AI-governance approaches cluster in three families: documentation (model cards, usage policies), execution environment (confidential computing, TEEs), and observability (logging, drift detection). Each addresses one dimension; none delivers a verifiable end-to-end chain of evidence from AI input to governed decision.
cybiont's stack is anchored on browser-native DLP at the human–AI boundary as the active commercial product line, with policy enforcement and audit-evidence layers around it. The aim is jurisdictionally scoped (CH/EU) audit evidence aligned with FINMA Guidance 2024/08 and Regulation (EU) 2024/1689.
Where each module sits today
- Browser DLP — active commercial product line. Semantic interception at the human–AI boundary; enforced before regulated content leaves the tenant.
- Compliance ledger — implemented / diligence available. Tamper-evident audit-evidence pipeline binding inputs, outputs, and policy state.
- Governance workflow — implemented / controlled deployment. Risk-adaptive policy and review workflow that scales controls with the risk signal rather than applying static thresholds uniformly.
- Trusted execution — deployment architecture / partner-dependent integration. Confidential-computing posture with client-held key material; deployment-specific evidence emitted into the ledger.
Operating principles
- Evidence and control remain with the client, not the hyperscaler.
- Human-in-the-loop governance is first-class — the system prevents single-channel dominance.
- Detailed protocol mechanics, deployment evidence, and benchmark methodology are reviewed only under mutual NDA.