Government AI systems operate under strict oversight requirements. Project AIR delivers NIST-aligned, tamper-evident forensic evidence that satisfies compliance mandates without compromising operational security.
Capabilities
Forensic evidence mapped to the four RMF functions: GOVERN, MAP, MEASURE, MANAGE. Generate compliance reports directly from your signed chain.
ML-DSA-65 (FIPS 204) post-quantum signatures available as opt-in. Ed25519 default with a clear upgrade path when CNSA 2.0 mandates take effect.
All 16 OWASP-mapped detectors run locally. No telemetry, no cloud calls, no data leaves your network. Classification-safe by architecture.
NIM-packaged deployment option for disconnected environments. The entire detection and verification stack runs without internet access.
RFC 3161 timestamps and Sigstore Rekor inclusion proofs. Any third party can verify chain integrity using public infrastructure. Zero vendor lock-in.
Built on AWS GovCloud-compatible primitives (DynamoDB, Lambda, API Gateway). Separation of data plane and control plane supports authorization boundary requirements.