physical intrusion attempt triggers automatic key zeroization. TPM attestation verifies the integrity of the boot chain and firmware on every startup. The appliance will not boot if any component fails attestation.

Federated Intelligence

Our proprietary protocol allows isolated appliances to share encrypted model-weight deltas — not raw traffic, not alert data, not network metadata. Each appliance trains locally, then exports only the learned weight adjustments. These deltas are encrypted, signed, and distributed via physical media or local bastion servers. The fleet improves collectively while every site maintains full isolation.

Air-Gapped Updates

All software updates, threat intelligence feeds, model retraining data, and firmware patches are delivered via signed physical media (USB) or local bastion servers. Update packages are cryptographically signed and verified before installation. The appliance can operate indefinitely without any outbound network connection.

Compliance

Certification Roadmap

Designed from day one for compliance. Our architecture aligns with the requirements of the world's most stringent security certifications.

Certification

Standard

Target Timeline

Unlocks

Common Criteria

EAL4+

Month 8–14

UAE defense, NATO, Five Eyes

FIPS 140-3

Level 3

Month 18–30

US federal, finance, healthcare

IEC 62443

SL-3 / SL-4

Month 16–26

OT/ICS critical infrastructure

NIAP

cPP / NSD

Month 20–32

US DoD and intelligence