Sentinel — defensive AI co-designed with the transport
AegisWire Sentinel is a security-native decision system, not a chatbot bolted onto a dashboard and not generic anomaly detection. It knows what a secure AegisWire session is supposed to look like — transport, trust, policy, posture, DNS, and residency — because it is built for AegisWire, not for “network data” in the abstract. It fuses that telemetry into a single risk fabric, then produces only deterministic, bounded, auditable actions. It is licensed and enabled per tenant as a separate plugin, with its own subscription.
Not generic UEBA. Co-designed with AegisWire.
Commodity “AI security” learns from network data in the abstract. Sentinel is built for AegisWire's transport, trust, policy, posture, DNS, and residency architecture — so it knows the difference between a healthy session and a suspicious one.
Native to the transport
Sentinel fuses client, gateway, path, posture, policy, DNS, and trust-domain telemetry into one risk fabric. It understands what a secure AegisWire session should be, instead of guessing from raw packets.
Risk with uncertainty
Every decision carries risk, confidence, blast radius, residency impact, and predicted collateral damage. Sentinel quantifies harm before it acts — and abstains when uncertainty is too high.
Subordinate to crypto
Sentinel never decides whether cryptography is valid, never weakens a primitive, and never overrides a failed signature check. If the AI plane is unavailable, the transport keeps enforcing security deterministically.
An ensemble of specialised detectors
World-leading defensive AI is not one monolithic model. Sentinel runs independent detector families, each with its own signal and its own uncertainty estimate, then composes them with calibration and abstention.
Streaming statistical
Tracks moving baselines for handshake-failure rate, retry surges, DNS bursts, bandwidth spikes, and admin auth-failure bursts — catching sudden change against a continuously updated norm.
Sequence reconstruction
A temporal-sequence model flags what it cannot reconstruct: beaconing patterns, low-and-slow exfiltration, route-manipulation sequences, and path-instability behaviour over a window.
Temporal graph
Reasons over the entity graph to surface federated-peer anomalies, gateway-compromise indications, lateral-risk propagation, and coordinated misuse across identities, devices, and gateways.
Threat-intelligence match
Matches signed threat-intelligence capsules against destinations, domains, ASNs, artifacts, and tactics, mapping known-bad severity into the risk fabric.
Posture consistency
Compares active device-posture evidence against the expected profile and historical device state, so drifting or compromised endpoints raise risk before they cause harm.
Adversarial-input
Detects attempts to manipulate the model itself — schema violations, impossible feature values, shift attacks, and replayed feature digests — and gates high-impact actuation when provenance is in doubt.
A deterministic action ladder
Sentinel may only trigger a fixed set of bounded actions, escalating one level at a time. Each step is gated by confidence and blast radius, and the highest, destructive levels require human approval unless an emergency policy overlay pre-authorises them.
Observe
No policy change. Sentinel emits evidence and alert metadata only — the baseline for monitor-only deployments.
Alert
Raise an analyst-visible alert and request an explanation package. No traffic is disrupted.
Verify
Require step-up auth or a posture-attestation refresh, shorten session TTL, restrict to trusted gateways, or tighten the privacy profile — only within pre-authorised bounds.
Constrain
Tighten DNS or split-tunnel rules, deny selected applications or destinations, pin routes to a residency zone, or deny new sessions from an entity scope.
Isolate
Terminate a specific session, suspend a device or user pending review, quarantine a gateway pool or peer scope, or force re-enrollment.
Emergency
Draft a scoped lockdown or security-advisory bundle and request revocation through the deterministic control plane. Destructive scope requires human authority unless explicitly pre-authorised.
Sentinel will never disable encryption, suppress audit logging, lower posture requirements, widen data export to “improve the model,” or perform cross-tenant destructive actions automatically. The enforcement plane applies an action only if it is in the allowed set, policy permits it, the request is unexpired, the signed model is valid, and any required human approval exists — and it never silently mutates that request.
Monitor-only or active response — you choose
Sentinel runs in the response posture your security team is comfortable with. Start in monitor-only, where it observes, scores, and alerts without ever touching traffic. Graduate to bounded automatic response within pre-authorised policy, and reserve the highest, destructive levels for explicit human approval or a signed emergency overlay.
- Observe
Monitor-only: evidence and alerts, no traffic impact.
- Recommend
Sentinel proposes actions; analysts decide.
- Bounded automatic
Acts only within pre-authorised policy limits.
- Emergency pre-authorised
Scoped lockdown only where policy explicitly allows it.
A separate, licensed plugin
Privacy by default, everywhere it runs
Sentinel senses on metadata first, infers at the edge nearest the signal, and never lets a model update or evidence export cross a residency boundary. It is one architecture across managed, dedicated, self-hosted, sovereign, and air-gapped deployments — differences are flags, not modes.
Operates on transport metadata, policy events, and posture evidence. Raw payload extraction for training is forbidden by default.
Inference happens on-device, on-gateway, or within the tenant boundary — nearest the signal.
No model update, feature export, or evidence export may violate residency and jurisdiction constraints.
Models, calibrators, feature schemas, and threat-intelligence capsules are signed, verified artifacts with revocation.
Offline import of signed model and threat-intel bundles, offline evidence export, offline revocation — no external inference dependency.
Every risk score, model version, feature digest, and action decision can be reconstructed for review.
A defense plane that stays in its lane
Sentinel extends AegisWire as a defense-and-orchestration plane. It is not the transport, not the handshake, not the trust root, and not the cryptographic authority — and it remains outside the FIPS 140-3 crypto-core boundary. It is licensed and enabled per tenant, with its own subscription.
Add the defense plane to your deployment
Tell us how your security team operates. We start with the architecture — your telemetry, your policy, your response posture — not a sales deck.